VPN Relative Performance

 

 

 

(scaled to Nonsecure baseline)

 

 

 

 

 

 

 

 

Nonsecure

AH with

ESP with

ESP with

ESP with TDES /

Transaction Type:

TCP/IP

MD5

RC4 / MD5

AES128 /

SHA-1

 

 

 

 

SHA-1

 

Request/Response

1.0 x

2.7

3.6

3.8

7.9

(RR) 128 Byte

 

 

 

 

 

Asym. Connect/Request/Response

1.0 y

5.0

6.6

7.6

27.5

(ACRR) 8K Bytes

 

 

 

 

 

Large Transfer

1.0 z

10.9

15.4

18.7

88.8

(Stream) 16K Bytes

 

 

 

 

 

Notes:

 

 

 

 

 

y Capacity metrics are provided for nonsecure and each variation of security policy

 

 

y The table data reflects System i as a server (not a client)

 

 

 

y VPN measurements used transport mode, TDES, AES128 or RC4 with 128-bit key symmetric cipher and MD5 message digest with RSA public/private keys. VPN anti-replay was disabled.

y This is only a rough indicator for capacity planning. Actual results may differ significantly. y x, y and z are scaling constants, one for each NetPerf scenario.

The SSL and VPN measurements are based on a specific set of cipher methods and public key sizes. Other choices will perform differently.

5.6 Performance Observations and Tips

yCommunication performance on Blades may see an increase when the processors are in shared mode. This is workload dependent.

yHost Ethernet Adapters require 40 to 56 MB for memory per logical port to vary on.

yIBM Power 550, 9409-M50 May show 2 to 5 percent increase over IBM Power 520, 9408-M25 due to the incorporation of L3 cache. Results will vary based on workload and configuration.

yVirtual ethernet should always be configured with jumbo frame enabled

yIn 6.1 Packet Trainer is defaulted to "off" but can be configured per Line Description in 6.1.

yVirtual ethernet may see performance increases with Packet Trainer turn on. This depends on workload, connection type and utilization.

yPhysical Gigabit lines may see performance increases with Packet Trainer off. This depends on workload, connection type and utilization.

yHost Ethernet Adapter should not be used for performance sensitive workloads, your throughput can be greatly affected by the use of other logical ports connected to your physical port on additional partitions.

yHost Ethernet Adapter may see performance increases with Packet Trainer set to on, especially with regard to HEA’s internal Logical Switch and Partition to Partition traffic via the same port group.

IBM i 6.1 Performance Capabilities Reference - January/April/October 2008

 

© Copyright IBM Corp. 2008

Chapter 5 - Communications Performance

72

Page 72
Image 72
Intel 170 Servers, 7xx Servers manual VPN Relative Performance, Performance Observations and Tips, 27.5, 10.9 15.4 18.7 88.8