[stunnel-users] running concurrent stunnel instances
Joseph Mocker
mock+stunnel at fakebelieve.org
Mon Apr 9 21:24:04 CEST 2007
One thing you could do is try different encryption ciphers. I have found
blowfish to be much faster than others. I cannot vouch for how secure it
is though.
--joe
John Taylor wrote:
> Greetings,
>
> I am running rsync through stunnel 4.20. Each end is a Dell dual
> cpu, dual core Xeon (each core with hyper-threading) 8 gigs of memory,
> running Win 2003 Server. The disks are 10K RPM Ultra-320 drives that use
> hardware raid-5. Right now, I have anywhere between 5 and 8 Scheduled
> Tasks running at the same time. The reason for this is that the backups
> need to run in parallel in order to finish within the 15 hour time window.
> Although I am not certain about an exact number, I believe I would be
> transferring about 300-400 gig of data each time.
>
> Even though I have a gigabit connection between the two servers, I
> am only seeing 5-6% network utilization. When running the same rsync
> batch file without stunnel encryption, the throughput was much higher.
> I would like to see about increasing my throughput with stunnel encryption
> running. I don't expect it to be as fast as running without stunnel,
> but I still think I should be able to do better than 5-6% throughput.
> I am also running a enhanced version of rsync that does not have any
> issues with NTFS disk fragmentation, since it preallocates the files to
> the final size before writing.
>
> I think the bottleneck is the CPU. To test out this theory, I would like
> to have multiple copies of the stunnel.exe running, each using their
> own config file and own port numbers. I don't think the problem is
> with rsync because it spawns a new process for each connection. Thus,
> the multiple rsync.exe processes get the advantage of running on top of
> multiple cores. This is not the case with stunnel.exe. It only uses 1
> process, but 8 threads. I am hoping that multiple stunnel.exe instances
> will fix the bottleneck because each stunnel.exe process could then be
> running on it's own core.
>
> How can I accomplish this? Also, what is the fastest encryption cipher
> that stills has good security, over 64 bit, preferably at least 128 bit.
>
> Any help would be greatly appreciated.
>
> Thanks,
> -John
>
> Stunnel.conf on server:
> cert = my.pem
> verify = 3
> CAfile = my.pem
> socket = l:TCP_NODELAY=1
> socket = r:TCP_NODELAY=1
> taskbar=no
> debug = 5
> output = stunnel.log
> [rsynctnl]
> accept=12345
> connect=873
> ciphers = AES128-SHA
>
> Stunnel.conf on client:
> cert = my.pem
> taskbar = no
> socket = l:TCP_NODELAY=1
> socket = r:TCP_NODELAY=1
> debug = 5
> output = stunnel.log
> client = yes
> [rsynctnl]
> accept=12345
> connect=10.9.8.7:12345
>
>
>
More information about the stunnel-users
mailing list