This is a bit off-topic but I've had to test IPSec on our firewall
testbed recently and thought that there might be some interest in the
results.  I was mainly interested in getting IPSec running on our
firewall but decided to do some throughput testing between two m68k
boxes while I had the testbed running.

Disclaimer:  
I actually used OpenBSD 2.7 as I needed quick results and I didn't have
the time to put all of the crypto stuff together properly under
NetBSD.  Is there an IPSec how-to for NetBSD out there?


Test setup:

All host interfaces are 10Base-T.  The BSD boxes are connected to a
10/100 Bay 350F switch.  The second interface on both Macs are
MacCON 10Base-T combo cards with 32KB memory.

      -----------                        ------------- 
     | Sun SPARC |  Solaris 2.6         | Sun SPARC 2 |  Solaris 2.6
     |  Voyager  |  48 MB RAM           |             |  64 MB RAM
      -----------                        ------------- 
           |                                   |
           |                                   |
      ------------                       ------------- 
     | Quadra 650 | OpenBSD 2.7         | Centris 650 |  OpenBSD 2.7
     |            | 24MB RAM            |             |  24 MB RAM
      ------------                       ------------- 
           |                                   |
            \                                 /
             \                               /
            -----------------------------------
           |   Bay 350F switch                 |
            -----------------------------------


Results:
The following throughput tests were done with ftp between two Sun SPARC
boxes.  It's not a real benchmark but it gives you some feel for the 
maximum throughput via an IPSec tunnel on a m68k box.

1) SPARC boxes directly connected to same hub - 1090KBytes/sec

2) Routing via both BSD boxes w/out encryption - 370KBytes/sec

3) IPSec ESP w/blowfish encryption and SHA1 - 70KBytes/sec

4) IPSec ESP w/3DES encryption and SHA1 - 25KBytes/sec

YMMV

One question - When running these tests, vmstat showed the CPU usage at 
100% idle even though the system was obviously heavily loaded (took
several seconds to respond to keystrokes).  Is this a problem with OpenBSD
or has anyone noticed similar problems with NetBSD as well?

Many thanks to the members of this forum as I've been running *BSD on
discarded Macs for several years.  Couldn't have done my job without them.


-Max Asato <max.asato@aero.org> 310-336-6317