Hey, I'd like to start by saying that I'm absolutely puzzled and do not know what to make from this. So, I've created 2 labs to test VPN protocols - WireGuard and IPSec (with strongSwan). My first lab is purely virtualized and resides on one physical host. My results are as follows:
- Non-encrypted link reaches around 3 Gb/s
- WireGuard gets around 1,4 Gb/s
- IPSec with ChaCha: 1,2 Gb/s, IPSec with AES-256: 1,8 Gb/s
I thought: well, I guess that AES-NI is playing a huge role here since IPSec with ChaCha20Poly1305 (the same algorithm that WireGuard uses) is performing worse than WireGuard.
But I've created a second lab, which consists of 2 VMs in Azure. I've used exact same configs and my results are as follows:
- Non-encrypted link reaches around 1 Gb/s
- WireGuard gets around 920 Mb/s
- IPSec with ChaCha: 700 Mb/s, IPSec with AES-256: 680 Mb/s
What can I make of this? I have absolutely no clue how to interpret these results. The only real difference between these 2 labs is the fact that my first lab did not use NAT, whereas the second one did. But the difference in performance is huge. It also looks like CPUs in Azure VMs also have AES-NI so I guess that argument is out of the window... Could it be that my CPU is simply quicker? However I'm not sure about that either since these VMs use Intel XEON ® E5-2673 v4 CPUs which have better single-thread performance than my CPU (Ryzen 5 1500x). What could be the issue here?
No comments:
Post a Comment