Securing the Network's Leading Edge
Delivering Performance Wins with
High Encrypted Throughput
Expedient’s commitment to innovation
includes developing unique approaches
to customer solutions. For example,
the company wanted to deliver secure
sockets layer (SSL) tunneling on top of a
set of four teamed 10GBASE-T adapters.
It also wanted to offer support for
Intel® Advanced Encryption Standard
New Instructions (Intel® AES-NI), which
accelerate encrypt and decrypt operations
on the Intel® Xeon® processor E5-2600
product family. While Linux* supports
teaming, OpenSSL in the Linux kernel
doesn’t support Intel AES-NI, which
the company wanted to offer with this
package of services. The team’s inquiry
into this issue eventually led them to build
their own custom version of the Linux
kernel with a newer version of OpenSSL.
Expedient wanted to quantify the
benets of Intel AES-NI and latest-
generation server platforms in its
unique set of offerings. As a way of
demonstrating that value to its customers,
Expedient tested workloads on three
generations of Intel® Xeon® processors,
both with and without enabling Intel AES-
NI. The results are presented in Figure 1.
1
The results dramatically reflect the
value of the company’s innovation. In
the test system based on the Intel®
Xeon® processor 5500 series (which
does not support Intel AES-NI), the
throughput achieved was just 5.3
gigabits per second (Gbps) out of the
effective 40 Gbps port speed of the
four teamed Intel® Ethernet 10 Gigabit
Converged Network Adapters, or roughly
one-eighth. Running the identical
workload on the Intel Xeon processor
5600 series without enabling Intel
AES-NI more than doubled throughput
to 10.9 Gbps The reduction of processor
utilization from 90.8 percent to 85.9
percent further emphasizes this point.
When Intel AES-NI was enabled on the
Intel Xeon processor 5600 series-based
server, throughput nearly doubled again
to 18.2 Gbps, with an accompanying
decrease in processor utilization from
85.9 percent to 72.2 percent.
The Intel Xeon processor E5 product
family includes new I/O innovations,
including Intel® Integrated I/O, which
incorporates the I/O hub into the
processor, and Intel® Data Direct I/O
Technology (Intel® DDIO), which allows
Intel Ethernet controllers and adapters to
talk directly to processor cache, increasing
system bandwidth, reducing power
consumption,and lowering latency. Using
an Intel Xeon processor E5 product family-
based server, throughput again nearly
doubled, increasing to 33.3 Gbps.
These results demonstrate the value of
the whole platform solution to network
throughput. The increase in throughput is
valuable to overall solution performance,
as is the freeing of compute resources due
to lower processor utilization, which allows
those resources to be used for work that is
more valuable to the solution as a whole.
“We used to deploy hardware-based
encryption accelerators—expensive,
custom-built ASICs. Now, with
Intel AES-NI, we can provide better
encryption at far lower cost.”
- Alex Rodriguez, VP, Systems Engineering
and Product Development, Expedient
Securing the Network’s Leading Edge
Figure 1. Expedient test results.
1
Abbreviations:
Intel® AES-NI: Intel® Advanced
Encryption Standard New Instructions
Gbps: Gigabits per second
Intel® DDIO: Intel® Data Direct I/O Technology
35.0 Gbps
30.0 Gbps
25.0 Gbps
20.0 Gbps
15.0 Gbps
10.0 Gbps
5.0 Gbps
0.0 Gbps
CPU
Bandwidth
100%
90%
80%
70%
60%
50%
40%
30%
20%
10%
0%
256-Bit AES-Encrypted Throughput and Processor Utilization
(Multi-Threaded Platform)
Bandwidth (Gbps)
CPU (%)
Intel® Xeon®
Processor
5560 Series
(without Intel® AES-NI)
Intel® Xeon®
Processor
5600 Series
(without Intel® AES-NI)
Intel® Xeon®
Processor
5600 Series
(with Intel® AES-NI)
Intel® Xeon®
Processor
E5 family
(with Intel® AES-NI
and Intel® DDIO)
78.6%
18.2 Gbps
5.3 Gbps
10.9 Gbps
33.3 Gbps
72.2%
85.9%
90.8%
2