Saturday, May 29, 2010

Mikrotik IPSec Performance Study

Sample network is implemented with similar devices and the Internet connection simulated via Lan connectivity. Two end hosts provide the transfer and reviver functionality.

Network Setup.

The test environment designed as explained in the diagram 1.0.

Test Setup Figure 1.0

End Host Configuration- Table 1.0

End Point 1

End point 2

Microsoft windows XP Professional SP3

CPU count 2

1.87 GB RAM 3.00GHz

100Mbps Realtek RTL8139/810x Family Fast Ethernet NIC

Microsoft windows XP Professional SP3

CPU count 1

1.47GB RAM 3.06GHz

100Mbps Realtek RTL8139 Family PCI Fast Ethernet NIC


Router Configuration - Table 1.1

Router 1

Speed

264 MHz

264 MHz

Memory

30MB RAM

30MB RAM

HD

128 MB

64 MB

RouterOS 3.30

RouterOS 3.20

Workload:

Hashing algorithm parameter is fixed to SHA and changed the encryption algorithm. Default CPU load without the traffic is stays around 2% from both routers. Traffic generated through iperf for the sample traffic.


Protocol

Cipher

Packet Size

Hash

Maximum Bandwidth Trial 1

TX Kbits/

RX Kbits

Maximum Bandwidth Trial 2

TX Kbits/

RX Kbits

Maximum Bandwidth Trial 3

TX Kbits/

RX Kbits

Maximum Bandwidth Trial 4

TX Kbits/

RX Kbits

AVG

TX Kbits/

RX Kbits

1.

TCP*

--

64

--

5.70/5.37

5.32/5.54

5.17/5.37

5.43/5.67

5.405/5.487

2.

TCP

DES

64

SHA

616/598

809/784

611/626

801/790

709/700

3.

TCP

3DES

64

SHA

616/ 594

601/537

802/769

638/614

664/628

4.

TCP

AES-128

64

SHA

795/868

615/639

788/806

821/807

755/780

5.

TCP

AES-192

64

SHA

613/628

803/769

602/627

768/816

697/710

6.

TCP

AES-256

64

SHA

541/577

784/753

632/645

778/826

684/700

7.

TCP*

--

96

--

6.15/5.97

6.02/ 6.21

6.03/6.29

6.29/6.55

6.122/6.225

8.

TCP

DES

96

SHA

724/716

839/771

716/724

813/ 775

773/747

9.

TCP

3DES

96

SHA

837/771

740/729

829/788

826/788

808/769

10.

TCP

AES-128

96

SHA

846/ 795

730/743

754/737

800/ 870

782/786

11.

TCP

AES-192

96

SHA

856/803

716/712

798/855

721/723

773/773

12.

TCP

AES-256

96

SHA

738/725

853/789

742/729

782/843

779/771

13.

TCP*

--

1536

--

10.4/8.43

8.85/9.90

8.37/10.4

9.06/9.71

9.17/9.61

14.

TCP

DES

1536

SHA

863/867

860/873

861/867

836/895

855/875

15.

TCP

3DES

1536

SHA

954/817

875/881

881/885

876/881

904/866

16.

TCP

AES-128

1536

SHA

894/ 898

898/909

897/901

828/968

879/919

17.

TCP

AES-192

1536

SHA

822/962

883/894

888/894

885/889

869/910

18.

TCP

AES-256

1536

SHA

883/889

821/955

876/888

879/882

865/903

* Bandwidth measured in Mbps.

Automatic FTP upload when content changed in folder - perl script

This was rudimentary script needed to edit more, but found interesting .


#! perl -slw
use strict;
use Win32::ChangeNotify;
use threads;
#monitoring path.
my $path = 'c:\folder';

my $notify = Win32::ChangeNotify->new( $path, 0, 'FILE_NAME' );

my %last;
@last{ glob $path . '\*' } = ();

my $count = 0;
while( 1 ) {
next
unless $notify->wait( 10_000 ); # Check every 10 seconds
$notify->reset;
print $/, 'Something changed';
my @files = glob $path . '\*';
if( @files> scalar keys %last ) {
my %temp;
@temp{ @files } = ();
delete @temp{ keys %last };
#print for keys %temp;
my $k;
my $v;
while ( ($k,$v) = each %temp ) {
my $thr1 = threads->create(\&load, $k,$count);
}
}
else {
print "A non-deletion or creation change occured";
}
undef %last;
@last{ @files } = ();
$count = $count +1;
}

sub load {
my ($file,$count) = @_;
if(fileSize($file))
{
ftp__command_generator($file,$count);
}

}
#check the file is still copying
sub fileSize {
my($filename,$count) = @_;
while(1)
{
my $value;
$value = open(FILEx,$filename);
if ($value)
{
close(FILEx);
return 1;
}
else
{
sleep(10);
}
}
}

sub ftp__command_generator {
my($Changed_file,$count) = @_;
my $outfile = "file$count.dat";
open (FILE2,">$outfile");
print (FILE2 "user USERNAME");
print (FILE2 "PASSWORD");
print (FILE2 "bin");
print (FILE2 "put \"$Changed_file\"");
print (FILE2 "quit");
close(FILE2);
system("ftp -n -s:$outfile 192.168.0.1");
}