Cisco has claimed that their equipment uses hardware encryption and suffers virtually no performance impact when using encryption. Other reports we've had claimed software based encryption can cause as much as a 20% performance decrease. In order to try and verify these claims, and get a general feel for how fast different vendors equipment is, we ran a series of tests.
All tests were performed using Iperf-1.1.1. The tests took the general form of a data flow between a laptop using the specified wireless card and a Linux workstation connected via 100bT, thru an access point. Each test was run both with and without encryption, and run in both directions.
Three sets of tests were run. The first was a standard TCP flow test. The second two were UDP tests. In the case of UDP, we tested how fast we could stream UDP packets without any loss at all. We also tested UDP streams by trying to send a ~10Mbps stream and measuring how much came out the other end. Each test was run with all four combinations of client card and access point. The Access Points and PCMCIA cards were Cisco Aironet 340 series and Lucent Orinoco series.
All tests were run under Linux 2.2.14 using pcmcia-cs-3.1.18 PCMCIA drivers on the client. Results are reported from the laptop to the server / server to the laptop in megabits per second.
|
TCP with Encryption |
TCP without Encryption |
||||
|
Lucent AP |
Cisco AP |
Lucent AP |
Cisco AP |
||
|
Lucent Card |
3.6/3.7 |
4.8/2.6 |
Lucent Card |
4.7/4.7 |
4.8/4.2 |
|
Cisco Card |
1.1-3.6*/4.5 |
5.2/6.1 |
Cisco Card |
.8-2.3*/4.3 |
5.4/6.0 |
|
Lossless UDP with Encryption |
Lossless UDP without Encryption |
||||
|
Lucent AP |
Cisco AP |
Lucent AP |
Cisco AP |
||
|
Lucent Card |
4.4/4.1 |
5.8/3.3 |
Lucent Card |
5.7/5.7 |
5.9/5.9 |
|
Cisco Card |
3.0/5.7 |
6.3/7.6 |
Cisco Card |
3.7/5.7 |
6.1/7.6 |
|
Fastest UDP with Encryption |
Fastest UDP without Encryption |
||||
|
Lucent AP |
Cisco AP |
Lucent AP |
Cisco AP |
||
|
Lucent Card |
4.4/4.4 |
5.9/3.4 |
Lucent Card |
5.7/5.7 |
5.9/5.9 |
|
Cisco Card |
3.5/5.7 |
7.6/7.6 |
Cisco Card |
4.5/5.7 |
7.6/7.6 |
|
|
|
|
|
|
|
* Results on these tests were not consistent.
The clearest cases for comparison are those where the equipment being tested belonged to a single vendor. In these cases, we can see that the Lucent equipment always took a hit of at least 1Mbps when encryption was enabled. The Cisco equipment suffered little impact, probably lower than the error in our measurements. The mixed vendor cases are not quite so clear. It appears that the difficulty of performing the encryption differs from the difficulty of performing the decryption. Also, we were unable to get consistent results when sending data via TCP from the laptop using the Cisco card to the server connected behind a Lucent access point. Our number varied from under 1 Mbps to over 3 Mbps. At this time, we have not determined the cause of this variation.
The limited testing we performed seems to confirm Cisco's claim of negligable performance drop when using encryption. In addition, it seems to show that the Cisco equipment enjoys a substantial performance benefit over the Lucent equipment when encryption is not used; a benefit that only increases when encryption is enabled.
The purpose of this testing was to get an idea of the performance hit that software encryption has on network thruput. We did not test the Apple Airport since it uses the same radio hardware as the Lucent, but has a smaller processor. Hence, we assume that it's performance will be equal too or less than the Lucent AP. While a comprehensive test of the performance of all the vendors APss and PCMCIA cards would be interesting, it's beyond the scope of what we were actually trying to accomplish.
On that same note, we also did not perform any tests of range. The actual range that a certain piece of equipment delivers is largely a function of the building it is in. For that reason, we aren't sure that range tests would have any general significance.