Celejar:
> On Mon, 24 Jan 2011 22:33:28 +0100
> Jochen Schulz <ml@well-adjusted.de> wrote:
>
>> Celejar:
>>>
>>> I understand that you're technically adding traffic and processor
>>> overhead; the question is how much?
>>
>> My 1.66GHz atom D510 can encrypt/decrypt AES with ~20MByte/s on a single
>> core. Typically, my wifi reaches only 10% of that throughput.
>> Additionally, encryption is usually done by the network adapter in
>> hardware, as far as I know. The host CPU shouldn't be stressed by that.
>
> Thanks. What's the CPU usage like while doing AES on 20Mb?

A single core get's used 100% by the kworker thread. But actually it's
not 20MB/s, but 25MB/s while reading (decrypting) and 35MB/s while
writing (encrypting). I just tested it again.

J.
--
At night I go to the kitchen; specifically, the knife drawer.
[Agree] [Disagree]
<http://www.slowlydownward.com/NODATA/data_enter2.html>

On Mon, 24 Jan 2011 16:01:14 -0500, Celejar wrote:

> On Mon, 24 Jan 2011 12:50:34 -0700 david wildgoose wrote:
>
>> On Mon, Jan 24, 2011 at 12:43 PM, Camaleón wrote:

>> > Last time I had to make a "fine-grained" debugging operation over my
>> > network using wireshark I had to "restore-to-life" an old (and dusty)
>> > hub that came with our DSL device... back in 2000 :-P
>> >
>> >
>> Port monitoring is something thats useful in troubleshooting network
>> related problems on networks using switches, thought I think your
>> switch needs to support it.

Yes.

> IIUC, you may be confusing two scenarios: with hubs, all traffic always
> gets sent out to all connected systems, so monitoring is
> straightforward. With switches, traffic is normally sent only to the
> target hosts, so to monitor general network traffic from a specific
> host, mirroring is needed, and it is indeed a special feature of some
> switches:
>
> http://en.wikipedia.org/wiki/Port_mirroring

True, but David is also right. As you point out, there are some
enterprise switches that implement a monitoring port (an special "catch-
all-data" port that when enabled, it captures all the traffic).

Greetings,

--
Camaleón


--
To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Archive: pan.2011.01.25.12.12.15@gmail.com">http://lists.debian.org/pan.2011.01.25.12.12.15@gmail.com

On Tue, 25 Jan 2011 07:58:28 +0100
Jochen Schulz <ml@well-adjusted.de> wrote:

> Celejar:
> > On Mon, 24 Jan 2011 22:33:28 +0100
> > Jochen Schulz <ml@well-adjusted.de> wrote:
> >
> >> Celejar:
> >>>
> >>> I understand that you're technically adding traffic and processor
> >>> overhead; the question is how much?
> >>
> >> My 1.66GHz atom D510 can encrypt/decrypt AES with ~20MByte/s on a single
> >> core. Typically, my wifi reaches only 10% of that throughput.
> >> Additionally, encryption is usually done by the network adapter in
> >> hardware, as far as I know. The host CPU shouldn't be stressed by that.
> >
> > Thanks. What's the CPU usage like while doing AES on 20Mb?
>
> A single core get's used 100% by the kworker thread. But actually it's
> not 20MB/s, but 25MB/s while reading (decrypting) and 35MB/s while
> writing (encrypting). I just tested it again.

So does that mean that your wireless throughput with encryption enabled
is CPU-bound, and that you'd be getting better throughput with a more
powerful CPU (or without encryption)?

Celejar
--
foffl.sourceforge.net - Feeds OFFLine, an offline RSS/Atom aggregator
mailmin.sourceforge.net - remote access via secure (OpenPGP) email
ssuds.sourceforge.net - A Simple Sudoku Solver and Generator


--
To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Archive: 20110125145546.05cca16f.celejar@gmail.com">http://lists.debian.org/20110125145546.05cca16f.celejar@gmail.com

Celejar:
> On Tue, 25 Jan 2011 07:58:28 +0100
>>
>> A single core get's used 100% by the kworker thread. But actually it's
>> not 20MB/s, but 25MB/s while reading (decrypting) and 35MB/s while
>> writing (encrypting). I just tested it again.
>
> So does that mean that your wireless throughput with encryption enabled
> is CPU-bound, and that you'd be getting better throughput with a more
> powerful CPU (or without encryption)?

No. The numbers I posted were about disk encryption. They were just
meant to illustrate what throughput is possible with AES if it is done
by a comparably slow CPU (Atom D510, 1.66GHz).

With WPA2/AES you have significantly less throughput (typically <10%)
and, as far as I know, wifi encrpytion is done by the hardware and not
the host CPU. But even if it's done on the host CPU: my numbers show
that you really don't need to care about that very much, as long as your
system isn't older than, say, 6-8 years.

(Disclaimer: I am unsure whether WPA2 with AES actually performs the
same as LUKS using AES. But my guess is that it's not far off.)

J.
--
I am not scared of death but terrified of people in Tommy Hilfiger
sweatshirts.
[Agree] [Disagree]
<http://www.slowlydownward.com/NODATA/data_enter2.html>

On Wed, 26 Jan 2011 14:31:55 +0100
Jochen Schulz <ml@well-adjusted.de> wrote:

> Celejar:
> > On Tue, 25 Jan 2011 07:58:28 +0100
> >>
> >> A single core get's used 100% by the kworker thread. But actually it's
> >> not 20MB/s, but 25MB/s while reading (decrypting) and 35MB/s while
> >> writing (encrypting). I just tested it again.
> >
> > So does that mean that your wireless throughput with encryption enabled
> > is CPU-bound, and that you'd be getting better throughput with a more
> > powerful CPU (or without encryption)?
>
> No. The numbers I posted were about disk encryption. They were just
> meant to illustrate what throughput is possible with AES if it is done
> by a comparably slow CPU (Atom D510, 1.66GHz).
>
> With WPA2/AES you have significantly less throughput (typically <10%)
> and, as far as I know, wifi encrpytion is done by the hardware and not
> the host CPU. But even if it's done on the host CPU: my numbers show
> that you really don't need to care about that very much, as long as your
> system isn't older than, say, 6-8 years.
>
> (Disclaimer: I am unsure whether WPA2 with AES actually performs the
> same as LUKS using AES. But my guess is that it's not far off.)

Okay - thanks for the clarification.

Celejar
--
foffl.sourceforge.net - Feeds OFFLine, an offline RSS/Atom aggregator
mailmin.sourceforge.net - remote access via secure (OpenPGP) email
ssuds.sourceforge.net - A Simple Sudoku Solver and Generator


--
To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Archive: 20110126093738.d566a3d2.celejar@gmail.com">http://lists.debian.org/20110126093738.d566a3d2.celejar@gmail.com