[LUAU] Which Linux VPN Solution?

Fri Sep 30 01:43:14 PDT 2005

On Sep 29, 2005, at 8:52 PM, R. Scott Belford wrote:

> Jim Thompson wrote:
>
> ---snip much illumination------
>
>
>>
>> If you've got a cast-off P3 box, its fairly trivial to give it a pair
>> of PCI NICs and run m0n0wall from an ISO image.   This will result in
>> higher throughput for the IPSEC side of things.
>>
>> The other way to improve performance would be to stick an encryption
>> accelerator in one of the on-board miniPCI sockets.  Soekris sells  
>> one
>> that is plug-n-play with m0n0wall:  http://www.soekris.com/ 
>> vpn1401.htm
>>
>
> Does the suggested use of either a P3 box or an encryption accelerator
> mean that the CPU would become the bottleneck if using IPSEC on a P166
> monowall?

Depends on which algorithm you use, but 3DES goes about 108 clocks/byte.

http://citeseer.ist.psu.edu/schneier97fast.html

gonzo:~ jim$ echo "166*1000*1000/108" | bc
1537037

or, in bits/sec

gonzo:~ jim$ echo "166*1000*1000/108*8" | bc
12296296

Yes, thats 12Mbps.

Now, the above factors in no I/O overhead, (servicing interrupts),  
only deals with large packets (where the
per-packet overhead is minimized) (we actually assume no overhead in  
the calculation, etc.)

And you might want to have a little bit of CPU left over to run (the  
rest of) linux/freebsd, copy the packet around, etc.
You'll also need some CPU headroom for MD5 or SHA-1 in order to run  
the AH portion of IPSEC, etc.   For example,
SHA-1 on a Pentium requires (another) 13 cycles/byte.

gonzo:~ jim$ echo "166*1000*1000/(108+13)*8" | bc
10975200

So there is no way you'll keep even a 10Mbps Ethernet full doing 3DES 
+SHA-1 IPSEC on a 166Mhz CPU.

AES (in software) needs around 50 cycles/byte for 8k blocks, with an  
average penalty of another 3 cycles/byte for 1K blocks, generating  
about 2X the
speed.

Of course, you can always throw CPU at the problem.

On a 2.4GHz P4, AES-CFB (the mode specified in the IPSEC RFC) runs  
around 100Mbps (but again, this is with larger blocks
than are found on networks.)   The VIA cores that support the Padlock  
AES acceleration will run the same AES-CFB mode at over 6300Mbps,  
while using
about 60% of the CPU.   (mini-itx boards that use these CPUs are also  
no more expensive than the encryption accelerator I pointed to earlier.)

All of this means that the short answer to your question is "Yes",  
but then, you didn't say how fast the network had to be.  :-)

jim