Manualshelf

HP-UX IPSec vA.03.00 Performance and Sizing White Paper

ManualsBrandsHP ManualsSoftwareHP-UX IPSec Software
12345678910
Table Of Contents
2
Overview
The purpose of this document is to provide basic guidelines for accurately determining HP-UX server
system modeling and configuration when using HP-UX IPSec. It is intended to help customers and the
HP field force effectively size customer configurations when selling systems, responding to RFPs, and
deploying systems with HP-UX IPSec.
The HP-UX IPSec product version A.03.00 operates on HP-UX 11i (v2 and v3). The tests described
were performed on HP-UX 11i v3 with IPv4 addressing, but the product produces comparable results
for HP-UX with IPv6 addressing.
On HP-UX Integrity BL860C Server Blades, HP-UX IPSec produces the throughput as high as 365
megabits per second (Mb/s) in a 1000 Bb/s network when securing IP packets with 128 bit
Advanced Encryption Standard (AES) encryption.
This document contains the following sections:
Throughput, CPU utilization, and service demand. Throughput, CPU utilization, and service demand
data for transferring data with HP-UX IPSec on a single dual-core (2-way) HP Integrity BL860c
Server Blade.
Security Association measurements. Time measurements for establishing “security sessions,” or
Security Associations (SAs), that HP-UX IPSec creates before transferring data.
Appendix A: Double dual-core (4-way) HP-UX Integrity Server performance data. Data transfer
throughput, CPU utilization, and service demand data for HP-UX IPSec on a double dual-care (4-
way) HP Integrity BL860c Server Blade.
Appendix B: Testing methodology. Testing methodology information.
Throughput, CPU utilization, and service demand
This section contains the following HP-UX performance metrics for single dual-core (2-way) HP Integrity
BL860c Server Blades:
Throughput
Throughput is the quantity of data transferred per second, measured against the TCP send buffer
size (128 to 32786 bytes). Raw throughput (throughput without HP-UX IPSec enabled) is measured
as a baseline. Throughput is measured for packets secured using the following HP-UX IPSec transfer
types:
o Data authentication with Authentication Header (AH) using Secure Hash Algorithm 1
(AH-SHA1-). AH provides data integrity and data authentication.
o AH using Message Digest 5 (AH-MD5).
o Data encryption with authentication using authenticated ESP with 3DES and AES,
and HMAC-SHA1 (ESP-3DES-HMAC-SHA1, and ESP-AES-HMAC-SHA1).
Before transmitting encrypted or authenticated data, IPsec must establish “security sessions,” or
Security Associations (SAs). To isolate data transmission times from IPsec Security Association (SA)
setup time, all throughput, CPU utilization, and service demand measurements were taken using
established IPsec SAs with infinite lifetimes.
CPU utilization
CPU utilization is the percentage of time that the CPU is not running in the idle loop. CPU utilization
is measured for the HP-UX IPSec transfer types listed above (AH-MD5, AH-SHA1, ESP-3DES-HMAC-