OpenVPN throughput: AES-128-CBC vs CHACHA20-POLY1305

[RMerlin]

iperf3 test running over an OpenVPN tunnel, comparing both ciphers. The server is running on an Asus RT-AC66U_B1 (which has no hardware-accelerated AES support), client was running on my laptop (connected over wifi). The iperf server was also running on the router itself, so it may slightly reduce its performance as well.

AES-128-CBC:

merlin@Avalon:~$ iperf3 -c 192.168.50.1 -M 1400 -N -l 64K -t 10
Connecting to host 192.168.50.1, port 5201
[  5] local 172.31.205.238 port 36926 connected to 192.168.50.1 port 5201
[ ID] Interval           Transfer     Bitrate         Retr  Cwnd
[  5]   0.00-1.00   sec  4.70 MBytes  39.4 Mbits/sec    0    248 KBytes
[  5]   1.00-2.00   sec  4.57 MBytes  38.3 Mbits/sec    0    464 KBytes
[  5]   2.00-3.00   sec  4.88 MBytes  41.0 Mbits/sec    0    686 KBytes
[  5]   3.00-4.00   sec  5.00 MBytes  41.9 Mbits/sec    0    740 KBytes
[  5]   4.00-5.00   sec  3.75 MBytes  31.4 Mbits/sec    0    740 KBytes
[  5]   5.00-6.00   sec  4.38 MBytes  36.7 Mbits/sec    0    740 KBytes
[  5]   6.00-7.00   sec  4.38 MBytes  36.7 Mbits/sec    0    740 KBytes
[  5]   7.00-8.00   sec  3.75 MBytes  31.5 Mbits/sec    0    740 KBytes
[  5]   8.00-9.00   sec  4.38 MBytes  36.7 Mbits/sec    0    740 KBytes
[  5]   9.00-10.00  sec  4.38 MBytes  36.7 Mbits/sec    0    740 KBytes
- - - - - - - - - - - - - - - - - - - - - - - - -
[ ID] Interval           Transfer     Bitrate         Retr
[  5]   0.00-10.00  sec  44.2 MBytes  37.0 Mbits/sec    0             sender
[  5]   0.00-10.16  sec  43.1 MBytes  35.6 Mbits/sec                  receiver

iperf Done.

CHACHA20-POLY1305:

merlin@Avalon:~$ iperf3 -c 192.168.50.1 -M 1400 -N -l 64K -t 10
Connecting to host 192.168.50.1, port 5201
[  5] local 172.31.205.238 port 36930 connected to 192.168.50.1 port 5201
[ ID] Interval           Transfer     Bitrate         Retr  Cwnd
[  5]   0.00-1.00   sec  6.60 MBytes  55.4 Mbits/sec    0    439 KBytes
[  5]   1.00-2.00   sec  6.59 MBytes  55.3 Mbits/sec    0    733 KBytes
[  5]   2.00-3.00   sec  5.62 MBytes  47.2 Mbits/sec    0    758 KBytes
[  5]   3.00-4.00   sec  6.25 MBytes  52.5 Mbits/sec    0    758 KBytes
[  5]   4.00-5.00   sec  5.62 MBytes  47.2 Mbits/sec    0    758 KBytes
[  5]   5.00-6.00   sec  5.62 MBytes  47.2 Mbits/sec    0    758 KBytes
[  5]   6.00-7.00   sec  5.62 MBytes  47.2 Mbits/sec    0    758 KBytes
[  5]   7.00-8.00   sec  5.62 MBytes  47.2 Mbits/sec    0    758 KBytes
[  5]   8.00-9.00   sec  5.62 MBytes  47.2 Mbits/sec    0    758 KBytes
[  5]   9.00-10.00  sec  6.25 MBytes  52.4 Mbits/sec    0    758 KBytes
- - - - - - - - - - - - - - - - - - - - - - - - -
[ ID] Interval           Transfer     Bitrate         Retr
[  5]   0.00-10.00  sec  59.4 MBytes  49.9 Mbits/sec    0             sender
[  5]   0.00-10.12  sec  58.2 MBytes  48.2 Mbits/sec                  receiver

iperf Done.

Quite notable performance difference

Connection details of the chacha20 session:

Sep 17 23:32:14 ovpn-server1[28161]: 192.168.10.232:7213 Control Channel: TLSv1.3, cipher TLSv1.3 TLS_CHACHA20_POLY1305_SHA256, 1024 bit RSA
Sep 17 23:32:14 ovpn-server1[28161]: 192.168.10.232:7213 [client] Peer Connection Initiated with [AF_INET6]::ffff:192.168.10.232:7213
Sep 17 23:32:14 ovpn-server1[28161]: client/192.168.10.232:7213 MULTI_sva: pool returned IPv4=10.8.0.2, IPv6=(Not enabled)
Sep 17 23:32:14 ovpn-server1[28161]: client/192.168.10.232:7213 MULTI: Learn: 10.8.0.2 -> client/192.168.10.232:7213
Sep 17 23:32:14 ovpn-server1[28161]: client/192.168.10.232:7213 MULTI: primary virtual IP for client/192.168.10.232:7213: 10.8.0.2
Sep 17 23:32:14 ovpn-server1[28161]: client/192.168.10.232:7213 Data Channel: using negotiated cipher 'AES-128-GCM'
Sep 17 23:32:14 ovpn-server1[28161]: client/192.168.10.232:7213 Outgoing Data Channel: Cipher 'AES-128-GCM' initialized with 128 bit key
Sep 17 23:32:14 ovpn-server1[28161]: client/192.168.10.232:7213 Incoming Data Channel: Cipher 'AES-128-GCM' initialized with 128 bit key
Sep 17 23:32:14 ovpn-server1[28161]: client/192.168.10.232:7213 SENT CONTROL [client]: 'PUSH_REPLY,route 192.168.50.0 255.255.255.0 vpn_gateway 500,route-gateway 10.8.0.1,topology subnet,ping 15,ping-restart 60,ifconfig 10.8.0.2 255.255.255.0,peer-id 0,cipher AES-128-GCM' (status=1)

 

[heysoundude]

Notable, significant...the people following WireGuard aren't surprised: they've been using ChaCha20 & Poly1305 and for some time now.

This is in conjunction with the v386 firmware you're working on?
If so, does that possibly mean what Asus has coming down the pipe on the hardware side (WiFi6e) might run with k5.x or higher?

 

[RMerlin]

Notable, significant...the people following WireGuard aren't surprised: they've been using ChaCha20 & Poly1305 and for some time now.

However this is in the context where you have no hardwar-accelerated AES. On a more modern router with it, you would get better performance/lower CPU load using AES rather than Chacha20.

This is in conjunction with the v386 firmware you're working on?

Yes, I merged OpenVPN 2.5 beta so I could begin work on supporting it.

If so, does that possibly mean what Asus has coming down the pipe on the hardware side (WiFi6e) might run with k5.x or higher?

Totally unrelated, this is all userspace stuff, and entirely my own work. And a kernel upgrade is not gonna happen, unless the SoC manufacturer actually does. Asus merely reuses what Qualcomm/Broadcom uses as part of their SDK, it's not Asus's decision to make.

I wouldn`t expect to see a 5.x kernel appear in a router for a good 2-4 years, if not more. The latest Broadcom stuff as of this year is still on 4.1.51.

 

[torstein]

Why are you testing it on the AC66U? Why not run the test again on one of your beefier routers such as your AX88U?

 

[RMerlin]

Why are you testing it on the AC66U? Why not run the test again on one of your beefier routers such as your AX88U?

Because those newer CPUs have AES acceleration, therefore you don`t benefit from going from AES to Chacha20, unlike on these older CPUs.

 

[torstein]

Because those newer CPUs have AES acceleration, therefore you don`t benefit from going from AES to Chacha20, unlike on these older CPUs.

Out of curiosity what would the speed difference be had you run the same test on the AX88U for instance?

 

[RMerlin]

Out of curiosity what would the speed difference be had you run the same test on the AX88U for instance?

It's been years so i don't remember. You'll have to try for yourself.

 

[torstein]

Oh my, I'm sorry, I didn't realise this thread was from 2020. It popped up on the right next to all the other "latest threads" so I clicked on it as it looked interesting. Don't know how I made this mistake. Sorry, nothing to see here