Evaluation

  Our test machines are x86 architecture machines running OpenBSD 3.0. More specifically, they are 1 GHz Intel PIII machines with 256 MB of registered PC133 SDRAM, 10 GB Western Digital Protege IDE hard drives, Intel PRO/1000 F network adapters and some 3Com 3c905B 100Mbps network adapters. We chose Supermicro 370DE6 motherboards based on the ServerWorks Serverset III HE-SL chipset with dual PCI buses. Thus we were able to place our gigabit cards and crypto-cards on separate PCI buses. For some of our experiments we used the Broadcom 5820 crypto-cards. The manufacturer of these cards advertises 300Mbps 3DES; our own evaluation showed a peak measured performance of around 260Mbps, probably due to operating system overhead. We summarize our results in Figure 1. Notice that even in the best case (host-to-host, large socket buffers), we only get slightly over half the nominal throughput. We believe this is a deficiency in the device driver, but did not investigate in great detail. However, given that (a) the performance of all the security protocols we measure is dominated by the cost of encryption, (b) the throughput of those protocols is markedly lower than the unencrypted protocols (ftp, http, and unencrypted ttcp[1]), and (c) we present absolute performance numbers, this should not affect the validity of our experiments: better-performing ethernet cards/drivers would only improve the throughput numbers of the unencrypted protocols.