TCP vs TLS performance (2048 RSA AES)

Previous Topic Next Topic
classic Classic list List threaded Threaded
2 messages Options
Reply | Threaded
Open this post in threaded view

TCP vs TLS performance (2048 RSA AES)

OpenSSL - User mailing list
I have just started using openssl for my project. I'm building small server application using intel QAT engine.
1)  I'm trying to find benchmark numbers for pure hardware based comparison between with or without QAT engine. I mmap the file which server will send (to eliminate disk performance). Any pointer where to find would be appreciated.
2) I'm also trying to check if there is hardware based comparison between tcp vs tls. How much performance degradation I should expect when I start using tls instead of tcp(given it is small embedded server which is mmapping the file). I tried googling it and everywhere is mentions that there is no to very little performance effect between TCP & TLS but that is not what I see. 
I see performance degradation of magnitude of 10 times. I use per core measurement. For single core if TCP performance is 50K CPS per core and throughput is 10Gbps, when I modify it to use TLS 2048 RSA with AES performance foes down to ~1Gbps and 300CPS for 128K file download. I'm using home grown tcp stack and also bypassing linux kernel for networking.

Reply | Threaded
Open this post in threaded view

Re: TCP vs TLS performance (2048 RSA AES)

On 9/25/2020 12:17 PM, Amy Smith via openssl-users wrote:
I mmap the file which server will send (to eliminate disk performance).

In general, this won't work.  In fact, it may make it *harder* to eliminate disk performance from a measurement.

First, of course, mmap() isn't magic.  The data has to be read off the disk at some point.  The only question is when.

Second, mmap() does not necessarily (and probably does not) read the data immediately.  It sets up the paging tables so that those areas of virtual memory are paged to/from the corresponding parts of the file.  Just as for a page that has been kicked out of RAM into swap space, the first access to a page causes the page to be read.

If you do a plain read() then you can be pretty confident that when the read() returns the data has been read off the disk and into RAM.  The same is *not* true of mmap().  If you mmap() a file and then start to access it, the disk I/O will be in-line with your accesses.

mmap() may eliminate a memory-to-memory copy of the data, since read() probably does not do the disk I/O directly into your process's buffer, but mmap() might.  (Or, a bit more precisely, your mapping might point to the same page that the kernel is using for its disk buffer.)

Of course any particular implementation could do things a bit differently, but that's my perception of how it's usually done.
Jordan Brown, Oracle ZFS Storage Appliance, Oracle Solaris