IBM: z/VM Performance Report: Secure Socket Layer Support

Secure Socket Layer Support

SSL is a TCP/IP protocol that provides privacy between two communicating applications (a client and a server). Under the SSL protocol, the server is always authenticated and must provide a certificate to prove its identity. In addition to authentication, both the client and the server participate in a handshake protocol at connect time to determine the cryptographic parameters to be used for that session.

The SSL support in TCP/IP VM is provided by a new SSL server virtual machine. The SSL server is inserted into the data flow between the client and its target server. After the handshaking completes, encrypted information from the client flows to the stack machine, then to the SSL server, where that information is decrypted, back to the stack machine, and then to the target server (FTP, for example). For outbound information, this processing and flow are reversed. The target server is unaware of whether SSL is being used so the processing it does remains unchanged.

The use of SSL brings with it additional processing requirements on both the client and server side relative to the same communications done without SSL. At connect time, there is additional handshake overhead. Then, during the session, there is processing required to encrypt/decrypt all the information that flows between client and server using the agreed-upon cipher suite. Finally, on the VM side, there is IUCV processing to implement the communications between the SSL server and the stack machine.

The measurements in this section are meant to quantify this additional processing. Two connect/disconnect workloads using a Telnet client were used to quantify the additional handshake processing. FTP was used to examine the performance impact of SSL on bulk data transfer.

All measurements in this section are for single-thread client/server interactions. The BlueZone FTP client was on a Windows NT 4.0 workstation running on a Pentium MMX 233 Mhz processor. The server was on z/VM 3.1.0 with 64-bit CP running on a 2064-109 zSeries processor configured as an LPAR with 2 dedicated processors, 1G of real storage, and 2G of expanded storage. Connectivity was through 16 Mbit IBM Token Ring. Default MTU size, DATABUFFERPOOLSIZE 32760, and DATABUFFERLIMITS 5 5 were specified.

QUERY TIME and INDICATE USER data were collected for each of the VM virtual machines involved. These are the TCP/IP stack machine (TCPIP), the SSL server (SSLSERV), and, in the case of FTP, the FTP server (FTPSERVE). The Telnet server is integrated into the TCP/IP stack machine so there is no third server virtual machine in that case.

Telnet Connect/Disconnect

The SSL protocol allows a cache of recently generated handshake output in order to eliminate much of the handshake overhead in cases where a given client makes repeated connections. The first time the client connects, the client and server go through the complete handshake and the resulting handshake output (session id plus associated information) is saved in the server's cache. This is referred to as a new session. The next time that client connects, it may pass the session id to the SSL server and if a valid copy of it is found in the server's cache, most of the handshake is bypassed. This case is referred to as a resumed session.

Whether or not this resumed session optimization is used is up to the client. Clients that include connect/disconnect in their mainline path (such as http browsers) are likely to use this optimization. Clients such as FTP and Telnet that establish a connection and then use it for a (potentially) long conversation are less likely to support this optimization. It turns out that IBM's eNetwork Personal Communications terminal emulator application (PCOMM) does both. When a disconnect and connect are done manually from the Communication menu, the optimization is not used and consequently all sessions are new sessions. When the disconnect is done implicitly by logging off the remote system and the auto-reconnect option is checked, the optimization is used and all sessions except the first are resumed sessions. This characteristic allowed us to measure both the new and resumed cases.

SSL does asymmetric encryption using a public/private key pair during the handshake protocol. VM supports two different key sizes: 512 bits and 1024 bits. The longer one provides greater security but takes more processing to encrypt and decrypt. Both cases were measured. The cipher suite negotiated during the connection handshake is only used later for the encryption and decryption of data once the session is active. It does not affect the performance of the handshake itself. The RC4_40_MD5 cipher suite was used for all of the connect/disconnect measurements.

The new session results were obtained by measuring 10 consecutive manual disconnect/connect pairs, created by using the PCOMM Communication menu. The resume session results were obtained by measuring 10 consecutive implicit disconnect/connect pairs, created by logging onto a VM userid which did an immediate logoff. In both cases, the QUERY TIME and INDICATE USER results were first adjusted to remove idling overhead (in the TCPIP and SSLSERV virtual machines) and then divided by 10 so that the reported results represent the average for one disconnect/connect pair. The new session results are presented in Table 1, while the resumed session results are in Table 2. The top section of each table contains the absolute results, while the bottom section shows the same results as ratios relative to the base case without SSL.

Table 1. SSL Performance: Telnet Connect/Disconnect - New Session

SSL bits in key pair run id	no na STELNN2	yes 512 STELNH2	yes 1024 STELNF2
SSLSERV msec total CPU/connect msec virtual CPU/connect msec CP CPU/connect virtual IOs/connect TCPIP msec total CPU/connect msec virtual CPU/connect msec CP CPU/connect virtual IOs/connect TOTAL msec total CPU/connect msec virtual CPU/connect msec CP CPU/connect virtual IOs/connect	0.0 0.0 0.0 0.0 3.0 2.0 1.0 33.0 3.0 2.0 1.0 33.0	21.0 19.0 2.0 0.0 9.0 5.0 4.0 41.3 30.0 24.0 6.0 41.3	74.0 73.0 1.0 0.6 10.0 5.0 5.0 41.0 84.0 78.0 6.0 41.6
TCPIP msec total CPU/connect msec virtual CPU/connect msec CP CPU/connect virtual IOs/connect TOTAL msec total CPU/connect msec virtual CPU/connect msec CP CPU/connect virtual IOs/connect	1.0 1.0 1.0 1.0 1.0 1.0 1.0 1.0	3.0 2.5 4.0 1.3 10.0 12.0 6.0 1.3	3.3 2.5 5.0 1.2 28.0 39.0 6.0 1.3
Note: 2064-109; LPAR; 2 dedicated processors; 1G/2G central/expanded storage; zVM 3.1.0, 64-bit CP; client workstation: Pentium MMX 233mHz; 16 Mbit IBM Token Ring; single client

The TOTAL msec total CPU/connect ratios near the bottom of the table show the approximate overall processing multipliers relative to the no-SSL base case. Note that the increase is much higher when the 1024-bit key pair is used.

A significant part of the processing in the SSL machine is due to asymmetric encryption/decryption using the public/private key pair. This is indicated by the very large increase in SSLSERV msec virtual CPU/connect when going from a 512-bit to a 1024-bit key pair. Most of the SSL processing occurs in the SSL server but there are some increases in the TCP/IP stack machine as well. The CPU and virtual I/O increases in the TCP/IP stack are mostly due to the increased traffic through the stack to support the SSL handshake protocol.

IUCV communications between the TCP/IP stack and the SSL server is a small fraction of the total SSL-related processing. This overhead shows up as CP CPU time. SSLSERV msec CP CPU/connect (2.0 msec in the 512-bit key pair case) should be an upper bound on one half of the total IUCV processor usage (the other half being charged to the TCPIP machine). TCPIP msec CP CPU/connect is higher than SSLSERV msec CP CPU/connect because CP is also heavily involved in doing I/O on behalf of TCPIP to the client through the token ring adapter.

Table 2. SSL Performance: Telnet Connect/Disconnect - Resume Session

SSL bits in key pair run id	no na STELRN2	yes 512 STELRH2	yes 1024 STELRF2
SSLSERV msec total CPU/connect msec virtual CPU/connect msec CP CPU/connect virtual IOs/connect TCPIP msec total CPU/connect msec virtual CPU/connect msec CP CPU/connect virtual IOs/connect TOTAL msec total CPU/connect msec virtual CPU/connect msec CP CPU/connect virtual IOs/connect	0.0 0.0 0.0 0.0 4.0 3.0 1.0 40.0 4.0 3.0 1.0 40.0	13.0 11.0 2.0 0.0 11.0 6.0 5.0 50.2 24.0 17.0 7.0 50.2	15.0 11.0 4.0 0.0 13.0 7.0 6.0 49.0 28.0 18.0 10.0 49.0
TCPIP msec total CPU/connect msec virtual CPU/connect msec CP CPU/connect virtual IOs/connect TOTAL msec total CPU/connect msec virtual CPU/connect msec CP CPU/connect virtual IOs/connect	1.0 1.0 1.0 1.0 1.0 1.0 1.0 1.0	2.8 2.0 5.0 1.3 6.0 5.7 7.0 1.3	3.3 2.3 6.0 1.2 7.0 6.0 10.0 1.2
Note: 2064-109; LPAR; 2 dedicated processors; 1G/2G central/expanded storage; zVM 3.1.0, 64-bit CP; client workstation: Pentium MMX 233mHz; 16 Mbit IBM Token Ring; single client

These results show the large benefits derived from the resumed session optimization. It appears that all, or nearly all, of the processing associated with the public/private key pair is eliminated because the 1024-bit key pair case performs about the same as the 512-bit case.

Note: The logon/logoff sequence used to produce the resume session case contains a small amount of additional network activity relative to the explicit connect/disconnect used to produce the new session case. That explains, for example, why TCPIP virtual IOs/connect is higher in the resume session case. Most of the differences between Table 1 and Table 2 can be attributed to resume session optimization but some differences are due to the workloads not being quite the same.

FTP Large File Transfer

SSL performance for the case of bulk data transport was evaluated using binary FTP GET of a 10M file as the workload. The file resided on a VM minidisk that was eligible for minidisk caching. The following 6 cases were measured:

no SSL
SSL using the RC4_128_MD5 cipher suite
SSL using the RC4_128_SHA cipher suite
SSL using the RC4_40_MD5 cipher suite
SSL using the RC2_40_MD5 cipher suite
SSL using the DES_56_SHA cipher suite

The FTP results are presented in Table 3. The top section of this table contains the absolute results, while the bottom section shows the same results as ratios relative to the base case without SSL. The elapsed times are from the FTP client messages. KB/sec is calculated as the file size (10240 Kilobytes) divided by FTP elapsed time. All remaining data in the table are from the QUERY TIME and INDICATE USER command output obtained before and after each measurement for each participating virtual machine.

Table 3. SSL Performance: FTP Binary Get of a 10M File on VM

SSL cipher run id	no na SGETNX1	yes rc4_128_md5 SGETAH1	yes rc4_128_sha SGETBH1	yes rc4_40_md5 SGETCH1	yes rc2_40_md5 SGETDH2	yes des_56_sha SGETEH2
elapsed time (sec) KB/sec SSLSERV total CPU time virtual CPU time CP CPU time virtual I/Os TCPIP total CPU time virtual CPU time CP CPU time virtual I/Os FTPSERVE total CPU time virtual CPU time CP CPU time virtual I/Os TOTAL total CPU time virtual CPU time CP CPU time virtual I/Os	11.17 917 0.00 0.00 0.00 0 0.54 0.38 0.16 8689 0.09 0.05 0.04 341 0.63 0.43 0.20 9030	13.59 753 1.30 1.24 0.06 0 0.90 0.53 0.37 8207 0.09 0.05 0.04 341 2.29 1.82 0.47 8548	14.39 712 1.84 1.77 0.07 0 0.89 0.53 0.36 8139 0.09 0.04 0.05 341 2.82 2.34 0.48 8480	13.68 749 1.33 1.27 0.06 0 0.96 0.56 0.40 8239 0.07 0.05 0.02 341 2.36 1.88 0.48 8580	18.10 566 2.59 2.54 0.05 0 0.88 0.53 0.35 7804 0.06 0.05 0.01 341 3.53 3.12 0.41 8145	18.43 556 5.01 4.94 0.07 0 0.95 0.57 0.38 7917 0.07 0.04 0.03 341 6.03 5.55 0.48 8258
elapsed time (sec) KB/sec TCPIP total CPU time virtual CPU time CP CPU time virtual I/Os FTPSERVE total CPU time virtual CPU time CP CPU time virtual I/Os TOTAL total CPU time virtual CPU time CP CPU time virtual I/Os	1.000 1.000 1.000 1.000 1.000 1.000 1.000 1.000 1.000 1.000 1.000 1.000 1.000 1.000	1.217 0.821 1.667 1.395 2.313 0.945 1.000 1.000 1.000 1.000 3.635 4.233 2.350 0.947	1.288 0.776 1.648 1.395 2.250 0.937 1.000 0.800 1.250 1.000 4.476 5.442 2.400 0.939	1.225 0.817 1.778 1.474 2.500 0.948 0.778 1.000 0.500 1.000 3.746 4.372 2.400 0.950	1.620 0.617 1.630 1.395 2.188 0.898 0.667 1.000 0.250 1.000 5.603 7.256 2.050 0.902	1.650 0.606 1.759 1.500 2.375 0.911 0.778 0.800 0.750 1.000 9.571 12.907 2.400 0.915
Note: 2064-109; LPAR; 2 dedicated processors; 1G/2G central/expanded storage; zVM 3.1.0, 64-bit CP; client workstation: Pentium MMX 233mHz; 16 Mbit IBM Token Ring; 512-bit session key; single client

The TOTAL total CPU time ratios near the bottom of the table show the overall processing multipliers relative to the no SSL base case. Note that SSL performance varies substantially depending on the cipher suite.

The increased TCPIP processing for SSL is essentially the same for all of the SSL cases. The only differences are probably due to run variability. The TCP/IP stack machine is simply passing data on to the SSL server and is not aware of what cipher suite is being used.

FTPSERVE's performance is the same for all 6 cases. The only differences are due to run variability. This is to be expected because the target server, in this case FTPSERVE, is unaware of the fact that SSL is being used.

All of the measurements shown in Table 3 were done using the 512-bit key pair. An additional measurement using the 1024-bit key pair confirmed that these FTP results were only slightly affected by the key pair size. Since the measurements were taken after the main FTP connections were established, key pair size would have no effect on the results were it not for the fact that FTP does the data transfer over an additional connection that is established dynamically when the FTP GET request is made. However, this connect/disconnect was a very small fraction of the total FTP GET processing.

Monitoring SSL Performance

The SSLADMIN QUERY CACHE command contains some useful performance information: total number of cache elements, number of new sessions, and number of resumed sessions. The SSLADMIN QUERY SESSIONS command tells you which cipher suite has been negotiated with each client session that is currently active.

Contents | Previous | Next