So I just realized another serious flaw in my testing. I was using a Mac Air w/ USB 100Mb ethernet adapter for one of the hosts behind the OpenBSD VPN devices. And it must have been limiting the speed more than I thought.
So using another Mac w/ 1Gb ethernet adapter to a Linux box w/ 1Gb eth I was able to achieve approx. 600Mbps performance through the test setup (via iperf and my dd method). Still it baffles me as to why the ASA 5505 performed better with the Mac Air's USB 100mbps connection than the OpenVPN boxes. The ASA was able to do approx 88mbps while I never got above 72mbps on the OpenBSD test. Either way, case closed. I'd say that's fast enough. Lessons' learned: - Use the amd64 kernel not i386 - w/ AES-NI enabled AES-256-GMAC, AES-256-GCM, AES-128 all performed about the same - For some reason on my supermicro board disabling AES-NI doesn't have an effect as OpenBSD still seems to find the instructions - Don't use USB for testing performance. ;) Thanks to all that helped. -Jim On 9/28/12 3:10 PM, Christian Weisgerber wrote: > Jim Miller <jmil...@sri-inc.com> wrote: > >> The test I'm using is this >> Host A: >> # nc -v -l 12345 | /dev/null >> >> Host B: >> # dd if=/dev/zero bs=1000 count=10000 | nc -v <host a> 12345 > I increased the count a bit: > 1000000000 bytes transferred in 53.265 secs (18773882 bytes/sec) > > That's with AES-256-GCM between two Sandy Bridge Xeons > (Intel Xeon CPU E5-2637 @ 3.00GHz), i.e., with AES-NI, running > OpenBSD-current/amd64.
