1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.
Dismiss Notice

Welcome To SNBForums

SNBForums is a community for anyone who wants to learn about or discuss the latest in wireless routers, network storage and the ins and outs of building and maintaining a small network.

If you'd like to post a question, simply register and have at it!

While you're at it, please check out SmallNetBuilder for product reviews and our famous Router Charts, Ranker and plenty more!

OpenSSL/OpenVPN Performance - CBC and GCM ciphers

Discussion in 'VPN' started by Xentrk, May 20, 2018.

  1. Xentrk

    Xentrk Very Senior Member

    Joined:
    Jul 21, 2016
    Messages:
    1,681
    Location:
    The Land of Smiles
    We have had some fun comparing CPU OpenSSL performance in the forum. Most recently in the Router thread. I summarized the discussion in a blog post here https://x3mtek.com/openvpn-performance/.

    Likewise, @kvic also posted similar findings in his blog site at https://kazoo.ga/quick-benchmark-cbc-vs-gcm/.

    In a nutshell, GCM ciphers replace CBC as the go to cipher for OpenVPN speed and performance. Hopefully, your provider has already updated to OpenVPN 2.4 so you can take advantage of the improvements.
     
    Last edited: May 20, 2018
    kvic and doczenith1 like this.
  2. sfx2000

    sfx2000 Part of the Furniture

    Joined:
    Aug 11, 2011
    Messages:
    13,504
    Location:
    San Diego, CA
    GCM is the future...

    Interesting numbers... all are on ubuntu 18.04LTS, openssl 1.1, openvpn 2.4

    This is not OpenSSL performance numbers, this is potential OpenVPN throughput considerations...

    All told, I think the Kaby Lake i3-7100T might be a good place....numbers there are close to the i5 (kaby lake) and i7 (haswell) - if you are looking for wirespeed on a a GBe WAN connection - need to throw some horsepower at things with OpenVPN - some ARM's are getting better, but they're not there yet - Intel has put a huge amount of emphasis on OpenSSL performance, and then there's the memory bandwidth thing that amd64 platforms have over ARM at the moment...

    Interesting to note that the little Intel Cores actually compete well with Intel big cores to a point)

    Code:
    Intel Pentium N3700 @ 1.60GHz (Braswell NUC w/AES-NI)
    13.72 233.19 AES-128-CBC
    14.09 227.19 AES-256-CBC
    12.35 259.15 AES-128-GCM
    12.57 254.55 AES-256-GCM
    
    Intel Celeron 2957U @ 1.40Ghz (Haswell-ULT low end/no AES-NI)
    12.58 254.39 AES-128-CBC
    13.67 234.09 AES-256-CBC
    10.86 294.55 AES-128-GCM
    11.53 277.54 AES-256-GCM
    
    Intel Core i5-7260U CPU @ 2.20GHz (Intel NUC7i5...)
    3.96 808.90 AES-128-CBC
    4.03 794.04 AES-256-CBC
    3.37 948.71 AES-128-GCM
    3.40 941.45 AES-256-GCM
    
    Intel Core i7-4790 CPU @ 3.60GHz (Dell desktop)
    
    3.599 889.14 AES-128-CBC
    3.709 862.77 AES-256-CBC
    3.056 1047.12 AES-128-GCM
    3.088 1036.27 AES-256-GCM
    
     
    Last edited: May 20, 2018
    doczenith1 and Xentrk like this.
  3. sfx2000

    sfx2000 Part of the Furniture

    Joined:
    Aug 11, 2011
    Messages:
    13,504
    Location:
    San Diego, CA
    This is kind of interesting for platforms that do not have AES acceleration...

    chacha20-poly1305 is supported in OpenSSL 1.1.0 and OpenVPN 2.4.3

    @RMerlin - thoughts here?

    sfx

    Numbers from RPi3+ - [email protected]

    Code:
    [email protected]:~ $ openssl speed -evp chacha20-poly1305 -elapsed
    You have chosen to measure elapsed time instead of user CPU time.
    Doing chacha20-poly1305 for 3s on 16 size blocks: 5775868 chacha20-poly1305's in 3.00s
    Doing chacha20-poly1305 for 3s on 64 size blocks: 3028491 chacha20-poly1305's in 3.00s
    Doing chacha20-poly1305 for 3s on 256 size blocks: 912129 chacha20-poly1305's in 3.00s
    Doing chacha20-poly1305 for 3s on 1024 size blocks: 241759 chacha20-poly1305's in 3.00s
    Doing chacha20-poly1305 for 3s on 8192 size blocks: 30756 chacha20-poly1305's in 3.00s
    Doing chacha20-poly1305 for 3s on 16384 size blocks: 15397 chacha20-poly1305's in 3.00s
    OpenSSL 1.1.0f  25 May 2017
    built on: reproducible build, date unspecified
    options:bn(64,32) rc4(char) des(long) aes(partial) blowfish(ptr)
    compiler: gcc -DDSO_DLFCN -DHAVE_DLFCN_H -DNDEBUG -DOPENSSL_THREADS -DOPENSSL_NO_STATIC_ENGINE -DOPENSSL_PIC -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DAES_ASM -DBSAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DPOLY1305_ASM -DOPENSSLDIR="\"/usr/lib/ssl\"" -DENGINESDIR="\"/usr/lib/arm-linux-gnueabihf/engines-1.1\""
    The 'numbers' are in 1000s of bytes per second processed.
    type             16 bytes     64 bytes    256 bytes   1024 bytes   8192 bytes  16384 bytes
    chacha20-poly1305    30804.63k    64607.81k    77835.01k    82520.41k    83984.38k    84088.15k
     
  4. Odkrys

    Odkrys Senior Member

    Joined:
    Jul 28, 2016
    Messages:
    266
    Openvpn supports chacha20 for only control channel..
    If someone has interest chacha20 cipher usage for vpn on armv7, then look into ocserv (openconnect).
     
  5. RMerlin

    RMerlin Super Moderator

    Joined:
    Apr 14, 2012
    Messages:
    28,299
    Location:
    Canada
    Can't upgrade to 1.1.x, different API which won't be compatible with the closed source pieces of Asuswrt.