Netdev Archive on lore.kernel.org
help / color / mirror / Atom feed
From: Sebastian Rehms <sebastian.rehms@mailbox.tu-dresden.de>
To: <netdev@vger.kernel.org>
Cc: <scott@scottdial.com>, <davem@davemloft.net>,
	<gregkh@linuxfoundation.org>
Subject: MACSec performance issues
Date: Tue, 3 Aug 2021 13:48:59 +0200	[thread overview]
Message-ID: <d335ddaa-18dc-f9f0-17ee-9783d3b2ca29@mailbox.tu-dresden.de> (raw)

Dear netdev community,

We did some performance tests on MACSec and observed data rates of about
5-6 GBits/s. (measured with iperf3)
After a kernel update the maximum data rate dropped to about 600 MBit/s.

Due to this huge difference we did some further investigations and found
that the main reason is a change in the file drivers/net/macsec.c in the
function crypto_alloc_aead().

The change was introduced by commit
0899ff04c872463455f2749d13a5d311338021a3 (upstream commit
ab046a5d4be4c90a3952a0eae75617b49c0cb01b)

-       tfm = crypto_alloc_aead("gcm(aes)", 0, 0);
+       /* Pick a sync gcm(aes) cipher to ensure order is preserved. */
+       tfm = crypto_alloc_aead("gcm(aes)", 0, CRYPTO_ALG_ASYNC);


According to the commit description, the  CRYPTO_ALG_ASYNC flag is
required to guarantee correct packet ordering which is indeed an
implicit provision of the MACSec standard.

First, it would be desirable to verify, that the impact of the flag is
large not only on our hardware but that it is a general phenomenon.

Maybe this is of interest for the MACSec maintainers?

Kind regards,
Sebastian Rehms

             reply	other threads:[~2021-08-03 12:16 UTC|newest]

Thread overview: 2+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2021-08-03 11:48 Sebastian Rehms [this message]
2021-08-03 13:01 ` Antoine Tenart

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=d335ddaa-18dc-f9f0-17ee-9783d3b2ca29@mailbox.tu-dresden.de \
    --to=sebastian.rehms@mailbox.tu-dresden.de \
    --cc=davem@davemloft.net \
    --cc=gregkh@linuxfoundation.org \
    --cc=netdev@vger.kernel.org \
    --cc=scott@scottdial.com \
    --subject='Re: MACSec performance issues' \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).