[stunnel-users] running concurrent stunnel instances

John Taylor john at fcs.uga.edu
Mon Apr 9 19:01:18 CEST 2007


I am running rsync through stunnel 4.20.  Each end is a Dell dual
cpu, dual core Xeon (each core with hyper-threading) 8 gigs of memory,
running Win 2003 Server.  The disks are 10K RPM Ultra-320 drives that use
hardware raid-5.  Right now, I have anywhere between 5 and 8 Scheduled
Tasks running at the same time.  The reason for this is that the backups
need to run in parallel in order to finish within the 15 hour time window.
Although I am not certain about an exact number, I believe I would be
transferring about 300-400 gig of data each time.

Even though I have a gigabit connection between the two servers, I
am only seeing 5-6% network utilization.  When running the same rsync
batch file without stunnel encryption, the throughput was much higher.
I would like to see about increasing my throughput with stunnel encryption
running.  I don't expect it to be as fast as running without stunnel,
but I still think I should be able to do better than 5-6% throughput.
I am also running a enhanced version of rsync that does not have any
issues with NTFS disk fragmentation, since it preallocates the files to
the final size before writing.

I think the bottleneck is the CPU.  To test out this theory, I would like
to have multiple copies of the stunnel.exe running, each using their
own config file and own port numbers.  I don't think the problem is
with rsync because it spawns a new process for each connection.  Thus,
the multiple rsync.exe processes get the advantage of running on top of
multiple cores.  This is not the case with stunnel.exe.  It only uses 1
process, but 8 threads.  I am hoping that multiple stunnel.exe instances
will fix the bottleneck because each stunnel.exe process could then be
running on it's own core.

How can I accomplish this?  Also, what is the fastest encryption cipher
that stills has good security, over 64 bit, preferably at least 128 bit.

Any help would be greatly appreciated.


Stunnel.conf on server:
   cert = my.pem
   verify = 3
   CAfile = my.pem
   socket = l:TCP_NODELAY=1
   socket = r:TCP_NODELAY=1
   debug = 5
   output = stunnel.log
   ciphers = AES128-SHA

Stunnel.conf on client:
   cert = my.pem
   taskbar = no
   socket = l:TCP_NODELAY=1
   socket = r:TCP_NODELAY=1
   debug = 5
   output = stunnel.log
   client = yes

This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

More information about the stunnel-users mailing list