Performance data is always a key criteria for selection of network solutions. But performance data is easily misconstrued, making vendor comparisons challenging, if not impossible. While Netgate is not in a position to vet other vendors' claims, we try to be 100% transparent with our performance test results. Packet traffic conditions, hardware vintage, software release, and test methodology can independently affect test results let alone en masse. So, we invite readers to remember the following when viewing TNSR® software test data:
Last, it should be understood that these numbers were generated in a controlled test laboratory and, therefore, cannot be guaranteed for "in the wild" environments.
Out test results are packaged and shared as follows:
Using a Dell R730 server, performance tests were run on three different platform configurations:
Exact test specifications are shown here:
Software Release | TNSR 20.02.2-2 |
Platforms | - Bare Metal Integration (BMI) - KVM - VMware |
Hardware | Dell R730 Server - (2) 8-Core Intel E5-2620v4 2.1 Ghz - 512 Gb DDR4 - 2133Mhz - (2) Mellanox Connect X-5 EN NIC Cards |
Throughput results for L3 Forwarding, Firewall (forwarding with 10k ACLs), and Forwarding with 1:1 NAT are shown for each platform below:
IPERF3 TRAFFIC 1 | IMIX TRAFFIC 2 | ||
PLATFORM: Bare Metal |
L3 Forwarding | 162.57 Gbps 13.92 Mpps |
137.82 Gbps 47.26 Mpps |
Firewall | 162.02 Gbps 13.87 Mpps |
59.73 Gbps 20.48 Mpps |
|
NAT | 147.66 Gbps 12.64 Mpps |
25.67 Gbps 8.80 Mpp |
|
PLATFORM: KVM SR-IOV Worker Cores: 12 3 |
L3 Forwarding | 167.24 Gbps 14.32 Mpps |
119.66 Gbps 41.04 Mpps |
Firewall | 165.39 Gbps 14.16 Mpps |
64.69 Gbps 18.76 Mpps |
|
NAT | 144.44 Gbps 12.37 Mpps |
23.34 Gbps 8.01 Mpps |
|
PLATFORM: VMware SR-IOV Worker Cores: 10 3 |
L3 Forwarding | 168.55 Gbps 14.30 Mpps |
113.28 Gbps 38.85 Mpps |
Firewall | 164.95 Gbps 14.12 Mpps |
47.53 Gbps 16.30 Mpps |
|
NAT | 132.50 Gbps 11.34 Mpps |
23.40 Gbps 8.03 Mpps |
1 iPerf3 measures the maximum throughput using 1460 byte payloads and TCP framing.
2 IMIX (Internet Mix) simulates typical Internet traffic with sets of 7 (40) byte packets, (4) 576 byte packets, 1 (1500) byte packets, plus Ethernet framing overhead. When measuring equipment performance using an IMIX of packets the performance is assumed to resemble what can be seen in "real-world" conditions.
3 a Worker is a CPU core assigned to packet processing operations
Using a Dell R730 server, IPsec VPN tests were performed using a single CPU core with five different types of traffic - using both AES-GCM-128 with CPU-integrated AES-NI, as well as AES-GCM-128 with Quick Assist Technology (QAT).
Exact test specifications are shown here:
Software Release | TNSR 19.02 |
Platform | Bare Metal Integration (BMI) |
Hardware | Dell R730 Server - Single Socket - Intel Xeon Gold 6130 CPU @ 2.10Ghz with integrated AES-NI1 (fam: 06, model: 55, stepping: 04) - (1) Mellanox ConnectX-5 NIC Card - (1) Netgate CPIC-8955 Cryptographic Accelerator Card with QuickAssist Technology (QAT)2 |
IPsec | IPsec | ||
Size | Flow Type | Single CPU Core AES-GCM-128 AES-NI |
Single CPU Core AES-GCM-128 QAT |
64 | Unidirectional | 1.71 Gbps 3.33 Mpps |
1.92 Gbps 3.75 Mpps |
Bidirectional | 1.36 Gbps 2.65 Mpps |
1.85 Gbps 3.61 Mpps |
|
256 | Unidirectional | 4.96 Gbps 2.42 Mpps |
6.9 Gbps 3.37 Mpps |
Bidirectional | 4.84 Gbps 2.36 Mpps |
6.38 Gbps 3.11 Mpps |
|
512 | Unidirectional | 7.88 Gbps 1.92 Mpps |
14.07 Gbps 3.43 Mpps |
Bidirectional | 7.44 Gbps 1.82 Mpps |
13.67 Gbps 3.34 Mpps |
|
1500 | Unidirectional | 12.69 Gbps 1.05 Mpps |
33.08 Gbps 2.75 Mpps |
Bidirectional | 12.66 Gbps 1.05 Mpps |
32.74 Gbps 2.37 Mpps |
|
IMIX | Unidirectional | 6.24 Gbps 2.17 Mpps |
9.22 Gbps 3.2 Mpps |
Bidirectional | 6.14 Gbps 2.13 Mpps |
8.86 Gbps 3.07 Mpps |
1AES-NI instruction set extensions are used to optimize encryption and decryption algorithms.
2 Intel® QuickAssist Technology (Intel® QAT) accelerates and compresses cryptographic workloads by offloading the data to hardware capable of optimizing those functions.
There’s always something new with open-source, secure networking and TNSR software. Keep up with us by visiting our blog, social communities
© 2021 Rubicon Communications, LLC