Hi All,
we have a IOT GW with hardware encryption enabled LS1021a cpu, we want test how does its hardware encryption engine will improve Openvpn performance. i downloaded SDK from here LS1021A-IoT Gateway Reference Design|Freescale , and following SDK document to enabled cryptodev( http://cryptodev-linux.org/) in kernel and compiled openssl followed this link Freescale Technical Information Center . and added openvpn-rds in SDK of IOT GW.
Now, we can get outstanding improved performance in openssl, from 48 times up to 100 times in openssl encryption test with cryptodev engine supported (openssl speed aes-128-cbc).
without cryptodev enabled
then we running the openvpn from two IOT GWs (one for server, one for client, and both side cipher used aes-128-cbc), we can get the Openvpn tunnel working, but when we tried to use iperf to test its traffic throughput capacity, the throughput of Iperf shows only 16Mbits/sec with cryptodev hardware engine !!!, it is even low than without cryptodev hardware engine enabled(its around 80Mbits/sec).
when we analyzed Openvpn, we found when we enabled the cryptodev hardware engine, the CPU is busy one for IRQ context, check following
OpenVPN - Perf data when using cryptodev
13.68% openvpn [kernel.kallsyms] [k] _raw_spin_unlock_irqrestore
7.49% openvpn [kernel.kallsyms] [k] __do_softirq
6.60% openvpn [cryptodev] [k] 0x000017a0
5.04% openvpn openvpn [.] 0x0004619c
2.39% openvpn [kernel.kallsyms] [k] __schedule
2.26% openvpn [kernel.kallsyms] [k] v7_dma_clean_range
2.02% openvpn [kernel.kallsyms] [k] __memzero
1.99% openvpn libc-2.19-2014.04.so [.] 0x00072050
1.91% openvpn [kernel.kallsyms] [k] caam_jr_dequeue
1.71% openvpn [kernel.kallsyms] [k] mutex_lock
1.61% openvpn libcrypto.so.1.0.0 [.] 0x0010e5ec
1.44% openvpn [kernel.kallsyms] [k] wait_for_common
...
OpenVPN - Perf data without cryptodev
11.42% openvpn openvpn [.] 0x00019b64
9.86% openvpn libcrypto.so.1.0.0 [.] 0x0004a9b4
7.54% openvpn [kernel.kallsyms] [k] _raw_spin_unlock_irqrestore
3.57% openvpn [kernel.kallsyms] [k] __do_softirq
2.96% openvpn liblzo2.so.2.0.0 [.] lzo1x_decompress_safe
2.22% openvpn [ip_tables] [k] ipt_do_table
1.75% openvpn [kernel.kallsyms] [k] ktime_get_ts
1.29% openvpn [kernel.kallsyms] [k] do_sys_poll
1.24% openvpn [kernel.kallsyms] [k] __copy_from_user
1.20% openvpn [kernel.kallsyms] [k] local_bh_enable
1.18% openvpn [kernel.kallsyms] [k] __aeabi_idiv
1.15% openvpn [kernel.kallsyms] [k] gfar_clean_rx_ring
1.09% openvpn [kernel.kallsyms] [k] tcp_v4_rcv
1.07% openvpn [kernel.kallsyms] [k] nf_iterate
...
then we tried to using StronSWAN, we can see a positive performance difference using the crypto accelerator. we built a kernel with the cryto hardware acceleration disabled and was getting ~50Mb/s bandwidth. With the acceleration enabled, we can getting between 110 and 120Mb/s.
We known the Openvpn must working with crypto accelerator as we can found lot of success information for Openvpn with crypto. but we did not got success with IOT GW of LS1021 SDK, and i believe there is something must be wrong.
So, my question is does anyone make the Openvpn working with crypto accelerator in IOT GW, or, what is your suggestion how i can figure it out. thank you.
PS:
SDK of IOT GW is QorIQ-SDK-V1.7-SOURCE-20141218-yocto_RDS_20150302
OpenVPN we tried default version of SDK - 2.3.6, and we also tried new version - 2.3.7 as someone report the 2.3.6 has a bug - https://community.openvpn.net/openvpn/ticket/480
Yuqian