5.2.1.4. Change Default Encryption Algorithm to AES256+GCM¶

In RTI Connext 7.0 the default encryption algorithm has changed from AES128+GCM to AES256+GCM.

In the Encryption Algorithms section we display how latency and throughput are affected by using each of the algorithms. Find here in more detail the performance differences.

As seen in the results below, latency is barely affected by this change, throughput tests where the encryption is heavily used are slightly affected.

Not using security libraries

Sample Size (Bytes)	Ave (μs)	Std (μs)	Min (μs)	Max (μs)	50% (μs)	90% (μs)	99% (μs)	99.99% (μs)	99.9999% (μs)	Reference	Diff	Diff(%)
32	17	1.2	16	62	17	18	21	47	62	17.00	0.00	0.00
64	17	1.2	16	59	17	18	22	49	59	17.00	0.00	0.00
128	18	1.2	17	61	17	18	22	48	61	17.00	0.00	0.00
256	18	1.6	17	62	18	19	26	49	62	18.00	0.00	0.00
512	20	2.5	17	76	19	21	28	53	76	19.00	0.00	0.00
1024	25	4.7	19	91	26	28	42	58	91	26.00	0.00	0.00
2048	29	26.0	21	4803	30	33	40	67	4803	30.00	0.00	0.00
4096	31	21.7	25	4935	30	35	47	69	4935	30.00	0.00	0.00
8192	44	83.5	36	4992	37	56	69	4672	4992	37.00	0.00	0.00
16384	88	27.4	47	169	87	127	141	160	169	86.00	1.00	1.16
32768	158	17.9	74	214	163	176	179	204	214	125.00	38.00	30.40
63000	187	2.8	109	229	187	188	190	222	229	186.00	1.00	0.54

No protection

Sample Size (Bytes)	Ave (μs)	Std (μs)	Min (μs)	Max (μs)	50% (μs)	90% (μs)	99% (μs)	99.99% (μs)	99.9999% (μs)	Reference	Diff	Diff(%)
32	17	1.0	16	60	17	18	21	47	60	17.00	0.00	0.00
64	17	1.1	16	61	17	18	22	48	61	17.00	0.00	0.00
128	18	1.3	17	63	18	18	24	48	63	17.00	1.00	5.88
256	18	1.3	17	61	18	19	22	49	61	18.00	0.00	0.00
512	20	2.7	17	73	19	22	29	52	73	19.00	0.00	0.00
1024	25	7.2	19	3321	26	28	40	58	3321	26.00	0.00	0.00
2048	29	27.3	21	5012	30	33	39	67	5012	30.00	0.00	0.00
4096	31	22.4	25	4965	30	35	46	70	4965	30.00	0.00	0.00
8192	44	85.5	35	4995	37	56	70	4659	4995	37.00	0.00	0.00
16384	88	26.0	47	173	88	126	141	158	173	86.00	2.00	2.33
32768	174	6.0	74	215	175	176	179	212	215	125.00	50.00	40.00
63000	162	14.3	103	221	160	186	190	210	221	159.00	1.00	0.63

RTPS Sign

Sample Size (Bytes)	Ave (μs)	Std (μs)	Min (μs)	Max (μs)	50% (μs)	90% (μs)	99% (μs)	99.99% (μs)	99.9999% (μs)	Reference	Diff	Diff(%)
32	24	1.2	23	67	24	25	28	59	67	24.00	0.00	0.00
64	24	1.3	23	66	24	25	29	57	66	24.00	0.00	0.00
128	24	1.2	23	67	24	25	28	58	67	24.00	0.00	0.00
256	25	1.4	24	70	25	25	32	59	70	25.00	0.00	0.00
512	26	1.8	24	69	25	27	33	59	69	25.00	0.00	0.00
1024	27	15.0	25	4801	27	29	37	63	4801	26.00	1.00	3.85
2048	31	13.1	28	5043	30	33	44	67	5043	30.00	0.00	0.00
4096	35	3.4	33	85	34	38	50	72	85	34.00	0.00	0.00
8192	49	10.4	44	3837	47	56	78	110	3837	46.00	1.00	2.17
16384	104	28.8	58	215	104	147	168	181	215	96.00	8.00	8.33
32768	190	3.6	90	229	190	191	194	226	229	172.00	18.00	10.46
63000	190	15.1	127	248	185	209	212	238	248	207.00	-22.00	-10.63

RTPS Encrypt

Sample Size (Bytes)	Ave (μs)	Std (μs)	Min (μs)	Max (μs)	50% (μs)	90% (μs)	99% (μs)	99.99% (μs)	99.9999% (μs)	Reference	Diff	Diff(%)
32	25	1.2	24	67	25	25	29	58	67	24.00	1.00	4.17
64	25	1.2	24	69	25	25	29	58	69	25.00	0.00	0.00
128	25	1.2	24	69	25	26	29	59	69	25.00	0.00	0.00
256	26	1.3	25	68	26	26	30	57	68	25.00	1.00	4.00
512	26	1.7	25	85	26	27	34	60	85	26.00	0.00	0.00
1024	29	7.6	26	4124	28	31	39	64	4124	27.00	1.00	3.70
2048	31	3.4	28	80	30	34	41	68	80	30.00	0.00	0.00
4096	37	17.1	35	4812	36	38	51	74	4812	35.00	1.00	2.86
8192	50	5.9	46	118	48	56	80	109	118	48.00	0.00	0.00
16384	110	31.8	61	204	109	156	176	192	204	99.00	10.00	10.10
32768	196	4.6	96	239	197	198	204	235	239	195.00	2.00	1.03
63000	221	3.8	143	262	221	223	229	259	262	219.00	2.00	0.91

RTPS Sign with Origin Auth, Data Encrypt

Sample Size (Bytes)	Ave (μs)	Std (μs)	Min (μs)	Max (μs)	50% (μs)	90% (μs)	99% (μs)	99.99% (μs)	99.9999% (μs)	Reference	Diff	Diff(%)
32	30	1.3	29	72	30	31	35	62	72	30.00	0.00	0.00
64	30	1.3	29	73	30	31	34	65	73	30.00	0.00	0.00
128	31	6.3	30	3377	31	32	36	68	3377	30.00	1.00	3.33
256	31	1.3	30	73	31	32	36	66	73	31.00	0.00	0.00
512	32	1.5	30	74	32	32	38	67	74	31.00	1.00	3.23
1024	34	9.7	32	5000	33	35	44	70	5000	33.00	0.00	0.00
2048	36	23.6	34	4729	36	38	46	75	4729	36.00	0.00	0.00
4096	43	11.7	40	4143	43	43	54	79	4143	42.00	1.00	2.38
8192	56	11.9	53	4547	55	57	84	116	4547	55.00	0.00	0.00
16384	119	31.8	70	223	118	164	186	198	223	116.00	2.00	1.72
32768	193	17.1	117	252	198	209	213	241	252	187.00	11.00	5.88
63000	239	3.1	160	288	238	240	246	278	288	236.00	2.00	0.85

RTPS Sign, Submessage Encrypt with Origin Auth, Data Encrypt

Sample Size (Bytes)	Ave (μs)	Std (μs)	Min (μs)	Max (μs)	50% (μs)	90% (μs)	99% (μs)	99.99% (μs)	99.9999% (μs)	Reference	Diff	Diff(%)
32	35	1.5	33	76	34	36	39	70	76	34.00	0.00	0.00
64	34	1.4	33	75	34	35	39	70	75	34.00	0.00	0.00
128	35	1.5	33	81	35	36	41	70	81	34.00	1.00	2.94
256	35	1.6	33	77	35	36	41	69	77	35.00	0.00	0.00
512	36	14.1	34	5056	36	37	43	85	5056	35.00	1.00	2.86
1024	38	9.3	36	4604	37	39	46	75	4604	37.00	0.00	0.00
2048	41	13.1	39	4594	40	43	49	78	4594	40.00	0.00	0.00
4096	51	4.4	46	107	50	52	73	92	107	48.00	2.00	4.17
8192	64	6.5	60	128	62	64	100	123	128	62.00	0.00	0.00
16384	130	31.7	81	231	129	175	196	212	231	127.00	2.00	1.57
32768	226	2.4	151	265	226	228	232	257	265	205.00	21.00	10.24
63000	268	4.1	192	315	268	270	277	308	315	267.00	1.00	0.38

RTPS Sign, Submessage Encrypt

Sample Size (Bytes)	Ave (μs)	Std (μs)	Min (μs)	Max (μs)	50% (μs)	90% (μs)	99% (μs)	99.99% (μs)	99.9999% (μs)	Reference	Diff	Diff(%)
32	29	1.4	27	70	28	29	34	62	70	28.00	0.00	0.00
64	29	1.3	27	72	29	30	33	62	72	28.00	1.00	3.57
128	29	5.3	27	2909	29	30	33	61	2909	29.00	0.00	0.00
256	29	1.3	27	77	29	30	34	63	77	29.00	0.00	0.00
512	30	1.5	28	86	30	31	35	67	86	30.00	0.00	0.00
1024	32	9.4	30	4083	31	34	43	67	4083	31.00	0.00	0.00
2048	35	10.6	33	3637	34	37	46	71	3637	34.00	0.00	0.00
4096	41	10.1	38	4210	41	42	50	78	4210	40.00	1.00	2.50
8192	55	13.7	51	4847	53	56	90	123	4847	53.00	0.00	0.00
16384	117	31.8	68	215	116	163	185	198	215	115.00	1.00	0.87
32768	207	4.3	108	247	207	208	213	243	247	206.00	1.00	0.48
63000	218	14.7	158	272	213	239	242	267	272	235.00	-22.00	-9.36

Perftest Scripts

To produce these tests, we executed RTI Perftest for C++98. The script used to execute the tests can be found here:

#!/bin/bash
filename=$0
script_location=$(cd "$(dirname "$filename")" || exit 255; pwd)

export datasizes="32 64 128 256 512 1024 2048 4096 8192 16384 32768 63000"
export datasizes_extended="${datasizes} 100000 500000 1048576 1548576 4194304 10485760"

export domain="2"
export exec_time=20
export num_reps=1
export instance_number=100000
export core=0

# We will use some colors to improve visibility of errors and info messages.
RED='\033[0;31m'
GREEN='\033[0;32m'
YELLOW='\033[0;33m'
BLUE='\033[0;34m'
LIGHTBLUE='\033[0;36m'
NC='\033[0m'
INFO_TAG="${GREEN}[INFO]:${NC}"
WARNING_TAG="${YELLOW}[WARNING]:${NC}"
ERROR_TAG="${RED}[ERROR]:${NC}"

export ip_machine_1="10.2.78.20"
export ip_machine_2="10.2.78.21"
export if10Gbps="enp1s0f0"
export if1Gbps="eno1"

################################################################################

function disable_colors() {
    export RED=""
    export GREEN=""
    export YELLOW=""
    export NC=""
    export BLUE=""
    export LIGHTBLUE=""
    export INFO_TAG="${GREEN}[INFO]:${NC}"
    export WARNING_TAG="${YELLOW}[WARNING]:${NC}"
    export ERROR_TAG="${RED}[ERROR]:${NC}"
}

function change_domain() {
    if [[ "$domain" == "1" ]]; then
        export domain="2"
    else
        export domain="1"
    fi
}

# Usage: execute_test <keyed/unkeyed> <rel/be> <datasizes> <batchSize>
function execute_test() {

    local keyed_unkeyed=$1
    local rel_be=$2
    local datasizes_test=$3
    local other_args=$4
    local name_suffix=$5

    local commands_string_test=$commands_string
    local tag=""

    if [[ "${keyed_unkeyed}" == "keyed" ]]; then
        commands_string_test="${commands_string_test} -keyed -instances $instance_number"
        tag="[${YELLOW}${transport}${NC}|${BLUE}K${NC}|"
    else
        tag="[${YELLOW}${transport}${NC}|${LIGHTBLUE}UK${NC}|"
    fi

    if [[ "${rel_be}" == "be" ]]; then
        commands_string_test="${commands_string_test} -bestEffort"
        tag="${tag}${YELLOW}BE${NC}]"
    else
        tag="${tag}${RED}REL${NC}]"
    fi

    tag="${tag}[${LIGHTBLUE}${lat_thr}${NC}]"

    local output_file=$output_folder/${lat_thr}_${role}_${keyed_unkeyed}_${rel_be}${name_suffix}.csv

    if [[ "$role" == "pub" ]]; then
        echo -e "${YELLOW}[TEST]: $keyed_unkeyed, $rel_be. ${NC}"
    fi

    if [[ "$NO_TASKSET" == "" ]]; then
        if [[ "$LANGUAGE" != "java" && "$LANGUAGE" != "cs" ]]; then
            export pre_command_string="taskset -c $core"
        fi
    fi

    if [[ "$LANGUAGE" == "python" ]]; then
        export pre_command_string="python3 "
    fi

    if [[ "$DOCKER" == "1" ]]; then
        export pre_command_string="taskset -c $core docker run --net=host -v /home/perfuser/rti_license_connextpro.dat:/opt/rti.com/rti_connext_dds-7.3.0/rti_license.dat rticom/perftest:7.3.0-EAR "
        executable=""
    fi

    # Get the aprox time this will take:
    total_tests=$((`wc -w <<< "$datasizes_test"` * num_reps))
    total_time=$((total_tests * exec_time))

    touch $output_file
    local no_headers=""
    local current_test=0
    for index in $(seq 1 ${num_reps}); do
        for DATALEN in ${datasizes_test}; do
            current_test=$((current_test + 1))
            export command="$pre_command_string $executable -domain $domain -dataLen $DATALEN $commands_string_test $other_args $no_headers"
            if [[ "$role" == "pub" ]]; then
                echo -e "Test ${tag} (${current_test}/${total_tests}) -- Total time = ${total_time}s"
                echo -e ${BLUE}$command${NC}
            else
                echo -e ${LIGHTBLUE}$command${NC}
            fi
            if [[ "$LANGUAGE" == "cs" && "$role" == "pub" ]]; then
                sleep 3
            fi
            if [[ "$raw" == "1" && "$role" == "sub" ]]; then
                sleep 5
            fi
            if [[ "${get_netstat_info}" == "1" ]]; then
                echo -e "${INFO_TAG} Getting netstat info before"
                netstat -s -u | grep -e "error" -e "packet" > $output_folder/${lat_thr}_${role}_${keyed_unkeyed}_${rel_be}${name_suffix}_netstat_before.txt
            fi
            eval $command >> $output_file;
            if [[ "${get_netstat_info}" == "1" ]]; then
                echo -e "${INFO_TAG} Getting netstat info after"
                netstat -s -u | grep -e "error" -e "packet" > $output_folder/${lat_thr}_${role}_${keyed_unkeyed}_${rel_be}${name_suffix}_netstat_after.txt
                touch "$output_folder/${lat_thr}_${role}_${keyed_unkeyed}_${rel_be}${name_suffix}_netstat.csv"
                python3 $script_location/../../../tools/diff_netstat_output.py \
                    -n $output_folder/${lat_thr}_${role}_${keyed_unkeyed}_${rel_be}${name_suffix}_netstat_after.txt \
                    -o $output_folder/${lat_thr}_${role}_${keyed_unkeyed}_${rel_be}${name_suffix}_netstat_before.txt \
                    -d $DATALEN $no_header_netstat \
                    -csv >> "$output_folder/${lat_thr}_${role}_${keyed_unkeyed}_${rel_be}${name_suffix}_netstat.csv"
                rm -rf $output_folder/${lat_thr}_${role}_${keyed_unkeyed}_${rel_be}${name_suffix}_netstat_*.txt
                no_header_netstat=" -nh"
            fi
            no_headers=" -noOutputHeaders"

            change_domain
        done
    done
}

################################################################################
# PARSE COMMAND LINE OPTIONS:

while [ "$1" != "" ]; do
    case $1 in
        --executable)
            executable=$2
            shift
            ;;
        --docker)
            DOCKER="1"
            ;;
        --output-folder)
            output_folder=$2
            shift
            ;;
        --sub-folder)
            sub_folder=$2
            shift
            ;;
        --role)
            export role=$2
            shift
            ;;
        --core)
            export core=$2
            shift
            ;;
        --test-kind)
            export lat_thr=$2
            shift
            ;;
        --interface1)
            export interface=$2
            shift
            ;;
        --interface2)
            export interface2=$2
            shift
            ;;
        --ip1)
            export ip1=$2
            shift
            ;;
        --ip2)
            export ip2=$2
            shift
            ;;
        --repetitions)
            export num_reps=$2
            shift
            ;;
        --domain)
            export domain=$2
            shift
            ;;
        --execution-time)
            export exec_time=$2
            shift
            ;;
        --transport)
            export transport=$2
            shift
            ;;
        --datalen)
            export datalen_input=$2
            shift
            ;;
        --file-suffix)
            export file_suffix=$2
            shift
            ;;
        --executable-suffix)
            export executable_suffix=$2
            shift
            ;;
        --extra-arguments)
            export extra_arguments=$2
            shift
            ;;
        --extra-arguments-pub)
            export extra_arguments_pub=$2
            shift
            ;;
        --extra-arguments-sub)
            export extra_arguments_sub=$2
            shift
            ;;
        --skip-no-batching)
            export skip_no_batching="1"
            ;;
        --skip-be)
            export skip_be_tests="1"
            ;;
        --skip-rel)
            export skip_rel_tests="1"
            ;;
        --skip-keyed)
            export skip_keyed_data="1"
            ;;
        --skip-large-data)
            export skip_large_data="1"
            ;;
        --large-data)
            export large_data="1"
            ;;
        --keyed)
            export skip_unkeyed="1"
            ;;
        --unkeyed)
            export skip_keyed_data="1"
            ;;
        --no-batching | --skip-batching)
            export no_batching_only="1"
            ;;
        --reliable)
            export skip_be_tests="1"
            ;;
        --best-effort)
            export skip_rel_tests="1"
            ;;
        --security)
            export security_only="$2"
            shift
            ;;
        --micro)
            export micro="1"
            ;;
        --raw | --raw-transport)
            export raw="1"
            ;;
        --tss)
            export tss="1"
            ;;
        --no-colors)
            export NO_COLORS="1"
            ;;
        --language)
            export LANGUAGE=$2
            shift
            ;;
        --loss-rate)
            export loss_rate=$2
            shift
            ;;
        --get-netstat-info | --netstat)
            export get_netstat_info="1"
            ;;
        --no-taskset)
            export NO_TASKSET="1"
            ;;
        *)
            echo -e "unknown parameter \"$1\""
            exit 255
            ;;
    esac
    shift
done

if [[ "$NO_COLORS" == "1" ]]; then
    disable_colors
fi

export folder_base="$(dirname "${executable}")"/../../..

if [[ $LANGUAGE == "java"  || "$LANGUAGE" == "cs" ]]; then
    export folder_base="$(dirname "${executable}")"/../..
fi
if [[ $tss == "1" ]]; then
    export folder_base="$(dirname "${executable}")"/../../../../..
fi

if [[ "${executable_suffix}" != "" ]]; then
    export executable="${executable}${executable_suffix}"
fi

if [[ "${sub_folder}" != "" ]]; then
    export output_folder="${output_folder}/${sub_folder}"
fi

echo -e "${INFO_TAG} Perftest executable is: $executable"
echo -e "${INFO_TAG} Output folder is: $output_folder"

################################################################################

if [[ "$LANGUAGE" == "python" ]]; then
    export skip_keyed_data="1"
    export skip_large_data="1"
    export skip_be_tests="1"
    export skip_no_batching="1"
fi

if [[ "${skip_large_data}" == "1" ]]; then
    export datasizes_extended=${datasizes}
elif [[ "${large_data}" == "1" ]]; then
    export datasizes=${datasizes_extended}
fi

if [[ "${datalen_input}" != "" ]]; then
    echo -e "${YELLOW}[TEST] Testing only for ${datalen_input}${NC}"
    export datasizes=${datalen_input}
    export datasizes_extended=${datalen_input}
    if [[ "${no_batching_only}" != "1" ]]; then
        export skip_large_data="1"
    fi
fi

if [[ "$role" != "pub" && "$role" != "sub" ]]; then
    echo -e "${ERROR_TAG} It must be either publisher or subscriber"
    exit 255
fi

if [[ "$lat_thr" != "thr" && "$lat_thr" != "lat" ]]; then
    echo -e "${ERROR_TAG} It must be either lat or thr"
    exit 255
fi

if [[ "${interface}" == "" ]]; then
    echo "Using default nics"
    export nic_publisher=${ip_machine_1}
    export nic_subscriber=${ip_machine_2}
elif [[ "${interface}" == "both" ]]; then
    export nic_publisher="enp1s0f0,eno1"
    export nic_subscriber="enp1s0f0,eno1"
    echo -e "${INFO_TAG} Using nic_publisher: ${nic_publisher}"
    echo -e "${INFO_TAG} Using nic_subscriber: ${nic_subscriber}"
else
    export nic_publisher=$interface
    echo -e "${INFO_TAG} Using nic_publisher: ${nic_publisher}"

    if [[ "${interface2}" == "" ]]; then
        export nic_subscriber=$interface
    else
        export nic_subscriber=$interface2
    fi
    echo -e "${INFO_TAG} Using nic_subscriber: ${nic_subscriber}"

    if [[ "${ip1}" != "" ]]; then
        export ip_publisher=$ip1
        echo "Using ip_publisher: ${ip_publisher}"
    fi

    if [[ "${ip2}" != "" ]]; then
        export ip_subscriber=$ip2
        echo "Using ip_subscriber: ${ip_subscriber}"
    fi

fi

export transport_string="-transport $transport"

if [[ "$transport" == "UDPv4" ]]; then

    export transport_string_pub="$transport_string -nic $nic_publisher"
    export transport_string_sub="$transport_string -nic $nic_subscriber"

    if [[ "$micro" == "1" || "$raw" == "1" ]]; then
        export transport_string_pub="$transport_string_pub -peer ${ip_subscriber}"
        export transport_string_sub="$transport_string_sub -peer ${ip_publisher}"
    fi

elif [[ "$transport" == "TCP" ]]; then
    export transport_string_pub="$transport_string \
        -nic $nic_publisher \
        -peer 0@tcpv4_lan://${ip_subscriber}:7400"
    export transport_string_sub="$transport_string \
        -nic $nic_subscriber \
        -peer 0@tcpv4_lan://${ip_publisher}:7400"
elif [[ "$transport" == "TLS" ]]; then
    export transport_string_pub="$transport_string \
        -nic $nic_publisher \
        -peer tlsv4_lan://${ip_subscriber}:7400"
    export transport_string_sub="$transport_string \
        -nic $nic_subscriber \
        -peer tlsv4_lan://${ip_publisher}:7400"
elif [[ "$transport" == "UDPv4_WAN" ]]; then
    export transport_string_pub="$transport_string \
        -nic $nic_publisher \
        -transportPublicAddress $ip_publisher:7400"
    export transport_string_sub="$transport_string \
        -nic $nic_subscriber \
        -peer 0@udpv4_wan://${ip_publisher}:7400"
else
    export transport_string_pub="$transport_string"
    export transport_string_sub="$transport_string"
fi

################################################################################

export pub_string="-pub \
        ${transport_string_pub} \
        -noPrintIntervals \
        -executionTime $exec_time"

if [[ ${lat_thr} == "lat" ]]; then
    export pub_string="$pub_string \
        -latencyTest"
fi

export sub_string="-sub \
        ${transport_string_sub} \
        -noPrintIntervals"

if [[ "$role" == "pub" ]]; then
    echo -e "$INFO_TAG Publisher side running"
    export commands_string=${pub_string}
    export extra_arguments="${extra_arguments} ${extra_arguments_pub}"
else
    echo -e "$INFO_TAG Subscriber side running"
    export commands_string=${sub_string}
    export extra_arguments="${extra_arguments} ${extra_arguments_sub}"
fi

###############################################################################

echo -e "${INFO_TAG} Executing: /set_${lat_thr}_mode.sh"
sudo /set_${lat_thr}_mode.sh
sleep 5

echo -e "${INFO_TAG} Disabling any loss rate"
sudo tc qdisc add dev $nic_publisher root netem loss 0%
sudo tc qdisc del dev $nic_publisher root netem loss 0%

if [[ "$role" == "pub" && "${loss_rate}" != "" ]]; then
    echo -e "${INFO_TAG} Setting loss rate to ${loss_rate}%"
    sudo tc qdisc add dev $nic_publisher root netem loss $loss_rate%
fi

cd $folder_base
echo -e "${INFO_TAG} Folder Base is: $PWD"
mkdir -p $output_folder

# Tests that may use batching (when doing throughput tests)
if [[ ${no_batching_only} != "1" ]]; then

    # UNKEYED
    if [[ "${skip_unkeyed}" == "" ]]; then

        # RELIABLE
        if [[ "${skip_rel_tests}" == "" ]]; then
            execute_test "unkeyed" "rel" "${datasizes_extended}" "${extra_arguments}" "$file_suffix"
        fi

        # BEST EFFORT
        if [[ "${skip_be_tests}" == "" ]]; then
            execute_test "unkeyed" "be" "${datasizes}" "${extra_arguments}" "$file_suffix"
        fi
    fi

    # KEYED
    if [[ "${skip_keyed_data}" == "" ]]; then

        # RELIABLE
        if [[ "${skip_rel_tests}" == "" ]]; then
            execute_test "keyed" "rel" "${datasizes}" "${extra_arguments}" "$file_suffix"
        fi

        # BEST EFFORT
        if [[ "${skip_be_tests}" == "" ]]; then
            execute_test "keyed" "be" "${datasizes}" "${extra_arguments}" "$file_suffix"
        fi
    fi

fi

if [[ "${skip_no_batching}" == "" || "${no_batching_only}" == "1" ]]; then
    no_batching_tests="1"
fi

# Tests that will not use batching
if [[ "${lat_thr}" == "thr" && "${no_batching_tests}" == "1" ]]; then

    if [[ "$role" == "pub" ]]; then
        export commands_string="${commands_string} -batchSize 0"
    fi

    # UNKEYED
    if [[ "${skip_unkeyed}" == "" ]]; then

        # RELIABLE
        if [[ "${skip_rel_tests}" == "" ]]; then
            execute_test "unkeyed" "rel" "${datasizes}" "${extra_arguments}" "_noBatch${file_suffix}"
        fi

        # BEST EFFORT
        if [[ "${skip_be_tests}" == "" ]]; then
            execute_test "unkeyed" "be" "${datasizes}" "${extra_arguments}" "_noBatch${file_suffix}"
        fi
    fi
fi

if [[ "$role" == "pub" && "${loss_rate}" != "" ]]; then
    echo -e "${INFO_TAG} Disabling loss rate"
    sudo tc qdisc del dev $nic_publisher root netem loss $loss_rate%
fi

#!/bin/bash
filename=$0
script_location=$(cd "$(dirname "$filename")" || exit 255; pwd)

export input_params=$@

while [ "$1" != "" ]; do
    case $1 in
        --executable)
            executable=$2
            shift
            ;;
        --security)
            export security_only=$2
            shift
            ;;
        *)
            ;;
    esac
    shift
done

echo $security_only

export folder_base="$(dirname "${executable}")"/../../..
export PATH_TO_GOVERNANCE_FILES_FOLDER=$folder_base/resource/secure

if [[ "${security_only}" == "none" || "${security_only}" == "" ]]; then
    echo -e "[Calling base_script/script.sh] -- No Security"
    "${script_location}/../base_script/script.sh" $input_params --transport UDPv4 \
        --skip-no-batching --skip-be --skip-keyed --skip-large-data \
        --file-suffix "_security_none"
    sleep 5;
fi

if [[ "${security_only}" == "no_protection" || "${security_only}" == "" ]]; then
    echo -e "[Calling base_script/script.sh] -- No Protection"
    "${script_location}/../base_script/script.sh" $input_params --transport UDPv4 \
        --skip-no-batching --skip-be --skip-keyed --skip-large-data \
        --extra-arguments "-secureGovernanceFile $PATH_TO_GOVERNANCE_FILES_FOLDER/signed_PerftestGovernance_.xml " \
        --file-suffix "_security_no_protection"
fi

if [[ "${security_only}" == "rtps_sign" || "${security_only}" == "" ]]; then
    echo -e "[Calling base_script/script.sh] -- RTPS Sign"
    "${script_location}/../base_script/script.sh" $input_params --transport UDPv4 \
        --skip-no-batching --skip-be --skip-keyed --skip-large-data \
        --extra-arguments "-secureGovernanceFile $PATH_TO_GOVERNANCE_FILES_FOLDER/signed_PerftestGovernance_RTPSSign.xml " \
        --file-suffix "_security_rtps_sign"
fi

if [[ "${security_only}" == "rtps_encrypt" || "${security_only}" == "" ]]; then
    echo -e "[Calling base_script/script.sh] -- RTPS Encrypt"
    "${script_location}/../base_script/script.sh" $input_params --transport UDPv4 \
        --skip-no-batching --skip-be --skip-keyed --skip-large-data \
        --extra-arguments "-secureGovernanceFile $PATH_TO_GOVERNANCE_FILES_FOLDER/signed_PerftestGovernance_RTPSEncrypt.xml " \
        --file-suffix "_security_rtps_encrypt"
fi

if [[ "${security_only}" == "rtps_sign_submessage_encrypt" || "${security_only}" == "" ]]; then
    echo -e "[Calling base_script/script.sh] -- RTPS Sign, Submessage Encrypt"
    "${script_location}/../base_script/script.sh" $input_params --transport UDPv4 \
        --skip-no-batching --skip-be --skip-keyed --skip-large-data \
        --extra-arguments "-secureGovernanceFile $PATH_TO_GOVERNANCE_FILES_FOLDER/signed_PerftestGovernance_SignEncryptSubmessage.xml " \
        --file-suffix "_security_rtps_sign_submessage_encrypt"
fi

if [[ "${security_only}" == "rtps_sign_submessage_encrypt_orig_data_encrypt" || "${security_only}" == "" ]]; then
    echo -e "[Calling base_script/script.sh] -- RTPS Sign, Submessage Encrypt with original auth, Data Encrypt"
    "${script_location}/../base_script/script.sh" $input_params --transport UDPv4 \
        --skip-no-batching --skip-be --skip-keyed --skip-large-data \
        --extra-arguments "-secureGovernanceFile $PATH_TO_GOVERNANCE_FILES_FOLDER/signed_PerftestGovernance_RTPSSignEncryptSubmessageWithOrigAuthEncryptData.xml " \
        --file-suffix "_security_rtps_sign_submessage_encrypt_orig_data_encrypt"
fi

if [[ "${security_only}" == "rtps_sign_orig_data_encrypt" || "${security_only}" == "" ]]; then
    echo -e "[Calling base_script/script.sh] -- RTPS Sign with Original auth, Data Encrypt"
    "${script_location}/../base_script/script.sh" $input_params --transport UDPv4 \
        --skip-no-batching --skip-be --skip-keyed --skip-large-data \
        --extra-arguments "-secureGovernanceFile $PATH_TO_GOVERNANCE_FILES_FOLDER/signed_PerftestGovernance_RTPSSignWithOrigAuthEncryptData.xml " \
        --file-suffix "_security_rtps_sign_orig_data_encrypt"
    sleep 5;
fi

Security Profiles

Test Hardware

The following hardware was used to perform these tests:

Linux Nodes

Dell R340 Servers (13 Units)
Processor: Intel Xeon E-2278G (3.4-5GHz, 8c/16t, 16MB cache, 2 memory channels @2666MHz)
RAM: 4x 16GB 2666MHz DIMM (64GB RAM)
HD: 480GB SATA SSD
NIC 1: Intel 710 dual port 10Gbps SFP
OS: Ubuntu 20.04 -- gcc 9.3.0

Switch

Dell 2048 -- 10Gbps switch (10Gbps and 1Gbps interfaces)

Not using security libraries

Sample Size (Bytes)	Total Samples	Avg Samples/s	Avg Mbps	Reference	Diff	Diff(%)
32	92267881	4607611	1179.5	1174.60	4.90	0.42
64	82062547	4097693	2098.0	2096.60	1.40	0.07
128	69652928	3478986	3562.5	3544.60	17.90	0.51
256	51606465	2577288	5278.3	5257.30	21.00	0.40
512	34180315	1706911	6991.5	6950.60	40.90	0.59
1024	20350752	1016365	8326.1	8326.10	0.00	0.00
2048	11257968	562231	9211.6	9129.40	82.20	0.90
4096	4488909	298792	9790.8	9718.90	71.90	0.74
8192	3005321	150210	9844.2	9843.80	0.40	0.00
16384	1508871	75431	9887.0	9887.00	0.00	0.00
32768	756063	37797	9908.3	9908.30	0.00	0.00
63000	393549	19674	9915.8	9915.80	0.00	0.00

No protection

Sample Size (Bytes)	Total Samples	Avg Samples/s	Avg Mbps	Reference	Diff	Diff(%)
32	92346624	4611537	1180.6	1175.10	5.50	0.47
64	82443904	4117178	2108.0	2105.00	3.00	0.14
128	69912718	3491150	3574.9	3568.60	6.30	0.18
256	51837905	2588917	5302.1	5343.00	-40.90	-0.77
512	34524496	1724402	7063.2	7037.00	26.20	0.37
1024	20348888	1016351	8326.0	8296.60	29.40	0.35
2048	11436400	571192	9358.4	9227.60	130.80	1.42
4096	4491520	298889	9794.0	9717.00	77.00	0.79
8192	3005132	150212	9844.3	9844.20	0.10	0.00
16384	1508824	75431	9887.0	9887.00	0.00	0.00
32768	756053	37797	9908.3	9908.30	0.00	0.00
63000	393543	19674	9915.8	9915.80	0.00	0.00

RTPS Sign

Sample Size (Bytes)	Total Samples	Avg Samples/s	Avg Mbps	Reference	Diff	Diff(%)
32	83595092	4174519	1068.7	1098.70	-30.00	-2.73
64	71426670	3566590	1826.1	1873.90	-47.80	-2.55
128	55436782	2768208	2834.6	2964.50	-129.90	-4.38
256	38166592	1905848	3903.2	4076.60	-173.40	-4.25
512	23659824	1181558	4839.7	5024.70	-185.00	-3.68
1024	13245408	661392	5418.1	5697.60	-279.50	-4.91
2048	7067890	352929	5782.4	6093.70	-311.30	-5.11
4096	3665058	183011	5996.9	6328.30	-331.40	-5.24
8192	2152031	107457	7042.3	7270.40	-228.10	-3.14
16384	1504042	75101	9843.7	9843.90	-0.20	-0.00
32768	754546	37714	9886.6	9886.70	-0.10	-0.00
63000	393145	19651	9904.5	9904.60	-0.10	-0.00

RTPS Encrypt

Sample Size (Bytes)	Total Samples	Avg Samples/s	Avg Mbps	Reference	Diff	Diff(%)
32	83111530	4150331	1062.5	1077.50	-15.00	-1.39
64	68993344	3445106	1763.9	1830.20	-66.30	-3.62
128	54564741	2724652	2790.0	2858.40	-68.40	-2.39
256	36891886	1842167	3772.8	3856.50	-83.70	-2.17
512	22059536	1101620	4512.2	4741.10	-228.90	-4.83
1024	12500857	624222	5113.6	5280.40	-166.80	-3.16
2048	6530536	326097	5342.8	5698.50	-355.70	-6.24
4096	3401732	169860	5566.0	5889.00	-323.00	-5.49
8192	1934638	96625	6332.5	6696.50	-364.00	-5.44
16384	1475566	73683	9657.8	9832.40	-174.60	-1.78
32768	754416	37705	9884.2	9884.20	0.00	0.00
63000	393109	19649	9903.1	9903.20	-0.10	-0.00

RTPS Sign with Origin Auth, Data Encrypt

Sample Size (Bytes)	Total Samples	Avg Samples/s	Avg Mbps	Reference	Diff	Diff(%)
32	79487330	3969229	1016.1	1033.40	-17.30	-1.67
64	64246301	3208167	1642.6	1698.80	-56.20	-3.31
128	48648768	2429274	2487.6	2565.70	-78.10	-3.04
256	31139872	1554964	3184.6	3298.00	-113.40	-3.44
512	18711409	934425	3827.4	3905.60	-78.20	-2.00
1024	10306320	514660	4216.1	4350.00	-133.90	-3.08
2048	5310588	265185	4344.8	4542.50	-197.70	-4.35
4096	2691868	134419	4404.7	4673.50	-268.80	-5.75
8192	1467758	73308	4804.3	5063.20	-258.90	-5.11
16384	1145848	57225	7500.7	7876.10	-375.40	-4.77
32768	753607	37639	9867.1	9867.20	-0.10	-0.00
63000	392805	19631	9894.2	9894.30	-0.10	-0.00

RTPS Sign, Submessage Encrypt with Origin Auth, Data Encrypt

Sample Size (Bytes)	Total Samples	Avg Samples/s	Avg Mbps	Reference	Diff	Diff(%)
32	75051176	3747777	959.4	982.80	-23.40	-2.38
64	59688456	2980578	1526.1	1535.40	-9.30	-0.61
128	42083520	2101442	2151.9	2197.50	-45.60	-2.08
256	27361472	1366468	2798.5	2872.70	-74.20	-2.58
512	15812432	789657	3234.4	3263.90	-29.50	-0.90
1024	8441344	421534	3453.2	3573.70	-120.50	-3.37
2048	4426780	221049	3621.7	3691.60	-69.90	-1.89
4096	2221100	110910	3634.3	3843.30	-209.00	-5.44
8192	1224418	61154	4007.8	4156.10	-148.30	-3.57
16384	922877	46085	6040.5	6221.10	-180.60	-2.90
32768	631365	31535	8266.8	8337.50	-70.70	-0.85
63000	391668	19559	9857.9	9883.60	-25.70	-0.26

RTPS Sign, Submessage Encrypt

Sample Size (Bytes)	Total Samples	Avg Samples/s	Avg Mbps	Reference	Diff	Diff(%)
32	79523805	3971129	1016.6	1038.60	-22.00	-2.12
64	65160448	3253677	1665.9	1703.00	-37.10	-2.18
128	48314694	2412568	2470.5	2459.60	10.90	0.44
256	32410629	1618391	3314.5	3422.70	-108.20	-3.16
512	18991824	948448	3884.8	4047.10	-162.30	-4.01
1024	10626184	530615	4346.8	4479.90	-133.10	-2.97
2048	5595416	279410	4577.9	4770.60	-192.70	-4.04
4096	2816019	140615	4607.7	4885.10	-277.40	-5.68
8192	1572440	78536	5147.0	5455.50	-308.50	-5.66
16384	1161640	58007	7603.2	8172.70	-569.50	-6.97
32768	753681	37642	9867.8	9867.80	0.00	0.00
63000	392809	19631	9894.5	9894.60	-0.10	-0.00