Shadowsocks-libev: AEAD performance on home routers

Created on 13 Feb 2017  ·  17Comments  ·  Source: shadowsocks/shadowsocks-libev

Is there anyone tested the performance of AEAD performance on routers?
I know on some low-end routers, rc4-md5 may be still the best choice for performance.
But for some high-end home routers, they may have a multi-core ARM based CPU.
I don't know the AEAD's performance on these kind of routers. AES-128-GCM and Chacha20-ietf-Poly1305, which is better?

picture cokebar

Most helpful comment

mt7621

sh iperf.sh 10240000 aes-128-gcm
[ 3] local 127.0.0.1 port 44266 connected with 127.0.0.1 port 8387
[ 4] local 127.0.0.1 port 8388 connected with 127.0.0.1 port 17640
[ ID] Interval Transfer Bandwidth
[ 3] 0.0- 2.2 sec 9.88 MBytes 38.1 Mbits/sec
Waiting for server threads to complete. Interrupt again to force quit.
[ ID] Interval Transfer Bandwidth
[ 4] 0.0- 3.2 sec 8.83 MBytes 23.0 Mbits/sec

sh iperf.sh 10240000 chacha20-ietf-poly1305
[ 3] local 127.0.0.1 port 44272 connected with 127.0.0.1 port 8387
[ 4] local 127.0.0.1 port 8388 connected with 127.0.0.1 port 17646
[ ID] Interval Transfer Bandwidth
[ 3] 0.0- 1.9 sec 9.88 MBytes 43.0 Mbits/sec
Waiting for server threads to complete. Interrupt again to force quit.
[ ID] Interval Transfer Bandwidth
[ 4] 0.0- 3.0 sec 8.47 MBytes 23.9 Mbits/sec

sh iperf.sh 10240000 chacha20
[ 3] local 127.0.0.1 port 44278 connected with 127.0.0.1 port 8387
[ 4] local 127.0.0.1 port 8388 connected with 127.0.0.1 port 17652
[ ID] Interval Transfer Bandwidth
[ 3] 0.0- 1.4 sec 9.88 MBytes 59.8 Mbits/sec
[ ID] Interval Transfer Bandwidth
[ 4] 0.0- 1.9 sec 9.88 MBytes 43.8 Mbits/sec

sh iperf.sh 10240000 rc4-md5
[ 3] local 127.0.0.1 port 44284 connected with 127.0.0.1 port 8387
[ 4] local 127.0.0.1 port 8388 connected with 127.0.0.1 port 17658
[ ID] Interval Transfer Bandwidth
[ 3] 0.0- 0.7 sec 9.88 MBytes 117 Mbits/sec
[ ID] Interval Transfer Bandwidth
[ 4] 0.0- 1.4 sec 9.88 MBytes 61.1 Mbits/sec

sh iperf.sh 10240000 salsa20
[ 3] local 127.0.0.1 port 44290 connected with 127.0.0.1 port 8387
[ 4] local 127.0.0.1 port 8388 connected with 127.0.0.1 port 17664
[ ID] Interval Transfer Bandwidth
[ 3] 0.0- 1.6 sec 9.88 MBytes 51.9 Mbits/sec
[ ID] Interval Transfer Bandwidth
[ 4] 0.0- 2.2 sec 9.88 MBytes 37.8 Mbits/sec

sh iperf.sh 10240000 aes-256-cfb
[ 3] local 127.0.0.1 port 44302 connected with 127.0.0.1 port 8387
[ 4] local 127.0.0.1 port 8388 connected with 127.0.0.1 port 17676
[ ID] Interval Transfer Bandwidth
[ 3] 0.0- 1.5 sec 9.88 MBytes 55.2 Mbits/sec
[ ID] Interval Transfer Bandwidth
[ 4] 0.0- 2.4 sec 9.88 MBytes 35.1 Mbits/sec

picture lloovve on 27 May 2018
👍2

All 17 comments

 +----------------------------+-------------+-------------------+
 | Chip                       | AES-128-GCM | ChaCha20-Poly1305 |
 +----------------------------+-------------+-------------------+
 | OMAP 4460                  |  24.1 MB/s  |     75.3 MB/s     |
 | Snapdragon S4 Pro          |  41.5 MB/s  |     130.9 MB/s    |
 | Sandy Bridge Xeon (AES-NI) |   900 MB/s  |      500 MB/s     |
 +----------------------------+-------------+-------------------+

From RFC 7539 ChaCha20 and Poly1305 for IETF Protocols

hellofwy picture hellofwy on 13 Feb 2017

I will upgrade my router to Xeon e1220L v3

debiansid picture debiansid on 13 Feb 2017

@hellofwy Thanks. Although your list do not contain ARM CPUs on routers. But it is still useful. Compared to this list, maybe rc4-md5 or chacha is the best choice. AES may be still slow for these routers.

cokebar picture cokebar on 13 Feb 2017

@hellofwy Do you have data for rc4-md5's performance. Thanks in advance.

cokebar picture cokebar on 13 Feb 2017

https://github.com/shadowsocks/libQtShadowsocks/wiki/Comparison-of-Encryption-Methods'-Speed

From this article, rc4 is slower than ChaCha20. I think they both are implemented in software now. RC4 is less secure so just use ChaCha20. And Chacha20-ietf-Poly1305 should be faster than rc4-md5.

Recent ss-libev has an iperf.sh under scripts folder, you can test the performance yourself.

------------below updated at 2017-2-16 22:00--------------
Run iperf.sh on MediaTek MT7620 (newifi) which is MIPS 24KEc V5.0, it seems ChaCha20 is slower than rc4-md5 in mips instructions set:
rc4-md5 42.6 Mbits/sec chacha20 36.2 Mbits/sec aes-128-cfb 21.3 Mbits/sec aes-256-cfb 17.9 Mbits/sec

hellofwy picture hellofwy on 13 Feb 2017

iperf.sh 10240000 aes-128-gcm
iperf.sh 10240000 chacha20-ietf-poly1305

Netgear R6200V2/800MHz
AES-128-GCM          15 Mb/s
ChaCha20-Poly1305    80 Mb/s

Asus AC68P/1000Mhz 
AES-128-GCM              20 Mb/s
ChaCha20-Poly1305       100 Mb/s
rampageX picture rampageX on 13 Feb 2017
👍1

@rampageX
Is rc4-md5 still available in recent ss-libev? Can you provide the performance info for rc4-md5?

hellofwy picture hellofwy on 13 Feb 2017

@hellofwy
iperf.sh 102400000 rc4-md5
iperf.sh 102400000 salsa20
iperf.sh 102400000 aes-128-cfb

Asus AC68P/1000Mhz 
rc4-md5              65 Mb/s
salsa20       120 Mb/s
aes-128-cfb        37 Mb/s
rampageX picture rampageX on 13 Feb 2017

@rampageX
Thanks a lot!

hellofwy picture hellofwy on 13 Feb 2017

@rampageX The output of "iperf.sh" has two results? Which can be considered as the actual speed?

[  3] local 127.0.0.1 port 37912 connected with 127.0.0.1 port 8387
[  4] local 127.0.0.1 port 8388 connected with 127.0.0.1 port 54114
[ ID] Interval       Transfer     Bandwidth
[  3]  0.0- 3.1 sec  39.1 MBytes   104 Mbits/sec
Waiting for server threads to complete. Interrupt again to force quit.
[ ID] Interval       Transfer     Bandwidth
[  4]  0.0- 3.2 sec  30.2 MBytes  80.0 Mbits/sec
cokebar picture cokebar on 13 Feb 2017

@cokebar
Two different router types.

hellofwy picture hellofwy on 13 Feb 2017

@hellofwy No. I'm talking about the output of the iperf.sh

cokebar picture cokebar on 13 Feb 2017

Test on Linksys 1900ACSv2. Dual core ARM-cortex-A9 1.6GHz.

iperf_ss.sh 40960000 aes-128-gcm
[  3] local 127.0.0.1 port 37912 connected with 127.0.0.1 port 8387
[  4] local 127.0.0.1 port 8388 connected with 127.0.0.1 port 54114
[ ID] Interval       Transfer     Bandwidth
[  3]  0.0- 3.1 sec  39.1 MBytes   104 Mbits/sec
Waiting for server threads to complete. Interrupt again to force quit.
[ ID] Interval       Transfer     Bandwidth
[  4]  0.0- 3.2 sec  30.2 MBytes  80.0 Mbits/sec

iperf_ss.sh 40960000 chacha-ietf-poly1305
[  4] local 127.0.0.1 port 8388 connected with 127.0.0.1 port 54290
[  3] local 127.0.0.1 port 38088 connected with 127.0.0.1 port 8387
[ ID] Interval       Transfer     Bandwidth
[  3]  0.0- 2.3 sec  39.1 MBytes   140 Mbits/sec
Waiting for server threads to complete. Interrupt again to force quit.
[ ID] Interval       Transfer     Bandwidth
[  4]  0.0- 2.4 sec  32.1 MBytes   114 Mbits/sec

iperf_ss.sh 40960000 rc4-md5
[  3] local 127.0.0.1 port 38126 connected with 127.0.0.1 port 8387
[  4] local 127.0.0.1 port 8388 connected with 127.0.0.1 port 54328
[ ID] Interval       Transfer     Bandwidth
[  3]  0.0- 0.9 sec  39.1 MBytes   384 Mbits/sec
Waiting for server threads to complete. Interrupt again to force quit.
[ ID] Interval       Transfer     Bandwidth
[  4]  0.0- 0.9 sec  26.6 MBytes   254 Mbits/sec

iperf_ss.sh 40960000 aes-128-cfb
[  4] local 127.0.0.1 port 8388 connected with 127.0.0.1 port 54354
[  3] local 127.0.0.1 port 38152 connected with 127.0.0.1 port 8387
[ ID] Interval       Transfer     Bandwidth
[  3]  0.0- 1.3 sec  39.1 MBytes   257 Mbits/sec
Waiting for server threads to complete. Interrupt again to force quit.
[ ID] Interval       Transfer     Bandwidth
[  4]  0.0- 1.3 sec  25.3 MBytes   164 Mbits/sec

iperf_ss.sh 40960000 salsa20
[  3] local 127.0.0.1 port 38184 connected with 127.0.0.1 port 8387
[  4] local 127.0.0.1 port 8388 connected with 127.0.0.1 port 54386
[ ID] Interval       Transfer     Bandwidth
[  3]  0.0- 1.9 sec  39.1 MBytes   171 Mbits/sec
Waiting for server threads to complete. Interrupt again to force quit.
[ ID] Interval       Transfer     Bandwidth
[  4]  0.0- 1.9 sec  33.8 MBytes   147 Mbits/sec
cokebar picture cokebar on 13 Feb 2017
👍2

@cokebar

I guess one for ss-tunnel and one for ss-server ? I just pick the lower one.

rampageX picture rampageX on 13 Feb 2017

@cokebar
Traffic flow:
iperf client -> ss-tunnel -> ss-server -> iperf server

From iperf.sh, port 8388 line corresponds to iperf server result. The other is iperf client result.

For example:

iperf_ss.sh 40960000 salsa20
[  3] local 127.0.0.1 port 38184 connected with 127.0.0.1 port 8387
[  4] local 127.0.0.1 port 8388 connected with 127.0.0.1 port 54386
[ ID] Interval       Transfer     Bandwidth
[  3]  0.0- 1.9 sec  39.1 MBytes   171 Mbits/sec
Waiting for server threads to complete. Interrupt again to force quit.
[ ID] Interval       Transfer     Bandwidth
[  4]  0.0- 1.9 sec  33.8 MBytes   147 Mbits/sec

This is iperf server result:

[  4] local 127.0.0.1 port 8388 connected with 127.0.0.1 port 54386
[  4]  0.0- 1.9 sec  33.8 MBytes   147 Mbits/sec

This is iperf client result:

[  3] local 127.0.0.1 port 38184 connected with 127.0.0.1 port 8387
[  3]  0.0- 1.9 sec  39.1 MBytes   171 Mbits/sec

I think the client result is more close to the real performance. Because with enough socket buffer, ss-tunnel sent all encrypted data more quickly, the server has to wait to receive from socket.

Since this test run on the same machine, true performance should double the result in single core situation.

hellofwy picture hellofwy on 13 Feb 2017

@hellofwy Thanks!

cokebar picture cokebar on 13 Feb 2017

mt7621

sh iperf.sh 10240000 aes-128-gcm
[ 3] local 127.0.0.1 port 44266 connected with 127.0.0.1 port 8387
[ 4] local 127.0.0.1 port 8388 connected with 127.0.0.1 port 17640
[ ID] Interval Transfer Bandwidth
[ 3] 0.0- 2.2 sec 9.88 MBytes 38.1 Mbits/sec
Waiting for server threads to complete. Interrupt again to force quit.
[ ID] Interval Transfer Bandwidth
[ 4] 0.0- 3.2 sec 8.83 MBytes 23.0 Mbits/sec

sh iperf.sh 10240000 chacha20-ietf-poly1305
[ 3] local 127.0.0.1 port 44272 connected with 127.0.0.1 port 8387
[ 4] local 127.0.0.1 port 8388 connected with 127.0.0.1 port 17646
[ ID] Interval Transfer Bandwidth
[ 3] 0.0- 1.9 sec 9.88 MBytes 43.0 Mbits/sec
Waiting for server threads to complete. Interrupt again to force quit.
[ ID] Interval Transfer Bandwidth
[ 4] 0.0- 3.0 sec 8.47 MBytes 23.9 Mbits/sec

sh iperf.sh 10240000 chacha20
[ 3] local 127.0.0.1 port 44278 connected with 127.0.0.1 port 8387
[ 4] local 127.0.0.1 port 8388 connected with 127.0.0.1 port 17652
[ ID] Interval Transfer Bandwidth
[ 3] 0.0- 1.4 sec 9.88 MBytes 59.8 Mbits/sec
[ ID] Interval Transfer Bandwidth
[ 4] 0.0- 1.9 sec 9.88 MBytes 43.8 Mbits/sec

sh iperf.sh 10240000 rc4-md5
[ 3] local 127.0.0.1 port 44284 connected with 127.0.0.1 port 8387
[ 4] local 127.0.0.1 port 8388 connected with 127.0.0.1 port 17658
[ ID] Interval Transfer Bandwidth
[ 3] 0.0- 0.7 sec 9.88 MBytes 117 Mbits/sec
[ ID] Interval Transfer Bandwidth
[ 4] 0.0- 1.4 sec 9.88 MBytes 61.1 Mbits/sec

sh iperf.sh 10240000 salsa20
[ 3] local 127.0.0.1 port 44290 connected with 127.0.0.1 port 8387
[ 4] local 127.0.0.1 port 8388 connected with 127.0.0.1 port 17664
[ ID] Interval Transfer Bandwidth
[ 3] 0.0- 1.6 sec 9.88 MBytes 51.9 Mbits/sec
[ ID] Interval Transfer Bandwidth
[ 4] 0.0- 2.2 sec 9.88 MBytes 37.8 Mbits/sec

sh iperf.sh 10240000 aes-256-cfb
[ 3] local 127.0.0.1 port 44302 connected with 127.0.0.1 port 8387
[ 4] local 127.0.0.1 port 8388 connected with 127.0.0.1 port 17676
[ ID] Interval Transfer Bandwidth
[ 3] 0.0- 1.5 sec 9.88 MBytes 55.2 Mbits/sec
[ ID] Interval Transfer Bandwidth
[ 4] 0.0- 2.4 sec 9.88 MBytes 35.1 Mbits/sec

lloovve picture lloovve on 27 May 2018
👍2
Was this page helpful?
0 / 5 - 0 ratings

Related issues

qianguozheng picture qianguozheng  ·  4Comments
tony1016 picture tony1016  ·  3Comments
zhfreal picture zhfreal  ·  4Comments
alfal picture alfal  ·  3Comments
yuhaiyang picture yuhaiyang  ·  4Comments