We’ve been busy in the labs updating some our previous pfSense performance testing statistics against the latest Intel processor revisions. This time around we’ve focused on IPsec, with a specific nod to what’s possible with AES-NI.
Virtualized pfSense, Internal
In this phase we created two pfSense machines atop the hypervisor on a single physical box. Each machine was given one logical processor from an Intel Haswell i5 @ 3.4GHz.
Test1: Raw, Virtual Network
No encryption (Static Routes to Traverse WAN)
| Round | Upload(Mbps) | Download(Mbps) |
|---|---|---|
| 1 | 561 | 630 |
| 2 | 687 | 737 |
| 3 | 738 | 844 |
| 4 | 781 | 945 |
| 5 | 794 | 926 |
| Avg | 712 | 816 |
Test2: IPsec, Virtual Network
IPsec w/ Phase2 AES256-GCM
| Round | Upload(Mbps) | Download(Mbps) |
|---|---|---|
| 1 | 369 | 348 |
| 2 | 370 | 339 |
| 3 | 336 | 444 |
| 4 | 400 | 443 |
| 5 | 374 | 372 |
| Avg | 369 | 389 |
Virtualized pfSense, Two Distinct Boxes
After the internal test we moved the pfSense machines to two separate physical machines interconnected via a standard small business gigabit switch. Each virtual machine was allocated one logical processor from an Intel Haswell i7 @ 3.4GHz.
Test3: IPsec, Physical Network
IPsec w/ Phase2 AES256-GCM
| Round | Upload(Mbps) | Download(Mbps) |
|---|---|---|
| 1 | 657 | 436 |
| 2 | 432 | 668 |
| 3 | 541 | 522 |
| 4 | 520 | 565 |
| 5 | 491 | 593 |
| Avg | 528 | 556 |
Stay Tuned
Our testing is still underway. Check back here soon for more updates to numbers we’re finding in different configurations.
Notes
- These tests were with – Lan Speet Test Lite; better results were achieved with iperf and TCP Window Size tuning
- Tests run on pfSense 2.2.1