IETF Logo Mail Archive

RE: Packet Number Encryption Performance

Nick Banks <nibanks@microsoft.com> Fri, 22 June 2018 01:21 UTC

Return-Path: <nibanks@microsoft.com>
X-Original-To: quic@ietfa.amsl.com
Delivered-To: quic@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id AFFBA130DFC for <quic@ietfa.amsl.com>; Thu, 21 Jun 2018 18:21:43 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.009
X-Spam-Level:
X-Spam-Status: No, score=-2.009 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_IMAGE_RATIO_06=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, T_DKIMWL_WL_HIGH=-0.01] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=microsoft.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id pk_NxbF8E8ek for <quic@ietfa.amsl.com>; Thu, 21 Jun 2018 18:21:38 -0700 (PDT)
Received: from NAM02-CY1-obe.outbound.protection.outlook.com (mail-cys01nam02on070a.outbound.protection.outlook.com [IPv6:2a01:111:f400:fe45::70a]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 9FABF130DEF for <quic@ietf.org>; Thu, 21 Jun 2018 18:21:38 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=GfX1p6LFWpn3hdXOsmhr4S1vcxE4C0yiiCClPv5XBfc=; b=LcQDiQrGc2Sfkuij5f1ZRErA9xYwd/Q2w8+LHlrMZULTg8CuY1y+Wqgn6LaYH5H3GIG9X7EP12KJcYLmwh+DH5vr4BX2XGPEYtwyGthnPtA3OTA3NcxTkjs+ccCPBOXDbm2bNsNqcH9AJtYSR/Z2IR1Wy0J5RXZLXNlPEzN4/z4=
Received: from DM5PR2101MB0901.namprd21.prod.outlook.com (52.132.132.158) by DM5PR2101MB0869.namprd21.prod.outlook.com (10.167.110.162) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.906.8; Fri, 22 Jun 2018 01:21:37 +0000
Received: from DM5PR2101MB0901.namprd21.prod.outlook.com ([fe80::9cbd:940b:ae62:4031]) by DM5PR2101MB0901.namprd21.prod.outlook.com ([fe80::9cbd:940b:ae62:4031%4]) with mapi id 15.20.0906.013; Fri, 22 Jun 2018 01:21:37 +0000
From: Nick Banks <nibanks@microsoft.com>
To: Jana Iyengar <jri.ietf@gmail.com>, "Deval, Manasi" <manasi.deval@intel.com>
CC: QUIC WG <quic@ietf.org>
Subject: RE: Packet Number Encryption Performance
Thread-Topic: Packet Number Encryption Performance
Thread-Index: AdQJn5UDP5dBCj8oST6dWmAQqIW3NwAFy+SwAAM+xwAAAKfxMQ==
Date: Fri, 22 Jun 2018 01:21:36 +0000
Message-ID: <DM5PR2101MB0901B5F4B01EE7A81CC9E52AB3750@DM5PR2101MB0901.namprd21.prod.outlook.com>
References: <DM5PR2101MB0901FCB1094A124818A0B1FEB3760@DM5PR2101MB0901.namprd21.prod.outlook.com> <1F436ED13A22A246A59CA374CBC543998B843999@ORSMSX111.amr.corp.intel.com>, <CACpbDccFycAywCGh9pfjinRRJOA0_qnZtTGSgx-3kYeK8zqxPw@mail.gmail.com>
In-Reply-To: <CACpbDccFycAywCGh9pfjinRRJOA0_qnZtTGSgx-3kYeK8zqxPw@mail.gmail.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [66.235.10.1]
x-ms-publictraffictype: Email
x-microsoft-exchange-diagnostics: 1; DM5PR2101MB0869; 7:+QGioOw1D8gAcqV68pVTAhfKXMGSZfWNTNLfby1CBAEsB3ZM+61TZvX9R6ACQp4YfaMyKPuMHmQERjgmL5yZ61FsAFxIA5q33O1jZIph/NIcABak0bYqzNRk0otQfOKqykTlXROxSuIISxA5ZSjQYgP3TOAJTQLxeJ2N+jiHhHjzZwuyMIAMcKTEPyFlJbYIc8dbzzeyx8/0wVF//IFbLWLDLOwUtT5hDRtl3XtT6AL3RyOVIhXXOFOeSQvQ0ouW
x-ms-exchange-antispam-srfa-diagnostics: SOS;
x-ms-office365-filtering-correlation-id: 69ce27d7-1226-42ac-7850-08d5d7de7fe4
x-ms-office365-filtering-ht: Tenant
x-microsoft-antispam: UriScan:; BCL:0; PCL:0; RULEID:(7020095)(4652020)(8989110)(4534165)(4627221)(201703031133081)(201702281549075)(8990100)(5600026)(711020)(48565401081)(2017052603328)(7193020); SRVR:DM5PR2101MB0869;
x-ms-traffictypediagnostic: DM5PR2101MB0869:
authentication-results: spf=none (sender IP is ) smtp.mailfrom=nibanks@microsoft.com;
x-microsoft-antispam-prvs: <DM5PR2101MB0869D88E1A94B9F95DDA63D7B3750@DM5PR2101MB0869.namprd21.prod.outlook.com>
x-exchange-antispam-report-test: UriScan:(158342451672863)(85827821059158)(228905959029699);
x-ms-exchange-senderadcheck: 1
x-exchange-antispam-report-cfa-test: BCL:0; PCL:0; RULEID:(8211001083)(6040522)(2401047)(8121501046)(5005006)(93006095)(93001095)(3231254)(2018427008)(944501410)(52105095)(10201501046)(3002001)(6055026)(149027)(150027)(6041310)(20161123562045)(20161123558120)(20161123564045)(20161123560045)(201703131423095)(201702281528075)(20161123555045)(201703061421075)(201703061406153)(6072148)(201708071742011)(7699016); SRVR:DM5PR2101MB0869; BCL:0; PCL:0; RULEID:; SRVR:DM5PR2101MB0869;
x-forefront-prvs: 071156160B
x-forefront-antispam-report: SFV:NSPM; SFS:(10019020)(376002)(346002)(39860400002)(366004)(396003)(39380400002)(199004)(189003)(105586002)(55016002)(4326008)(97736004)(316002)(5070765005)(33656002)(110136005)(8936002)(3480700004)(99286004)(8676002)(106356001)(7736002)(81166006)(81156014)(39060400002)(66066001)(25786009)(229853002)(102836004)(53546011)(6506007)(68736007)(7696005)(733005)(76176011)(186003)(6436002)(26005)(6246003)(446003)(53936002)(2906002)(9686003)(561924002)(11346002)(476003)(3660700001)(486006)(3280700002)(236005)(5660300001)(22452003)(5890100001)(86362001)(8990500004)(86612001)(2900100001)(478600001)(54556002)(74316002)(10290500003)(54896002)(3846002)(14454004)(10090500001)(6116002)(5250100002); DIR:OUT; SFP:1102; SCL:1; SRVR:DM5PR2101MB0869; H:DM5PR2101MB0901.namprd21.prod.outlook.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; A:1; MX:1;
received-spf: None (protection.outlook.com: microsoft.com does not designate permitted sender hosts)
x-microsoft-antispam-message-info: DdmW6d+NctosF+obyN2GunaUQqidyY5dL8BSlfh544TWXzgvtvP0bBq++0sCNcEWO928dMSy7pACQ+vCtGzh++eduv8Nj7ktX8UHljdb38TKVo6xetUKbjVljK+cZppUSG8/7mLrd7L7IwBasBanizOqrND9FwNICRgwMP0v0w4E8ehi19c0FHIqUt8oF32vl2Luo4xwtk2Z+RuG7zYjkUjE+lZfkrThyF300NRMf6WKmdWf9JMjqZL6qq15TcqslWl5IhtinULrYWwmK3rbq8qW23aM0WT6fC2Kas5NmKYjRMqtcApsycFHu0pWLRgH
spamdiagnosticoutput: 1:99
spamdiagnosticmetadata: NSPM
Content-Type: multipart/alternative; boundary="_000_DM5PR2101MB0901B5F4B01EE7A81CC9E52AB3750DM5PR2101MB0901_"
MIME-Version: 1.0
X-OriginatorOrg: microsoft.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 69ce27d7-1226-42ac-7850-08d5d7de7fe4
X-MS-Exchange-CrossTenant-originalarrivaltime: 22 Jun 2018 01:21:36.9783 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 72f988bf-86f1-41af-91ab-2d7cd011db47
X-MS-Exchange-Transport-CrossTenantHeadersStamped: DM5PR2101MB0869
Archived-At: <https://mailarchive.ietf.org/arch/msg/quic/zAS3mFtUBA7Jrjl2LbWEVB_tMWs>
X-BeenThere: quic@ietf.org
X-Mailman-Version: 2.1.26
Precedence: list
List-Id: Main mailing list of the IETF QUIC working group <quic.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/quic>, <mailto:quic-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/quic/>
List-Post: <mailto:quic@ietf.org>
List-Help: <mailto:quic-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/quic>, <mailto:quic-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 22 Jun 2018 01:21:52 -0000

I used a 4 byte packet number. I computed rate simply by dividing the total number of bits encrypted (10M * 8 * size) by the total time to encrypt. It’s all in the Excel doc.

As to why the rate increases with size of the packet, that is because the per byte overhead is being reduced both in terms of function call overhead and crypto cpu cycles. Finally, why the PNE cost seems to change, I don’t know.

Sent from my Windows 10 phone
[HxS - 15254 - 16.0.10228.20075]

________________________________
From: Jana Iyengar <jri.ietf@gmail.com>
Sent: Thursday, June 21, 2018 5:55:44 PM
To: Deval, Manasi
Cc: Nick Banks; QUIC WG
Subject: Re: Packet Number Encryption Performance

Thanks for sharing these numbers, Nick! A few questions:
1. It's quite possibly I'm missing something basic, but: Assuming the same number of packets (10M in your experiments), why do smaller packets result in lower rates? Shouldn't encrypting the same number of smaller packets result in a higher rate?
2. PNE seems to add about 700-800ms of latency, which understandably decreases as % overhead as the packet size increases. But the difference in rates seems to increase as the packet size increases, which is exactly counter-intuitive. How do you compute rate?
3. What's the PN size used?


On Thu, Jun 21, 2018 at 4:25 PM Deval, Manasi <manasi.deval@intel.com<mailto:manasi.deval@intel.com>> wrote:
The 10% increase on server may be quite significant on a client machine. This may be an issue for mobile devices.

Manasi


From: QUIC [mailto:quic-bounces@ietf.org<mailto:quic-bounces@ietf.org>] On Behalf Of Nick Banks
Sent: Thursday, June 21, 2018 1:48 PM
To: quic@ietf.org<mailto:quic@ietf.org>
Subject: Packet Number Encryption Performance

Hello QUIC WG,

I recently implemented PNE for WinQuic (using bcrypt APIs) and I decided to get some performance numbers to see what the overhead of PNE was. I figured the rest of the WG might be interested.

My test just encrypts the same buffer (size dependent on the test case) 10,000,000 times and measured the time it took. The test then did the same thing, but also encrypted the packet number as well. I ran all that 10 times in total. I then collected the best times for each category to produce the following graphs and tables (full excel doc attached):

[cid:image001.png@01D4097C.184A6370]


Time (ms)

Rate (Mbps)

Bytes

NO PNE

PNE

PNE Overhead

No PNE

PNE

4

2284.671

3027.657

33%

140.064

105.692

16

2102.402

2828.204

35%

608.827

452.584

64

2198.883

2907.577

32%

2328.45

1760.92

256

2758.3

3490.28

27%

7424.86

5867.72

600

4669.283

5424.539

16%

10280

8848.68

1000

6130.139

6907.805

13%

13050.3

11581.1

1200

6458.679

7229.672

12%

14863.7

13278.6

1450

7876.312

8670.16

10%

14727.7

13379.2


I used a server grade lab machine I had at my disposal, running the latest Windows 10 Server DataCenter build. Again, these numbers are for crypto only. No QUIC or UDP is included.

Thanks,
- Nick

v2.23.0 | Report a Bug | By Email