automating commands on nodes

Robert G. Brown rgb at phy.duke.edu
Tue Jun 6 13:18:50 PDT 2000


On Tue, 6 Jun 2000, Victor Ortega wrote:

> On Tue, 6 Jun 2000, Robert G. Brown wrote:
> > I agree, although my measurements (published last week on the list) do
> > show that the bulk of the "cost" of ssh relative to rsh comes from the
> > original RSA handshake, not from the encryption.
> 
> But I believe that your benchmarks were done with copying small files;

Big ones too.  I tested a 1M file copy at 0.67 sec for ssh (using
default idea encryption) vs 0.2 sec for rsh.  I also tested e.g.
blowfish and one can interpolate a bit and still get encryption.  All
this also depends strongly on the speed of the CPUs.  A rough estimate
of 1 (extra) second for each 2 MB sent is probably not unreasonable,
although you might get 3 MB in a second on a good day or even four or
five with blowfish.  Beyond that you're approaching wirespeed.

> I am worried that forwarding a full X connection, encrypted, over ssh
> from some internal node (ssh into head node, ssh into some internal
> node, load up some big GUI) will incur a big performance penalty.  I
> tried this yesterday with a simple two-hop connection, and the GUI was
> twice as slow (it was slow enough already with just a single encrypted
> X connection going over our external 10base-T network).  Unfortunately
> I have no benchmarks for this.

Hmm, hadn't thought about this, as I try not to run graphics-heavy X
apps over any kind of shell connection -- with linux one can usually run
them locally -- although e.g. xterms and simple Tk-ish apps work fine.
I'll have to see if I can set this up to measure it.  However, at an
extra 0.5 seconds per megabyte, I agree that you won't want to play a
hi-res video game this way and that netscape should be significantly
delayed.  "Simple" X apps, though (e.g.  xterm) should be ok, and I
can't think of why one would need to run e.g.  netscape on a node.

I also have no idea if a double ssh doubles this overhead.  It might be
that a->b is encrypted and then b->c is REencrypted.  Or it might be
that the b->c transfer forwards the keys (so to speak).  I'll try to
test this as well.

   rgb

Robert G. Brown	                       http://www.phy.duke.edu/~rgb/
Duke University Dept. of Physics, Box 90305
Durham, N.C. 27708-0305
Phone: 1-919-660-2567  Fax: 919-660-2525     email:rgb at phy.duke.edu







More information about the Beowulf mailing list