Netdev Archive on lore.kernel.org
help / color / mirror / Atom feed
* MACSec performance issues
@ 2021-08-03 11:48 Sebastian Rehms
  2021-08-03 13:01 ` Antoine Tenart
  0 siblings, 1 reply; 2+ messages in thread
From: Sebastian Rehms @ 2021-08-03 11:48 UTC (permalink / raw)
  To: netdev; +Cc: scott, davem, gregkh

Dear netdev community,

We did some performance tests on MACSec and observed data rates of about
5-6 GBits/s. (measured with iperf3)
After a kernel update the maximum data rate dropped to about 600 MBit/s.

Due to this huge difference we did some further investigations and found
that the main reason is a change in the file drivers/net/macsec.c in the
function crypto_alloc_aead().

The change was introduced by commit
0899ff04c872463455f2749d13a5d311338021a3 (upstream commit
ab046a5d4be4c90a3952a0eae75617b49c0cb01b)

-       tfm = crypto_alloc_aead("gcm(aes)", 0, 0);
+       /* Pick a sync gcm(aes) cipher to ensure order is preserved. */
+       tfm = crypto_alloc_aead("gcm(aes)", 0, CRYPTO_ALG_ASYNC);


According to the commit description, the  CRYPTO_ALG_ASYNC flag is
required to guarantee correct packet ordering which is indeed an
implicit provision of the MACSec standard.

First, it would be desirable to verify, that the impact of the flag is
large not only on our hardware but that it is a general phenomenon.

Maybe this is of interest for the MACSec maintainers?

Kind regards,
Sebastian Rehms

^ permalink raw reply	[flat|nested] 2+ messages in thread

* Re: MACSec performance issues
  2021-08-03 11:48 MACSec performance issues Sebastian Rehms
@ 2021-08-03 13:01 ` Antoine Tenart
  0 siblings, 0 replies; 2+ messages in thread
From: Antoine Tenart @ 2021-08-03 13:01 UTC (permalink / raw)
  To: Sebastian Rehms, netdev; +Cc: scott, davem, gregkh

Hello Sebastian,

Quoting Sebastian Rehms (2021-08-03 13:48:59)
> 
> We did some performance tests on MACSec and observed data rates of about
> 5-6 GBits/s. (measured with iperf3)
> After a kernel update the maximum data rate dropped to about 600 MBit/s.
> 
> Due to this huge difference we did some further investigations and found
> that the main reason is a change in the file drivers/net/macsec.c in the
> function crypto_alloc_aead().
> 
> The change was introduced by commit
> 0899ff04c872463455f2749d13a5d311338021a3 (upstream commit
> ab046a5d4be4c90a3952a0eae75617b49c0cb01b)
> 
> -       tfm = crypto_alloc_aead("gcm(aes)", 0, 0);
> +       /* Pick a sync gcm(aes) cipher to ensure order is preserved. */
> +       tfm = crypto_alloc_aead("gcm(aes)", 0, CRYPTO_ALG_ASYNC);
> 
> 
> According to the commit description, the  CRYPTO_ALG_ASYNC flag is
> required to guarantee correct packet ordering which is indeed an
> implicit provision of the MACSec standard.
> 
> First, it would be desirable to verify, that the impact of the flag is
> large not only on our hardware but that it is a general phenomenon.

FYI, performance issues with CRYPTO_ALG_ASYNC was reported and discussed
in the following thread:
https://lore.kernel.org/netdev/1b0cec71-d084-8153-2ba4-72ce71abeb65@byu.edu/

Antoine

^ permalink raw reply	[flat|nested] 2+ messages in thread

end of thread, other threads:[~2021-08-03 13:01 UTC | newest]

Thread overview: 2+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2021-08-03 11:48 MACSec performance issues Sebastian Rehms
2021-08-03 13:01 ` Antoine Tenart

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).