Network performance

Rancher 1.x
1

I measured inter-host inter-container communication performance with iperf.
In my environment rancher “managed” network performance between containers on different hosts estimates to 25% of raw connection.

I used iperf version 2.0.5 with options: -P 1 -i 1 -p 5001 -f g -t 7
https://iperf.fr/iperf-doc.php#doc

2

Do your CPUs support AES-NI (and is it passed through BIOS and any virtualization)? Since we switched from 3DES to AES (a while ago, v0.1x) there should be minimal overhead on a modern CPU, up to around 2gbps, which seems to be the limit of aesni on typical cloud hosting Intel CPUs.

3

Here I found a way to tell if AES-NI is used (by openssl): http://openssl.6102.n7.nabble.com/having-a-lot-of-troubles-trying-to-get-AES-NI-working-td44285.html

Inside a Docker container I ran two commands two compare openssl speed with and without AES:

$ openssl speed -evp aes-128-cbc
type             16 bytes     64 bytes    256 bytes   1024 bytes   8192 bytes
aes-128-cbc     326896.54k   347654.12k   353235.29k   354700.97k   355033.09k

$ OPENSSL_ia32cap="~0x200000200000000" openssl speed -elapsed -evp aes-128-cbc
type             16 bytes     64 bytes    256 bytes   1024 bytes   8192 bytes
aes-128-cbc     159534.78k   180169.94k   185244.93k   187515.90k   187962.71k

The second test is supposed to show openssl performance with AES disabled. And indeed the second test shows about 50% performance degradation.

Does it mean I have AES-NI enabled?

I have Docker 1.8.1 on Ubuntu 12.04.

Regards,
Peter