I've been converting my XG bare metal setup to a VM one using KVM+QEMU as the hypervisor.
The problem here is, the Web Proxy Decryption is much faster than the new DPI Engine for TLS Decryption, but currently, only on KVM.
Some Information about the Setup.
- I'm using the VirtiO Drivers, which currently doesn't support Fast Path, but still, It's much faster than vmxnet3.
- The XG VM have full access to all CPU Flags (Also AES-NI), I'm currently using a host-passthrough for the VM.
- The XG VM have 6C/12GB RAM.
- Host have 8C/16T / 32GB RAM.
- M.2 SSD, both VM has been using VirtiO for the Disks.
Tested this using curl + nginx, the encrypted connection used TLS_AES_128_GCM_SHA256, 128 bit keys, TLS 1.2.
4GB iso file being transferred over HTTPS.
Without TLS Decryption or WebProxy | IPS+AV+ATP = ~287MB/s
With TLS Inspection | IPS+AV+ATP = ~33.5MB/s
With WebProxy + Decryption | IPS+AV+ATP = ~213MB/s
Using the new DPI engine for TLS Decryption I get hard stuck at ~35MB/s, doesn't matter the TLS traffic being decrypted.
I'm doing something wrong? I believe there's something wrong with this.
Also XG v18 GA is much faster in raw throughput than v17.5. With IPS Iperf3 has capable of 7.21 Gbits/sec with the XG VM, so CPU isn't the issue here.
This thread was automatically locked due to age.
