ssh/sftp performance

classic Classic list List threaded Threaded
5 messages Options
Reply | Threaded
Open this post in threaded view
|

ssh/sftp performance

Hugo Osvaldo Barrera
Hi,

I've been working for a while tring to improve the network performance
of my local fileserver.
I'm using SSH/SSHFS to access files on it, and I can't get transfer
speeds over 10MB/s.

Initially, I had just 2.3MBps throughput, and after switching to the
arcfour128 cipher, managed to move this up to 10MBps.

It seems that CPU is my limiting factor - even disabling disk encryption
increased my speed.
CPU usage goes up to ~100.0% when copying files (~48% userspace, ~30%
system, 22% interrupts).

Looks like there's nothing wrong with my hardware (gigabit ethernet)

vge0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
        hwfeatures=37<CSUM_IPv4,CSUM_TCPv4,CSUM_UDPv4,VLAN_MTU,VLAN_HWTAGGING>
hardmtu 1500
        lladdr 00:40:63:f6:ef:de
        description: LAN
        priority: 0
        media: Ethernet autoselect (1000baseT full-duplex,rxpause,txpause)
        status: active
        inet 172.16.8.1 netmask 0xfffff000 broadcast 172.16.15.255

And even testing locally, I can't surpass the above limits:

$ dd if=/dev/zero | ssh localhost dd of=/dev/null

I noticed my CPU supports AES, but not AESNI, so at first, I though that
that might be using up all my CPU, but that only accounts for for 48% of
CPU usage. Is there anything else I can do to improve performance?

Also, is crypto(4) still supported (I only found some old messages
in misc@ saying it's no longer supported). Would that help SSH
performance?

OpenBSD 5.4 (GENERIC) #33: Thu Jul 25 00:33:27 MDT 2013
    [hidden email]:/usr/src/sys/arch/i386/compile/GENERIC
cpu0: VIA Esther processor 1000MHz ("CentaurHauls" 686-class) 1.01 GHz
cpu0:
FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,CMOV,PAT,CFLUSH,ACPI,MMX
,FXSR,SSE,SSE2,TM,PBE,NXE,SSE3,EST,TM2
real mem  = 2011410432 (1918MB)
avail mem = 1967108096 (1875MB)
mainbus0 at root
bios0 at mainbus0: AT/286+ BIOS, date 02/27/08, BIOS32 rev. 0 @ 0xf0010,
SMBIOS rev. 2.3 @ 0xfca30 (47 entries)
bios0: vendor American Megatrends Inc. version "080014" date 02/27/2008
apm0 at bios0: Power Management spec V1.2
acpi at bios0 function 0x0 not configured
pcibios0 at bios0: rev 3.0 @ 0xf0000/0x10000
pcibios0: PCI IRQ Routing Table rev 1.0 @ 0xf5a20/272 (15 entries)
pcibios0: no compatible PCI ICU found: ICU vendor 0x1106 product 0x3287
pcibios0: Warning, unable to fix up PCI interrupt routing
pcibios0: PCI bus #130 is the last bus
bios0: ROM list: 0xc0000/0xde00 0xce000/0x1000 0xcf000/0x5c00!
cpu0 at mainbus0: (uniprocessor)
cpu0: RNG AES AES-CTR SHA1 SHA256 RSA
cpu0: unknown Enhanced SpeedStep CPU, msr 0x08100a1308000a13
cpu0: using only highest and lowest power states
cpu0: Enhanced SpeedStep 1010 MHz: speeds: 1000, 800 MHz
pci0 at mainbus0 bus 0: configuration mode 1 (bios)
pchb0 at pci0 dev 0 function 0 "VIA P4M900 Host" rev 0x00
viaagp0 at pchb0: v3
agp0 at viaagp0: aperture at 0xf0000000, size 0x10000000
pchb1 at pci0 dev 0 function 1 "VIA P4M900 Host" rev 0x00
pchb2 at pci0 dev 0 function 2 "VIA P4M900 Host" rev 0x00
pchb3 at pci0 dev 0 function 3 "VIA P4M900 Host" rev 0x00
pchb4 at pci0 dev 0 function 4 "VIA P4M900 Host" rev 0x00
"VIA P4M900 IOAPIC" rev 0x00 at pci0 dev 0 function 5 not configured
pchb5 at pci0 dev 0 function 6 "VIA P4M900 Security" rev 0x00
pchb6 at pci0 dev 0 function 7 "VIA P4M900 Host" rev 0x00
ppb0 at pci0 dev 1 function 0 "VIA VT8377 AGP" rev 0x00
pci1 at ppb0 bus 1
vga1 at pci1 dev 0 function 0 "VIA Chrome9 HC IGP" rev 0x01
wsdisplay0 at vga1 mux 1: console (80x25, vt100 emulation)
wsdisplay0: screen 1-5 added (80x25, vt100 emulation)
ppb1 at pci0 dev 2 function 0 "VIA P4M900" rev 0x80: irq 10
pci2 at ppb1 bus 2
ppb2 at pci0 dev 3 function 0 "VIA P4M900" rev 0x80: irq 10
pci3 at ppb2 bus 3
vge0 at pci3 dev 0 function 0 "VIA VT612x" rev 0x82: irq 10, address
00:40:63:f6:ef:de
ipgphy0 at vge0 phy 22: IP1001 10/100/1000 PHY, rev. 0
ahci0 at pci0 dev 15 function 0 "VIA VT8251 AHCI" rev 0x20: irq 5, AHCI 1.0
scsibus0 at ahci0: 32 targets
sd0 at scsibus0 targ 2 lun 0: <ATA, WDC WD30EZRX-00D, 80.0> SCSI3 0/direct
fixed naa.50014ee6032ea621
sd0: 2861588MB, 512 bytes/sector, 5860533168 sectors
sd1 at scsibus0 targ 3 lun 0: <ATA, WDC WD20EARX-00P, 51.0> SCSI3 0/direct
fixed naa.50014ee206653204
sd1: 1907729MB, 512 bytes/sector, 3907029168 sectors
pciide0 at pci0 dev 15 function 1 "VIA VT82C571 IDE" rev 0x07: DMA, channel 0
configured to compatibility, channel 1 configured to compatibility
pciide0: channel 0 disabled (no drives)
pciide0: channel 1 disabled (no drives)
uhci0 at pci0 dev 16 function 0 "VIA VT83C572 USB" rev 0x91: irq 11
uhci1 at pci0 dev 16 function 1 "VIA VT83C572 USB" rev 0x91: irq 7
uhci2 at pci0 dev 16 function 2 "VIA VT83C572 USB" rev 0x91: irq 5
ehci0 at pci0 dev 16 function 4 "VIA VT6202 USB" rev 0x90: irq 7
usb0 at ehci0: USB revision 2.0
uhub0 at usb0 "VIA EHCI root hub" rev 2.00/1.00 addr 1
viapm0 at pci0 dev 17 function 0 "VIA VT8251 ISA" rev 0x00: SMI
iic0 at viapm0
spdmem0 at iic0 addr 0x51: 2GB DDR2 SDRAM non-parity PC2-6400CL5
viapm0: 24-bit timer at 3579545Hz
pchb7 at pci0 dev 17 function 7 "VIA VT8251 VLINK" rev 0x00
vr0 at pci0 dev 18 function 0 "VIA RhineII-2" rev 0x7c: irq 11, address
00:40:63:f6:ef:df
ukphy0 at vr0 phy 1: Generic IEEE 802.3u media interface, rev. 10: OUI
0x004063, model 0x0032
ppb3 at pci0 dev 19 function 0 "VIA VT8251 PCIE" rev 0x00
pci4 at ppb3 bus 128
ppb4 at pci4 dev 0 function 0 "VIA VT8251 PCIE" rev 0x00
pci5 at ppb4 bus 130
ppb5 at pci4 dev 0 function 1 "VIA VT8251 PCIE" rev 0x00
pci6 at ppb5 bus 129
azalia0 at pci4 dev 1 function 0 "VIA HD Audio" rev 0x00: irq 5
azalia0: codecs: VIA/0x1708
audio0 at azalia0
usb1 at uhci0: USB revision 1.0
uhub1 at usb1 "VIA UHCI root hub" rev 1.00/1.00 addr 1
usb2 at uhci1: USB revision 1.0
uhub2 at usb2 "VIA UHCI root hub" rev 1.00/1.00 addr 1
usb3 at uhci2: USB revision 1.0
uhub3 at usb3 "VIA UHCI root hub" rev 1.00/1.00 addr 1
isa0 at mainbus0
isadma0 at isa0
com0 at isa0 port 0x3f8/8 irq 4: ns16550a, 16 byte fifo
com1 at isa0 port 0x2f8/8 irq 3: ns16550a, 16 byte fifo
pckbc0 at isa0 port 0x60/5
pckbd0 at pckbc0 (kbd slot)
pckbc0: using irq 1 for kbd slot
wskbd0 at pckbd0: console keyboard, using wsdisplay0
pcppi0 at isa0 port 0x61
spkr0 at pcppi0
schsio0 at isa0 port 0x162e/2: SCH3112 rev 0x02, watchdog disabled
npx0 at isa0 port 0xf0/16: reported by CPUID; using exception 16
mtrr: Pentium Pro MTRR support
umass0 at uhub0 port 2 configuration 1 interface 0 "Generic USB2.0-CRW" rev
2.00/19.81 addr 2
umass0: using SCSI over Bulk-Only
scsibus1 at umass0: 2 targets, initiator 0
sd2 at scsibus1 targ 1 lun 0: <Generic-, SD/MMC, 1.00> SCSI0 0/direct
removable serial.0bda0119815198100000
sd2: 3789MB, 512 bytes/sector, 7759872 sectors
vscsi0 at root
scsibus2 at vscsi0: 256 targets
softraid0 at root
scsibus3 at softraid0: 256 targets
root on sd2a (8cd4486d62e3d00d.a) swap on sd2b dump on sd2b

--
Hugo Osvaldo Barrera

[demime 1.01d removed an attachment of type application/pgp-signature]

Reply | Threaded
Open this post in threaded view
|

Re: ssh/sftp performance

Darren Tucker
On Wed, Aug 21, 2013 at 01:29:50AM -0300, Hugo Osvaldo Barrera wrote:
[...]
> I noticed my CPU supports AES, but not AESNI, so at first, I though that
> that might be using up all my CPU, but that only accounts for for 48% of
> CPU usage. Is there anything else I can do to improve performance?

Try one of the faster MACs ([hidden email] is probably going to be
the fastest one but you might want to try the others too).

--
Darren Tucker (dtucker at zip.com.au)
GPG key 8FF4FA69 / D9A3 86E9 7EEE AF4B B2D4  37C9 C982 80C7 8FF4 FA69
    Good judgement comes with experience. Unfortunately, the experience
usually comes from bad judgement.

Reply | Threaded
Open this post in threaded view
|

Re: ssh/sftp performance

Christian Weisgerber
Darren Tucker <[hidden email]> wrote:

> > I noticed my CPU supports AES, but not AESNI, so at first, I though that
> > that might be using up all my CPU, but that only accounts for for 48% of
> > CPU usage. Is there anything else I can do to improve performance?
>
> Try one of the faster MACs ([hidden email] is probably going to be
> the fastest one but you might want to try the others too).

It's definitely the fastest.  It's even the fastest if you have
AESNI.

(It might not be on 32-bit sparc.)

--
Christian "naddy" Weisgerber                          [hidden email]

Reply | Threaded
Open this post in threaded view
|

Re: ssh/sftp performance

Hugo Osvaldo Barrera
On 2013-08-21 15:28, Christian Weisgerber wrote:
> Darren Tucker <[hidden email]> wrote:
>
> > > I noticed my CPU supports AES, but not AESNI, so at first, I though
that
> > > that might be using up all my CPU, but that only accounts for for 48%
of
> > > CPU usage. Is there anything else I can do to improve performance?
> >
> > Try one of the faster MACs ([hidden email] is probably going to be
> > the fastest one but you might want to try the others too).

Yup, I've shifted the speed up to 13.6MBps, which is quite an improvement!
I had somehow understood that the default was the fastest (my mistake).
Thanks!

>
> It's definitely the fastest.  It's even the fastest if you have
> AESNI.

Sadly, my hardware doesn't support AESNI.
Would something like a Soekris 1401(hifn) make up for that, or am I mixing
stuff up?

>
> (It might not be on 32-bit sparc.)
>
> --
> Christian "naddy" Weisgerber                          [hidden email]
>

--
Hugo Osvaldo Barrera

[demime 1.01d removed an attachment of type application/pgp-signature]

Reply | Threaded
Open this post in threaded view
|

Re: ssh/sftp performance

Christian Weisgerber
Hugo Osvaldo Barrera <[hidden email]> wrote:

> Sadly, my hardware doesn't support AESNI.
> Would something like a Soekris 1401(hifn) make up for that, or am I mixing
> stuff up?

Crypto devices outside the CPU aren't that great.  For each
en-/decryption, the device needs to be set up, the data moved to
and the result back from the device.  That's cumbersome and slow.

Userland can't directly access such devices, it needs to go through
a kernel driver, crypto(9).  That's still slower.  crypto(9) access
in userland is now disabled by default, because it rarely provides
any gain, even on slow machines.

So, no, a vpn1401 would not be helpful.

What I don't know is if OpenSSL uses the VIA Padlock encryption
support in your CPU.

--
Christian "naddy" Weisgerber                          [hidden email]