Folks,
We are finding a bottleneck with stunnel for video intensive apps where it will run with weighted CPU near 120% and network interface will yield 30.3Mb, whereas without stunnel the rates will top off near 53.1Mb during the 10 second intervals as reported by iftop. The peaks are higher, but this is not sustained for either case. In order to improve stunnel's performance, is it possible to use a less intensive compute processing encryption, or fork the stunnel per connection?
Thanks
jay@experts-exchange.com wrote:
We are finding a bottleneck with stunnel for video intensive apps where
it
will run with weighted CPU near 120% and network interface will yield 30.3Mb, whereas without stunnel the rates will top off near 53.1Mb
during
the 10 second intervals as reported by iftop. The peaks are higher, but this is not sustained for either case. In order to improve stunnel's performance, is it possible to use a less intensive compute processing encryption,
Add the following options to stunnel.conf: libwrap = no ciphers = RC4-MD5
or fork the stunnel per connection?
Stunnel does create separate CPU threads for individual connections, unless compiled with UCONTEXT threading mode: ./configure --with-threads=ucontext
BTW: I guess the traffic limit at 30.3Mb/s is not a result of slow symmetric encryption, unless your machine is a WRT router. There must be another issue. http://www.stunnel.org/?page=perf https://secure.wikimedia.org/wikipedia/en/wiki/Bit_rate How many new connections per second does your stunnel accept (check your log files)? Also send a sample (10KB) of your stunnel debug logs for us to review.
Mike
-
jay@experts-exchange.com -
Michal Trojnara