Re: ssh None cipher

From: Allan Jude <allanjude_at_freebsd.org> Date: Sun, 19 Oct 2014 14:01:39 -0400 · This archive was generated by hypermail 2.4.0 : Wed May 19 2021 - 11:40:53 UTC

On 2014-10-19 03:46, John-Mark Gurney wrote:
> Freddie Cash wrote this message on Sat, Oct 18, 2014 at 10:21 -0700:
>> On Oct 18, 2014 3:54 AM, "Mark Martinec" <Mark.Martinec+freebsd_at_ijs.si>
>> wrote:
>>>
>>> If the purpose of having a none cipher is to have a fast
>>> file transfer, then one should be using  sysutils/bbcp
>>> for that purposes. Uses ssd for authentication, and
>>> opens unencrypted channel(s) for the actual data transfer.
>>> It's also very fast, can use multiple TCP streams.
>>
>> That's an interesting alternative to rsync, scp, and ftp, but doesn't help
>> with zfs send/recv which is where the none cipher really shines.
>>
>> Without the none cipher, SSH becomes the bottleneck limiting transfers to
>> around 400 Mbps on a gigabit LAN. With the none cipher, the network becomes
>> the bottleneck limiting transfers to around 920 Mbps on the same gigabit
>> LAN.
>>
>> This is between two 8-core AMD Opteron 6200 systems using igb(4) NICs.
> 
> Are you running on HEAD or possibly 10.x (I believe we have OpenSSL
> 1.0.x on 10.x)?  w/ modern processors w/ AES-NI and a modern version of
> OpenSSL, you should be able to get much faster speeds than that...  I'm
> able to get ~200MB/s over lo0 on my HEAD box on a:
> CPU: AMD A10-5700 APU with Radeon(tm) HD Graphics    (3393.89-MHz K8-class CPU)
> 
> $ netstat -w 1 -I lo0
>             input            lo0           output
>    packets  errs idrops      bytes    packets  errs      bytes colls
>      39162     0     0  207823548      39162     0  207823548     0
>      26327     0     0  158674156      26327     0  158674156     0
>      38254     0     0  221313096      38254     0  221313096     0
>      41362     0     0  219740344      41362     0  219740344     0
>      40271     0     0  213565272      40271     0  213565272     0
>      37698     0     0  225447008      37698     0  225447008     0
> 
> while running:
> $ ssh 0 dd if=/dev/zero >/dev/null
> 
> This is w/ no special patches to OpenSSL or ssh...
> 
> It could go twice as fast if ssh could use multiple threads to do the
> encryption (the processor has 4 cores, 2 would be used for sending, 2
> for receiving)...
> 

There is a patch for threaded AES-CTR in the openssh-portable port.
Might be worth benchmarking that.

-- 
Allan Jude