Do you want to make scp and rsync go faster?

LAN

One easy method to squeeze a little more speed out of file transfer tools using ssh by trying a different encryption method.

For example, we saved 15 seconds per gigabyte sent across our LAN on our SPARC Solaris servers, by using:

rsync --rsh="ssh -c arcfour" ...

or

scp -c arcfour source dest

WAN

If your problem is latency across a WAN, then HPN-SSH might be the solution.

Also, if you want secure authentication but don’t need the data encrypted, then you could use SSH with no encryption.  HPN-SSH allows the use of a ‘none” cipher.

For example, on a network with 32.5 ms RTT (ping) and Gigabit NICs, scp transfer rates increased from 1.35MB/s to around 100MB/s with HPN-SSH, 4MB buffers (TCP and SSH), and the “NONE CIPHER” enabled.

HPN_SSH Settings
  • HPNDisabled no
  • NoneEnabled=yes (optional)
Kernel Settings

All these were set to 4MB from their defaults:

  • tcp_cwnd_max
  • tcp_max_buf
  • tcp_recv_hiwat
  • tcp_xmit_hiwat

(The send and receive buffers could be set per route instead to differentiate between LAN and WAN connections).

Example of syntax (remove TcpRcvBufPoll=no on Linux and Windows):

/opt/openssh-5.9p1-hpn/bin/scp -oTcpRcvBufPoll=no -oNoneSwitch=yes -oNoneEnabled=yes sourcefile remoteserver:/destpath/destfile

If the NONE cipher is not appropriate, then HPN-SSH’s multi-threaded AES cipher might be the fastest solution for your server if it has multiple cores.  Alternatively, I’ve found arcfour used less CPU so it was better for several concurrent rsync and scp transfers, because it offered greater throughput on busy processors.

Advertisements

One thought on “Encryption vs Transfer Speed

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s