1

I have a gigabit connection between my PC and my server (iperf3 tests show ~930Mbps) and I want to be able to transfer large files as fast as possible. The hard drive on the server is connected via USB3 and it is a Rock64. With ssh (I am using btrbk with ssh) I think the bottleneck is probably ssh because of high CPU usage and hot temps (~60C). I did disable compression although I think it's disabled by default (put it in ~/.ssh/config). I only got speeds of up to 350Mbps maximum but it fluctuated a lot, I don't think the Rock64 can handle the ciphers with that much data. And after a while it slowed to a crawl (less than 1Mbps) for some reason that I'm not sure of. Restarting the transfer worked. (May not be relevant to the question).

I need a cipher that can do about 480Mbps at the least. You can probably lower that number by a bit due to realistic USB3 speeds though. Not too worried about security because it is just Ethernet connections from PC > router > server but no/weak encryption would be overkill anyway. So preferably the most secure cipher that can do above speeds.

dwf
  • 11
  • 1
  • 2
    Encryption shouldn’t effect the write speeds or transfer speeds. The data has already been encrypted by hardware (the client hardware) before the transfer has even started. I don’t understand your question. – Ramhound Dec 12 '19 at 07:52
  • @Ramhound If the sender can't keep up with the encryption, the complete transfer is slowed. – Eugen Rieck Dec 12 '19 at 09:11
  • @EugenRieck - I guess my point is that USB3 wouldn't be the bottleneck in a case like this. Any bottleneck would be with the Rockchip RK3328 SOC itself. – Ramhound Dec 12 '19 at 09:30
  • `And after a while it slowed to a crawl (less than 1Mbps) for some reason that I'm not sure of.` That sounds more like the drive being the bottleneck. Is it actually just some lame thumb drive? Also the bus speed of USB 3.0 is 5Gbps (i.e. 5000Mbps). – Tom Yan Dec 13 '19 at 00:33

2 Answers2

1

Every cipher can support 480Mbps - but many CPUs will be unable to perform that cipher fast enough. So what you are looking for is a fast-enough implementation for your CPU.

The chain of execution is 

read from disk -> encrypt -> send over network -> decrypt -> write to disk

So first all you need to make sure, it is really the encryption that hinders you

Start with nc instead of ssh

nc -l -p 9999 > /path/to/destination/file # on the receiving side
nc -N [ip.of.receiver.pc] 9999 < /path/of/original/file # on the sending side

This will take en-/decryption out of the chain and give you an idea of the actual possible speeds.

Next check whether your sending side has hardware-accelerated encryption for some ciphers. Most likely it will not, but it's worth a try.

Trying the arcfour cipher might give you hope

Eugen Rieck
  • 19,950
  • 5
  • 51
  • 46
0

I found an interesting cipher speed blog. It gives you an idea how to measure cipher speed without network.

for i in `ssh -Q cipher`; do dd if=/dev/zero bs=1M count=100 2> /dev/null \
  | ssh -c $i someuser@localhost "(time -p cat) > /dev/null" 2>&1 \
  | grep real | awk '{print "'$i': "100 / $2" MB/s" }'; done

So you can actually measure performance of the ciphers on your specific hardware.

akostadinov
  • 1,375
  • 1
  • 15
  • 22