I'm trying to tweak vsftpd to achieve maximum performance for my usage:
- I have only one or two clients that connect to the server.
- File size is between ~15MB and 1GB.
- Typical transfer batch represent between 1 and 2GB of data.
For testing purposes, I'm using a tmpfs on both sides (thus eliminating any disks bottleneck) with a single 1GB file.
When SSL is disabled, performance is good, with a transfer rate at ~120MB/s (reaching the limits of gigabit networking).
With SSL enabled only for control traffic (and not data traffic), performance drops at about 112MB/s, which is still within the acceptable limits.
However, when SSL is enabled for data flows, the transfer speed drops dramatically:
- 6.7MB/s using 3DES & SHA (
ssl_ciphers=DES-CBC3-SHA
in vsftpd.conf) - 16MB/s using DES & SHA (
ssl_ciphers=DES-CBC-SHA
)
I didn't tested other ciphers, but from what I can see from the CPU usage during the transfer, it seems that vsftpd is only using a single cpu/core per client. While this can fit for large ftp sites with hundreds of clients, I'd like to avoid this behavior and use more ressources on the server.
On a side note, if you have any ideas regarding other openssl ciphers...
I just read http://unhandledexpression.com/2013/01/25/5-easy-tips-to-accelerate-ssl/ which suggests to run
openssl speed
. Depending on the results, you might want to pick another algorithm. Sadly, I have no idea how to spread the load of one encryption task to several cores.