Tuesday, March 30, 2010

數據傳輸優化篇

http://floss.blog.51cto.com/683157/138088

經過一個快速的簡單測試,可以明顯看到:建立ssh數據通道進行傳輸時,缺省使用的加密方式(3des-cbc為缺省優先選擇加密算法)和指定 arcfour(在openssl中為rc4)的傳輸速率相差很大,是否使用壓縮參數也差異顯著,大概有5倍左右的傳輸速率差異。

請取消如下參數:
-z壓縮選項,避免浪費CPU解壓縮計算資源。對於已經壓縮過或者可壓縮性很低的文件就不要使用此選項了。對於純文本或者有高壓縮率的文件可以考慮使用。但建立ssh加密通道時最好是別用了。鑑於目前大多數情況下的數據傳輸的實際使用場景,建議不要使用-z壓縮選項。

ssh的 cipher可用算法列表,同時也是缺省使用次序:3des-cbc, aes128-cbc, aes192-cbc, aes256-cbc, aes128-ctr, aes192-ctr, aes256-ctr, arcfour128, arcfour256, arcfour, blowfish-cbc, andcast128-cbc

尋找最快的加密算法的方法,用於選擇ssh的fastest cipher參數:openssl speed @ Linux hottie 2.6.33-ZEN #1 ZEN i686 Pentium M 1.73GHz

OpenSSL 0.9.8n 24 Mar 2010
built on: Wed Mar 24 14:21:12 UTC 2010
options:bn(64,32) md2(int) rc4(idx,int) des(ptr,risc1,16,long) aes(partial) idea(int) blowfish(idx)
compiler: gcc -fPIC -DOPENSSL_PIC -DZLIB -DOPENSSL_THREADS -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -Wa,--noexecstack -DL_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall -DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_IA32_SSE2 -DSHA1_ASM -DMD5_ASM -DRMD160_ASM -DAES_ASM
available timing options: TIMES TIMEB HZ=100 [sysconf value]
timing function used: times
The 'numbers' are in 1000s of bytes per second processed.
type 16 bytes 64 bytes 256 bytes 1024 bytes 8192 bytes
md2 991.28k 2027.43k 2762.23k 3026.90k 3117.03k
mdc2 0.00 0.00 0.00 0.00 0.00
md4 17233.64k 61935.82k 176811.69k 332014.81k 446297.79k
md5 14736.71k 49719.84k 131933.04k 225910.32k 285880.39k
hmac(md5) 13064.57k 44810.77k 123996.32k 219284.11k 285808.76k
sha1 13745.98k 42426.65k 97972.57k 144979.75k 495149056.00k
rmd160 33462768.00k 94506240.00k 201206784.00k 273613824.00k 310427648.00k
rc4 608679072.00k 712475264.00k 723046656.00k 750848000.00k 749789184.00k
des cbc 102333728.00k 109271168.00k 109681664.00k 110924800.00k 111853568.00k
des ede3 39130064.00k 39723776.00k 37981440.00k 39950336.00k 40148992.00k
idea cbc 73431808.00k 76847232.00k 76859904.00k 76259328.00k 78266368.00k
seed cbc 0.00 0.00 0.00 0.00 0.00
rc2 cbc 47297744.00k 49137408.00k 48640512.00k 49191936.00k 49963008.00k
rc5-32/12 cbc 0.00 0.00 0.00 0.00 0.00
blowfish cbc 171583376.00k 171896128.00k 188671232.00k 187596800.00k 189677568.00k
cast cbc 93562608.00k 98648000.00k 98099456.00k 100521984.00k 100909056.00k
aes-128 cbc 86808912.00k 156550592.00k 215949824.00k 232400896.00k 241270784.00k
aes-192 cbc 80760080.00k 145644032.00k 180620800.00k 197377024.00k 203276288.00k
aes-256 cbc 76685536.00k 131800512.00k 159832576.00k 171541504.00k 172146688.00k
camellia-128 cbc 0.00 0.00 0.00 0.00 0.00
camellia-192 cbc 0.00 0.00 0.00 0.00 0.00
camellia-256 cbc 0.00 0.00 0.00 0.00 0.00
sha256 26420976.00k 62012032.00k 106653440.00k 137116672.00k 149176320.00k
sha512 14625040.00k 58937472.00k 93570048.00k 137558016.00k 159031296.00k
aes-128 ige 188753024.00k 202563648.00k 204330752.00k 212256768.00k 215678976.00k
aes-192 ige 165618048.00k 174002048.00k 182565888.00k 183057408.00k 185917440.00k
aes-256 ige 146738864.00k 155212480.00k 155065600.00k 160993280.00k 162643968.00k
sign verify sign/s verify/s
rsa 512 bits 0.000000s 0.000000s 12423000.0 167908000.0
rsa 1024 bits 0.000000s 0.000000s 2662000.0 60169000.0
rsa 2048 bits 0.000002s 0.000000s 476000.0 16974000.0
rsa 4096 bits 0.000013s 0.000000s 79000.0 5638000.0
sign verify sign/s verify/s
dsa 512 bits 0.000000s 0.000000s 16075000.0 13642000.0
dsa 1024 bits 0.000000s 0.000000s 5969000.0 5000000.0
dsa 2048 bits 0.000001s 0.000001s 1914000.0 1616000.0


kuro Windows 7 x64, Duo Core 1.73GHz

Cygwin won most of the time.

Cygwin
OpenSSL 0.9.8n 24 Mar 2010
built on: Wed Mar 24 16:07:40 CET 2010
options:bn(64,32) md2(int) rc4(idx,int) des(ptr,risc1,16,long) aes(partial) blowfish(idx)

compiler: gcc -D_WINDLL -DOPENSSL_PIC -DOPENSSL_THREADS -DDSO_DLFCN -DHAVE_DLFCN_H -DTERMIOS -DL_ENDIAN -fomit-frame-pointer -O3 -march=i486 -Wall -DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_IA32_SSE2 -DSHA1_ASM -DMD5_ASM -DRMD160_ASM -DAES_ASM
available timing options: TIMES TIMEB HZ=1000 [sysconf value]
timing function used: times
The 'numbers' are in 1000s of bytes per second processed.
type 16 bytes 64 bytes 256 bytes 1024 bytes 8192 bytes
md2 1774.03k 3806.61k 5098.23k 5670.10k 5977.21k
mdc2 0.00 0.00 0.00 0.00 0.00
md4 15973.63k 53201.90k 158294.55k 335919.95k 534955.83k
md5 13512.23k 46812.05k 134339.46k 242230.53k 317048.99k
hmac(md5) 18015.69k 66210.28k 157862.22k 245168.59k 326490.18k
sha1 13086.19k 39198.67k 106817.64k 188203.38k 239562.27k
rmd160 10359.44k 33694.52k 75268.00k 107819.28k 122044.75k
rc4 170165.79k 202053.91k 172411.94k 164065.48k 155313.36k
des cbc 40737.24k 36721.55k 40984.41k 43932.35k 41196.70k
des ede3 15602.36k 14746.06k 15628.67k 15607.67k 15760.96k
idea cbc 0.00 0.00 0.00 0.00 0.00
seed cbc 0.00 0.00 0.00 0.00 0.00
rc2 cbc 17066.69k 18998.16k 18431.05k 18941.11k 17674.04k
rc5-32/12 cbc 0.00 0.00 0.00 0.00 0.00
blowfish cbc 63177.65k 71263.58k 68140.47k 67408.52k 70304.23k
cast cbc 47026.79k 46374.28k 53050.68k 53212.97k 53370.47k
aes-128 cbc 47917.46k 77158.00k 91592.10k 92582.39k 90879.23k
aes-192 cbc 42802.48k 69055.47k 77293.81k 79001.38k 71507.92k
aes-256 cbc 53991.53k 60098.53k 69963.90k 64256.60k 73137.61k
camellia-128 cbc 0.00 0.00 0.00 0.00 0.00
camellia-192 cbc 0.00 0.00 0.00 0.00 0.00
camellia-256 cbc 0.00 0.00 0.00 0.00 0.00
sha256 11226.08k 22969.67k 38357.49k 53051.41k 59428.24k
sha512 7520.37k 32957.11k 50212.74k 77590.36k 78861.94k
aes-128 ige 72018.82k 83387.35k 88261.68k 88866.87k 80829.01k
aes-192 ige 61859.70k 62520.99k 72114.72k 70603.63k 74340.16k
aes-256 ige 45764.42k 62939.78k 61760.09k 64189.15k 65952.27k
sign verify sign/s verify/s
rsa 512 bits 0.000588s 0.000051s 1701.8 19599.0
rsa 1024 bits 0.002769s 0.000133s 361.2 7533.5
rsa 2048 bits 0.014881s 0.000410s 67.2 2439.9
rsa 4096 bits 0.098602s 0.001237s 10.1 808.7
sign verify sign/s verify/s
dsa 512 bits 0.000536s 0.000568s 1865.2 1761.1
dsa 1024 bits 0.001261s 0.001487s 793.0 672.6
dsa 2048 bits 0.003805s 0.004673s 262.8 214.0

SUA
OpenSSL 0.9.8k 25 Mar 2009
built on: Thu Apr 16 03:25:54 EDT 2009
options:bn(64,64) md2(int) rc4(ptr,int) des(idx,cisc,16,int) aes(partial) idea(int) blowfish(ptr2)
compiler: cc -DOPENSSL_THREADS -D_REENTRANT -D_ALL_SOURCE -DL_ENDIAN -DTERMIOS -DPEDANTIC
-O2 -Wall -DMD32_REG_T=int
available timing options: TIMES TIMEB HZ=1000 [sysconf value]
timing function used: times
The 'numbers' are in 1000s of bytes per second processed.
type 16 bytes 64 bytes 256 bytes 1024 bytes 8192 bytes
md2 709.91k 1762.52k 1933.05k 2636.76k 2677.52k
mdc2 0.00 0.00 0.00 0.00 0.00
md4 11568.97k 38903.77k 121203.14k 257570.52k 348330.04k
md5 9865.43k 34314.58k 104578.51k 192965.83k 258038.48k
hmac(md5) 10491.79k 35665.20k 103016.27k 192911.26k 257197.78k
sha1 10558.55k 36331.40k 97451.49k 147857.78k 229204.60k
rmd160 8884.38k 26725.55k 63539.54k 94661.58k 111342.82k
rc4 182501.91k 249617.41k 279596.45k 288812.45k 279937.32k
des cbc 27968.83k 30959.70k 30299.65k 30428.11k 29862.30k
des ede3 11671.23k 11787.71k 12167.52k 11829.22k 11040.56k
idea cbc 29184.18k 30357.28k 30381.87k 29988.57k 30637.70k
seed cbc 0.00 0.00 0.00 0.00 0.00
rc2 cbc 13889.31k 16599.00k 17466.36k 17473.64k 17469.56k
rc5-32/12 cbc 0.00 0.00 0.00 0.00 0.00
blowfish cbc 52247.80k 54759.43k 57292.65k 58522.23k 55975.49k
cast cbc 41661.62k 43441.72k 45341.51k 45414.54k 46708.77k
aes-128 cbc 85900.89k 92138.74k 90629.98k 87379.41k 93412.20k
aes-192 cbc 70500.59k 78695.45k 77225.07k 81734.69k 72644.85k
aes-256 cbc 66963.42k 69092.83k 72163.20k 66184.76k 71614.02k
camellia-128 cbc 0.00 0.00 0.00 0.00 0.00
camellia-192 cbc 0.00 0.00 0.00 0.00 0.00
camellia-256 cbc 0.00 0.00 0.00 0.00 0.00
sha256 9721.80k 26570.99k 55769.40k 75787.23k 86032.41k
sha512 7239.01k 28654.03k 58970.04k 98096.82k 125325.90k
aes-128 ige 89115.10k 95370.72k 96083.25k 96014.70k 91478.24k
aes-192 ige 79208.26k 82281.36k 81975.97k 84082.65k 83136.15k
aes-256 ige 70663.06k 72209.75k 72236.99k 73232.75k 74348.90k
sign verify sign/s verify/s
rsa 512 bits 0.000723s 0.000068s 1382.8 14758.1
rsa 1024 bits 0.004020s 0.000205s 248.7 4871.5
rsa 2048 bits 0.026289s 0.000773s 38.0 1293.9
rsa 4096 bits 0.177732s 0.002829s 5.6 353.4
sign verify sign/s verify/s
dsa 512 bits 0.000662s 0.000787s 1509.7 1271.0
dsa 1024 bits 0.002054s 0.002550s 486.9 392.2
dsa 2048 bits 0.007379s 0.009024s 135.5 110.8

No comments: