Greetings,
I am running rsync through stunnel 4.20. Each end is a Dell dual cpu, dual core Xeon (each core with hyper-threading) 8 gigs of memory, running Win 2003 Server. The disks are 10K RPM Ultra-320 drives that use hardware raid-5. Right now, I have anywhere between 5 and 8 Scheduled Tasks running at the same time. The reason for this is that the backups need to run in parallel in order to finish within the 15 hour time window. Although I am not certain about an exact number, I believe I would be transferring about 300-400 gig of data each time.
Even though I have a gigabit connection between the two servers, I am only seeing 5-6% network utilization. When running the same rsync batch file without stunnel encryption, the throughput was much higher. I would like to see about increasing my throughput with stunnel encryption running. I don't expect it to be as fast as running without stunnel, but I still think I should be able to do better than 5-6% throughput. I am also running a enhanced version of rsync that does not have any issues with NTFS disk fragmentation, since it preallocates the files to the final size before writing.
I think the bottleneck is the CPU. To test out this theory, I would like to have multiple copies of the stunnel.exe running, each using their own config file and own port numbers. I don't think the problem is with rsync because it spawns a new process for each connection. Thus, the multiple rsync.exe processes get the advantage of running on top of multiple cores. This is not the case with stunnel.exe. It only uses 1 process, but 8 threads. I am hoping that multiple stunnel.exe instances will fix the bottleneck because each stunnel.exe process could then be running on it's own core.
How can I accomplish this? Also, what is the fastest encryption cipher that stills has good security, over 64 bit, preferably at least 128 bit.
Any help would be greatly appreciated.
Thanks, -John
Stunnel.conf on server: cert = my.pem verify = 3 CAfile = my.pem socket = l:TCP_NODELAY=1 socket = r:TCP_NODELAY=1 taskbar=no debug = 5 output = stunnel.log [rsynctnl] accept=12345 connect=873 ciphers = AES128-SHA
Stunnel.conf on client: cert = my.pem taskbar = no socket = l:TCP_NODELAY=1 socket = r:TCP_NODELAY=1 debug = 5 output = stunnel.log client = yes [rsynctnl] accept=12345 connect=10.9.8.7:12345
One thing you could do is try different encryption ciphers. I have found blowfish to be much faster than others. I cannot vouch for how secure it is though.
--joe
John Taylor wrote:
Greetings,
I am running rsync through stunnel 4.20. Each end is a Dell dual cpu, dual core Xeon (each core with hyper-threading) 8 gigs of memory, running Win 2003 Server. The disks are 10K RPM Ultra-320 drives that use hardware raid-5. Right now, I have anywhere between 5 and 8 Scheduled Tasks running at the same time. The reason for this is that the backups need to run in parallel in order to finish within the 15 hour time window. Although I am not certain about an exact number, I believe I would be transferring about 300-400 gig of data each time.
Even though I have a gigabit connection between the two servers, I am only seeing 5-6% network utilization. When running the same rsync batch file without stunnel encryption, the throughput was much higher. I would like to see about increasing my throughput with stunnel encryption running. I don't expect it to be as fast as running without stunnel, but I still think I should be able to do better than 5-6% throughput. I am also running a enhanced version of rsync that does not have any issues with NTFS disk fragmentation, since it preallocates the files to the final size before writing.
I think the bottleneck is the CPU. To test out this theory, I would like to have multiple copies of the stunnel.exe running, each using their own config file and own port numbers. I don't think the problem is with rsync because it spawns a new process for each connection. Thus, the multiple rsync.exe processes get the advantage of running on top of multiple cores. This is not the case with stunnel.exe. It only uses 1 process, but 8 threads. I am hoping that multiple stunnel.exe instances will fix the bottleneck because each stunnel.exe process could then be running on it's own core.
How can I accomplish this? Also, what is the fastest encryption cipher that stills has good security, over 64 bit, preferably at least 128 bit.
Any help would be greatly appreciated.
Thanks, -John
Stunnel.conf on server: cert = my.pem verify = 3 CAfile = my.pem socket = l:TCP_NODELAY=1 socket = r:TCP_NODELAY=1 taskbar=no debug = 5 output = stunnel.log [rsynctnl] accept=12345 connect=873 ciphers = AES128-SHA
Stunnel.conf on client: cert = my.pem taskbar = no socket = l:TCP_NODELAY=1 socket = r:TCP_NODELAY=1 debug = 5 output = stunnel.log client = yes [rsynctnl] accept=12345 connect=10.9.8.7:12345
John Taylor wrote:
Even though I have a gigabit connection between the two servers, I am only seeing 5-6% network utilization.
What about CPU utilization? You can check it with "Task Manager" tool.
I would like to see about increasing my throughput with stunnel encryption running. I don't expect it to be as fast as running without stunnel, but I still think I should be able to do better than 5-6% throughput.
I agree.
Thus, the multiple rsync.exe processes get the advantage of running on top of multiple cores. This is not the case with stunnel.exe. It only uses 1 process, but 8 threads.
You're wrong. Stunnel threads are distributed among your CPUs even on your Win 2003 Server so-called operating system. http://msdn2.microsoft.com/en-us/library/ms681917.aspx
I am hoping that multiple stunnel.exe instances will fix the bottleneck because each stunnel.exe process could then be running on it's own core.
There will be no improvement.
ciphers = AES128-SHA
Try ciphers=RC4-MD5 for best performance. See http://stunnel.mirt.net/perf.html for details of what you can expect.
If you can send me your stunnel logs (generated with "output" option) I'll possibly be able to give you some more performance hints for your system.
Any help would be greatly appreciated.
I fully agree. Enter http://stunnel.mirt.net/, click "DONATE" and follow the instructions to help. 8-)
Best regards, Mike
-
John Taylor -
Joseph Mocker -
Michal Trojnara