1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.
Dismiss Notice

Welcome To SNBForums

SNBForums is a community for anyone who wants to learn about or discuss the latest in wireless routers, network storage and the ins and outs of building and maintaining a small network.

If you'd like to post a question, simply register and have at it!

While you're at it, please check out SmallNetBuilder for product reviews and our famous Router Charts, Ranker and plenty more!

OpenSSL/OpenVPN Performance - CBC and GCM ciphers

Discussion in 'VPN' started by Xentrk, May 20, 2018.

  1. Xentrk

    Xentrk Very Senior Member

    Joined:
    Jul 21, 2016
    Messages:
    1,336
    Location:
    Thailand
    We have had some fun comparing CPU OpenSSL performance in the forum. Most recently in the Router thread. I summarized the discussion in a blog post here https://x3mtek.com/openvpn-performance/.

    Likewise, @kvic also posted similar findings in his blog site at https://kazoo.ga/quick-benchmark-cbc-vs-gcm/.

    In a nutshell, GCM ciphers replace CBC as the go to cipher for OpenVPN speed and performance. Hopefully, your provider has already updated to OpenVPN 2.4 so you can take advantage of the improvements.
     
    Last edited: May 20, 2018
    kvic and doczenith1 like this.
  2. Please support SNBForums! Just click on this link before you buy something from Amazon and we'll get a small commission on anything you buy. Thanks!
  3. sfx2000

    sfx2000 Part of the Furniture

    Joined:
    Aug 11, 2011
    Messages:
    12,524
    Location:
    San Diego, CA
    GCM is the future...

    Interesting numbers... all are on ubuntu 18.04LTS, openssl 1.1, openvpn 2.4

    This is not OpenSSL performance numbers, this is potential OpenVPN throughput considerations...

    All told, I think the Kaby Lake i3-7100T might be a good place....numbers there are close to the i5 (kaby lake) and i7 (haswell) - if you are looking for wirespeed on a a GBe WAN connection - need to throw some horsepower at things with OpenVPN - some ARM's are getting better, but they're not there yet - Intel has put a huge amount of emphasis on OpenSSL performance, and then there's the memory bandwidth thing that amd64 platforms have over ARM at the moment...

    Interesting to note that the little Intel Cores actually compete well with Intel big cores to a point)

    Code:
    Intel Pentium N3700 @ 1.60GHz (Braswell NUC w/AES-NI)
    13.72 233.19 AES-128-CBC
    14.09 227.19 AES-256-CBC
    12.35 259.15 AES-128-GCM
    12.57 254.55 AES-256-GCM
    
    Intel Celeron 2957U @ 1.40Ghz (Haswell-ULT low end/no AES-NI)
    12.58 254.39 AES-128-CBC
    13.67 234.09 AES-256-CBC
    10.86 294.55 AES-128-GCM
    11.53 277.54 AES-256-GCM
    
    Intel Core i5-7260U CPU @ 2.20GHz (Intel NUC7i5...)
    3.96 808.90 AES-128-CBC
    4.03 794.04 AES-256-CBC
    3.37 948.71 AES-128-GCM
    3.40 941.45 AES-256-GCM
    
    Intel Core i7-4790 CPU @ 3.60GHz (Dell desktop)
    
    3.599 889.14 AES-128-CBC
    3.709 862.77 AES-256-CBC
    3.056 1047.12 AES-128-GCM
    3.088 1036.27 AES-256-GCM
    
     
    Last edited: May 20, 2018
    doczenith1 and Xentrk like this.
Please support SNBForums! Just click on this link before you buy something from Amazon and we'll get a small commission on anything you buy. Thanks!