Hi Joerg, I'm sure you've checked this already, but I'm just wondering if your LPAR is running in POWER9 or POWER9_base mode? What does the nxstat
command command return?
For example:
Original Message:
Sent: Mon July 01, 2024 09:07 AM
From: Joerg Kauke
Subject: AIX SSH performance, POWER hardware acceleration?
Hello Sandeep,
just tested the new versions of openssl and openssh...
Now scp with compression is faster then with the old version, but still not that fast as without compression:
#:~:scp -C /tmp/test.large.file svrsinst1-0:/tmp/test.large.file-1test.large.file 100% 2048MB 179.4MB/s 00:11#:~:scp /tmp/test.large.file svrsinst1-0:/tmp/test.large.file-1test.large.file 100% 2048MB 342.4MB/s 00:05
------------------------------
Joerg Kauke
Unix Administrator
COOP Switzerland
Original Message:
Sent: Wed June 26, 2024 08:52 AM
From: Sandeep Umesh
Subject: AIX SSH performance, POWER hardware acceleration?
Hello
Can you try with the latest OpenSSH 9.2.112.2400 version provided in web download pack: https://www.ibm.com/resources/mrs/assets?source=aixbp&S_PKG=openssh
It has a prereq for OpenSSL 1.1.2.2400 version available at : https://www.ibm.com/resources/mrs/assets?source=aixbp&S_PKG=openssl
In 9.2 openssh version, community has changed the default cipher to chacha20-poly1305 algorithm. This algorithm does not use the Power in-core accelerator. So, from 9.2.112.2400 version, the default Cipher is changed to aes128-ctr which should improve the performance for scp transfer.
Thanks
Regards
Sandeep Umesh
AIX Opensource Security
------------------------------
Sandeep Umesh
Original Message:
Sent: Fri June 21, 2024 11:38 AM
From: Russell Adams
Subject: AIX SSH performance, POWER hardware acceleration?
Has anyone been able to use the POWER9 compression and encryption hardware acceleration with SSH?
Unfortunately scp seems to always have poor performance, I was hoping it could be faster with the hardware acceleration. I understand that may have to be setup on both client and server, so let's assume they are both AIX with access to HW acceleration.
The only reference I have found is an undocumented sshd_config "EnableHWCompression" parameter buried in the release notes of OpenSSH 9 on the MRS site.
https://www.ibm.com/resources/mrs/assets/DirectDownload?source=aixbp&lang=en_US#lang=en_US
(fixed link)
This version includes other fixes part of previous fileset release:-------------------------------------------------------------------------------------------------------Fix for APAR Draft 17902: sshd may corrupt SYSENVIRON and affect at jobsFix for APAR IJ40247: sshd memory leak and core when multiplexing/connection sharingFix for Apar Draft 17855 : ssh public key authentication fails if no password definedFix for APAR IJ38179 : sshd won't work in Trusted Aix environment.Fix for CVE-2021-41617 : privilege escalation when AuthorizedKeysCommand/AuthorizedPrincipalsCommand are configuredFix for APAR IJ32806 : A PIPED COMMAND TO SSH COULD RETURN EAGAIN.Fix for APAR IJ33264 : OPENSSH 8.X DOES NOT SET PAG VALUEIntroducing new configuration option fipsforopenssh which enforces the following configuration: - PubkeyAcceptedKeyTypes rsa-sha2-256,rsa-sha2-512,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384 - Ciphers aes128-ctr,aes256-ctr,aes128-cbc,aes256-cbc,aes128-gcm@openssh.com,aes256-gcm@openssh.com - MACs hmac-sha1,hmac-sha2-256,hmac-sha2-512 - KexAlgorithms ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521 - DRBG uses aes256-ctr as the defaultAddition of a new configuration option EnableHwCompression to make use of Hardware compression feature in Power9 and above
It makes no mention of encryption. Given the single threaded nature of scp, I think both encryption and compression acceleration would be helpful.
------------------------------
========================
Russell Adams
https://adamssystems.nl/
========================
------------------------------