documentation:examples:ipsec_performance_of_a_superserver_5018a-ftn4
no way to compare when less than two revisions
Differences
This shows you the differences between two versions of the page.
Next revision | |||
— | documentation:examples:ipsec_performance_of_a_superserver_5018a-ftn4 [2017/10/23 12:17] – external edit 127.0.0.1 | ||
---|---|---|---|
Line 1: | Line 1: | ||
+ | ====== IPSec performance lab of SuperServer 5018A-FTN4 ====== | ||
+ | {{description> | ||
+ | |||
+ | ===== Hardware detail ===== | ||
+ | |||
+ | This lab will test a [[http:// | ||
+ | * Intel Rangeley: [[http:// | ||
+ | * 8Gb of RAM | ||
+ | * Quad port Chelsio 10-Gigabit T540-CR and OPT SFP (SFP-10G-LR) | ||
+ | |||
+ | This CPU includes AES-NI: AES-CBC, | ||
+ | |||
+ | ===== Method used ===== | ||
+ | |||
+ | The benchmarking method used here is detailed in [[documentation: | ||
+ | ==== Diagram ==== | ||
+ | |||
+ | < | ||
+ | +--------------------+ | ||
+ | | | ||
+ | | Packet generator | ||
+ | | and receiver | ||
+ | | | | ||
+ | |vcxl0: 198.18.0.2/ | ||
+ | | | ||
+ | | 00: | ||
+ | | | | ||
+ | | | | ||
+ | | | | ||
+ | | | | ||
+ | | | | ||
+ | | | | ||
+ | | | | ||
+ | | | | ||
+ | | | | ||
+ | | | | ||
+ | | | | ||
+ | |vcxl1: 198.19.0.2/ | ||
+ | | 2001: | ||
+ | | 00: | ||
+ | +--------------------+ | ||
+ | || || | ||
+ | ==================================< | ||
+ | </ | ||
+ | |||
+ | ===== Devices configuration ===== | ||
+ | |||
+ | Almost the same as on the forwarding performance lab. | ||
+ | |||
+ | ==== DUT ==== | ||
+ | |||
+ | Configure IP address, routes and static IPSec. | ||
+ | |||
+ | / | ||
+ | < | ||
+ | # IPv4 router | ||
+ | gateway_enable=" | ||
+ | static_routes=" | ||
+ | route_generator=" | ||
+ | route_receiver=" | ||
+ | ifconfig_cxl0=" | ||
+ | ifconfig_cxl1=" | ||
+ | static_arp_pairs=" | ||
+ | static_arp_generator=" | ||
+ | static_arp_receiver=" | ||
+ | |||
+ | # IPv6 router | ||
+ | ipv6_gateway_enable=" | ||
+ | ipv6_activate_all_interfaces=" | ||
+ | ipv6_static_routes=" | ||
+ | ipv6_route_generator=" | ||
+ | ipv6_route_receiver=" | ||
+ | ifconfig_cxl0_ipv6=" | ||
+ | ifconfig_cxl1_ipv6=" | ||
+ | static_ndp_pairs=" | ||
+ | static_ndp_generator=" | ||
+ | static_ndp_receiver=" | ||
+ | |||
+ | # Enabling IPSec | ||
+ | kld_list=" | ||
+ | ipsec_enable=" | ||
+ | </ | ||
+ | |||
+ | / | ||
+ | |||
+ | < | ||
+ | flush; | ||
+ | spdflush; | ||
+ | spdadd 198.18.0.0/ | ||
+ | spdadd 198.19.0.0/ | ||
+ | add 198.18.1.208 198.18.1.210 esp 0x1000 -E aes-gcm-16 " | ||
+ | add 198.18.1.210 198.18.1.208 esp 0x1001 -E aes-gcm-16 " | ||
+ | spdadd 2001:2::/49 2001: | ||
+ | spdadd 2001: | ||
+ | add 2001: | ||
+ | add 2001: | ||
+ | </ | ||
+ | |||
+ | ==== Reference Endpoint ==== | ||
+ | |||
+ | Configure IP address, routes and static IPSec: | ||
+ | < | ||
+ | # IPv4 router | ||
+ | gateway_enable=" | ||
+ | ifconfig_cxl0=" | ||
+ | ifconfig_cxl1=" | ||
+ | static_routes=" | ||
+ | route_generator=" | ||
+ | route_receiver=" | ||
+ | static_arp_pairs=" | ||
+ | static_arp_generator=" | ||
+ | static_arp_receiver=" | ||
+ | |||
+ | # IPv6 router | ||
+ | ipv6_gateway_enable=" | ||
+ | ipv6_activate_all_interfaces=" | ||
+ | ifconfig_cxl0_ipv6=" | ||
+ | ifconfig_cxl1_ipv6=" | ||
+ | ipv6_static_routes=" | ||
+ | ipv6_route_generator=" | ||
+ | ipv6_route_receiver=" | ||
+ | static_ndp_pairs=" | ||
+ | static_ndp_generator=" | ||
+ | static_ndp_receiver=" | ||
+ | |||
+ | # Enabling IPSec | ||
+ | kld_list=" | ||
+ | ipsec_enable=" | ||
+ | </ | ||
+ | |||
+ | / | ||
+ | |||
+ | < | ||
+ | flush; | ||
+ | spdflush; | ||
+ | spdadd 198.18.0.0/ | ||
+ | spdadd 198.19.0.0/ | ||
+ | add 198.18.1.208 198.18.1.210 esp 0x1000 -E aes-gcm-16 " | ||
+ | add 198.18.1.210 198.18.1.208 esp 0x1001 -E aes-gcm-16 " | ||
+ | spdadd 2001:2::/49 2001: | ||
+ | spdadd 2001: | ||
+ | add 2001: | ||
+ | add 2001: | ||
+ | </ | ||
+ | |||
+ | ===== IPSec benchmark " | ||
+ | |||
+ | Once done, we start using a fast method for measuring the "IPsec equilibrium throughput" | ||
+ | |||
+ | From the packet generator/ | ||
+ | |||
+ | < | ||
+ | [root@pkt-gen]~# | ||
+ | Benchmark tool using equilibrium throughput method | ||
+ | - Benchmark mode: Bandwitdh (bps) for VPN gateway | ||
+ | - UDP load = 500B, IPv4 packet size=528B, Ethernet frame size=542B | ||
+ | - Link rate = 10000 Mb/s | ||
+ | - Tolerance = 0.01 | ||
+ | Iteration 1 | ||
+ | - Offering load = 5000 Mb/s | ||
+ | - Step = 2500 Mb/s | ||
+ | - Measured forwarding rate = 1383 Mb/s | ||
+ | - Forwared rate too low, forcing OLOAD=FWRATE and STEP=FWRATE/ | ||
+ | Iteration 2 | ||
+ | - Offering load = 1383 Mb/s | ||
+ | - Step = 691 Mb/s | ||
+ | - Trend = decreasing | ||
+ | - Measured forwarding rate = 1384 Mb/s | ||
+ | - forwarding rate greater than offering load! (forcing FWRATE=OLOAD) | ||
+ | Iteration 3 | ||
+ | - Offering load = 1728 Mb/s | ||
+ | - Step = 345 Mb/s | ||
+ | - Trend = increasing | ||
+ | - Measured forwarding rate = 1383 Mb/s | ||
+ | Iteration 4 | ||
+ | - Offering load = 1556 Mb/s | ||
+ | - Step = 172 Mb/s | ||
+ | - Trend = decreasing | ||
+ | - Measured forwarding rate = 1386 Mb/s | ||
+ | Iteration 5 | ||
+ | - Offering load = 1470 Mb/s | ||
+ | - Step = 86 Mb/s | ||
+ | - Trend = decreasing | ||
+ | - Measured forwarding rate = 1384 Mb/s | ||
+ | Iteration 6 | ||
+ | - Offering load = 1427 Mb/s | ||
+ | - Step = 43 Mb/s | ||
+ | - Trend = decreasing | ||
+ | - Measured forwarding rate = 1385 Mb/s | ||
+ | Iteration 7 | ||
+ | - Offering load = 1406 Mb/s | ||
+ | - Step = 21 Mb/s | ||
+ | - Trend = decreasing | ||
+ | - Measured forwarding rate = 1384 Mb/s | ||
+ | Estimated Equilibrium Ethernet throughput= 1384 Mb/s (maximum value seen: 1386 Mb/s) | ||
+ | </ | ||
+ | |||
+ | => We reach about 1.386Gb/s of encrypted traffic (notice the equilibrium script bug at step 2 that could stop here). | ||
+ | |||
+ | ==== Encryption algorithms ==== | ||
+ | |||
+ | TO DO: | ||
+ | |||
+ | < | ||
+ | ~/ | ||
+ | </ | ||
+ | |||
+ | |||
+ | |||
+ | |||
documentation/examples/ipsec_performance_of_a_superserver_5018a-ftn4.txt · Last modified: 2020/09/22 11:56 by olivier