[stunnel-users] running concurrent stunnel instances

Joseph Mocker mock+stunnel at fakebelieve.org
Mon Apr 9 21:24:04 CEST 2007 

One thing you could do is try different encryption ciphers. I have found 
blowfish to be much faster than others. I cannot vouch for how secure it 
is though.

  --joe

John Taylor wrote:
> Greetings,
>
> I am running rsync through stunnel 4.20.  Each end is a Dell dual
> cpu, dual core Xeon (each core with hyper-threading) 8 gigs of memory,
> running Win 2003 Server.  The disks are 10K RPM Ultra-320 drives that use
> hardware raid-5.  Right now, I have anywhere between 5 and 8 Scheduled
> Tasks running at the same time.  The reason for this is that the backups
> need to run in parallel in order to finish within the 15 hour time window.
> Although I am not certain about an exact number, I believe I would be
> transferring about 300-400 gig of data each time.
>
> Even though I have a gigabit connection between the two servers, I
> am only seeing 5-6% network utilization.  When running the same rsync
> batch file without stunnel encryption, the throughput was much higher.
> I would like to see about increasing my throughput with stunnel encryption
> running.  I don't expect it to be as fast as running without stunnel,
> but I still think I should be able to do better than 5-6% throughput.
> I am also running a enhanced version of rsync that does not have any
> issues with NTFS disk fragmentation, since it preallocates the files to
> the final size before writing.
>
> I think the bottleneck is the CPU.  To test out this theory, I would like
> to have multiple copies of the stunnel.exe running, each using their
> own config file and own port numbers.  I don't think the problem is
> with rsync because it spawns a new process for each connection.  Thus,
> the multiple rsync.exe processes get the advantage of running on top of
> multiple cores.  This is not the case with stunnel.exe.  It only uses 1
> process, but 8 threads.  I am hoping that multiple stunnel.exe instances
> will fix the bottleneck because each stunnel.exe process could then be
> running on it's own core.
>
> How can I accomplish this?  Also, what is the fastest encryption cipher
> that stills has good security, over 64 bit, preferably at least 128 bit.
>
> Any help would be greatly appreciated.
>
> Thanks,
> -John
>
> Stunnel.conf on server:
>    cert = my.pem
>    verify = 3
>    CAfile = my.pem
>    socket = l:TCP_NODELAY=1
>    socket = r:TCP_NODELAY=1
>    taskbar=no
>    debug = 5
>    output = stunnel.log
>    [rsynctnl]
>    accept=12345
>    connect=873
>    ciphers = AES128-SHA
>
> Stunnel.conf on client:
>    cert = my.pem
>    taskbar = no
>    socket = l:TCP_NODELAY=1
>    socket = r:TCP_NODELAY=1
>    debug = 5
>    output = stunnel.log
>    client = yes
>    [rsynctnl]
>    accept=12345
>    connect=10.9.8.7:12345
>
>
>

More information about the stunnel-users mailing list