 |
 |
 |
|
||
|
||
| ||
|
||
|
|
|
|
|
||
|
||
| ||
|
||
|
Performance testsThe tests were carried out according to this technique. 1. LAN-WAN segment performance, NetIQ Chariot
NetIQ Chariot: data transfer between LAN-WAN segments, LAN-WAN routing performance is up to the mark.
NetIQ Chariot: data transfer between LAN-WAN segments,
NetIQ Chariot: data transfer between LAN-WAN segments, Above are performance diagrams at smaller packet sizes. 2. LAN-WAN segment performance, NetPIPE
NetPipe: data transfer speed between LAN and WAN segments with packets of different sizes (maximum – 89.5Mbit/sec) NetPipe test results are similar to the previous ones. 3. IPSec performanceUSR8200 is equipped with FreeSwan 1.99 implementation of IPSec (another proof that the device uses Linux kernel from Branch 2.4). IPSec tunneling performance was measured in the following way.
During IPSec speed benchmarks, tunnel characteristics were not modified except for the encryption type. Here is the list of these characteristics:
3.1 IPSec performance, DES encryption
NetIQ Chariot: IPSec tunneling, DES encryption, Throughput.scr  NetIQ Chariot: IPSec tunneling, DES encryption, Throughput.scr (full duplex only) IPSec performance with DES encryption is rather high. 3.2 IPSec performance, 3DES encryption
NetIQ Chariot: IPSec tunneling, 3DES encryption, Throughput.scr  NetIQ Chariot: IPSec tunneling, 3DES encryption, Throughput.scr (full duplex only) IPSec performance in 3DES mode is impressive. 3.3 IPSec scalability, two tunnels, 3DES encryptionIn case of one tunnel, IPSec encryption in USR820 works fast. What will happen, if we increase the number of tunnels? NetIQ Chariot: IPSec 2 tunnels, 3DES encryption, Throughput.scr  NetIQ Chariot: IPSec 2 tunnels, 3DES encryption, Throughput.scr The speed dropped in each tunnel, but overall performance even increased and reached 20 Mbit/sec. 3.4 IPSec scalability, three tunnels, 3DES encryptionLet's add another tunnel (to get three tunnels). NetIQ Chariot: IPSec 3 tunnels, 3DES encryption, Throughput.scr  NetIQ Chariot: IPSec 3 tunnels, 3DES encryption, Throughput.scr Performance has not dropped in comparison with two tunnels, the speed in each tunnel keeps at 4.5 Mbit. The overall encryption performance practically reached 30 Mbit. It's a very good result. Then we carried out a couple of tests, in which generators of traffic, transferred via three tunnels, were not started simultaneously but with a 30 seconds' delay. In the first case the tests were started in the following order:
In other words, the traffic was initiated sequentially in the first tunnel (at first in half duplex and then in full duplex mode), then the second and the third tunnels were activated (to be more exact, data transfer in these tunnels) in the same manner. In the second case, the traffic generators were started in a different order:
That is at first the half duplex (unidirectional) data transfer was started sequentially in each of the tunnels, after that the duplex data transfer was initiated (also sequentially) in each tunnel.  First case, NetIQ Chariot: IPSec, 3DES encryption, Throughput.scr  Second case, NetIQ Chariot: IPSec 3DES encryption, Throughput.scr These two tests demonstrate an interesting picture: When half duplex transfers in tunnels are started sequentially, the performance of previous tunnels does not drop, at least when the number of tunnels does not exceed three.  By the way, the tests revealed a funny bug in the implementation of IPSec: if you try to activate a third tunnel when the two tunnels are already operating (exactly to activate, that is before this moment there were only two tunnels activated), the performance of some existing tunnels drops almost to zero for several seconds. 4. PPTP server performanceAs USR8200 can operate as a PPTP server, we measured its encryption performance using this protocol as well. The results were taken similar to the IPSec tests, we measured the speed in the MPPE 128-bit mode with stateful compression. NetIQ Chariot: PPTP 2 tunnels, MPPE-128 encryption, Throughput.scr  NetIQ Chariot: PPTP 2 tunnels, MPPE-128 encryption, Throughput.scr (full duplex only) Strange as it may seem, the speed is a little slower than in IPSec, but still high enough. 4.2 PPTP performance, two tunnelsLet's add another user (to get two working tunnels).  NetIQ Chariot: PPTP, MPPE-128 encryption, Throughput.scr (full duplex only) The overall performance still didn't exceed 9 Mbit, and the speeds in each tunnel were distributed approximately in even shares of the overall performance. 4.3 PPTP performance, three tunnelsIn this case the traffic generators were started sequentially, with 30 seconds' delay each. To be more exact, they were started in the following order:
 NetIQ Chariot: PPTP, MPPE-128 encryption, Throughput.scr (full duplex only) And again it didn't manage to exceed 9 Mbit. The tunnels shared the overall 9 Mbit throughput in approximately equal shares. Navigation:
Evgeniy Zaitsev (eightn@ixbt.com) 24 August, 2004
|
| ||||||||||||||||||||||||||||||||||||||||
Platform · Video · Multimedia · Mobile · Other · Compare Prices || Feedback · Advertise at iXBT Labs · About us · Affiliates · Forum
Copyright © Byrds Research & Publishing, Ltd., 1997—2010. All rights reserved.
ShareThis
