A test (copying a 440 MB file between a fast Xeon CPU (fast=no bottleneck there) and an Atom based NAS) shows that the arcfour family of ciphers are clearly the fastest in this setup:
| cipher | real time | user time | bandwidth |
| arcfour | 0m9.639s | 0m7.423s | 45.7 MB/s |
| arcfour128 | 0m9.751s | 0m7.483s | 45.1 MB/s |
| arcfour256 | 0m9.856s | 0m7.764s | 44.7 MB/s |
| blowfish-cbc | 0m13.093s | 0m10.909s | 33.6 MB/s |
| aes128-cbc | 0m22.565s | 0m20.129s | 19.5 MB/s |
| aes128-ctr | 0m25.400s | 0m22.951s | 17.3 MB/s |
| aes192-ctr | 0m28.047s | 0m25.771s | 15.7 MB/s |
| 3des-cbc | 0m51.067s | 0m48.018s | 8.6 MB/s |
The default configuration of openssh uses aes128-ctr, so changing the cipher to arcfour gets me a 2.5-fold increase in bandwidth here ! Use the "Ciphers" keyword in .ssh/config or the "-c" command line parameter to change the order of preference of the available ciphers. YMMV.
As a reference (cfr. deinoscloud's comment), I ran "nc -l -p 3333" on the Atom side, and ran "cat file | nc atom 3333" on the Xeon:
| cipher | real time | user time | bandwidth |
| cleartext | 0m4.135s | 0m0.311s | 106.5 MB/s |
Posts
2 comments:
And what would be the speed without any encryption?
@deinoscloud near full Gbps. I'm testing a cached file over the network to /dev/null, so that makes sense. Once the CPU bottleneck is gone, the network speed is the next bottleneck.
Post a Comment