I've deployed a local instance of https://librespeed.org/ in order to test my LAN speeds. After changing some old cables, the speeds were good (~800mpbs symmetric).
I wanted to leave the service running and give it a URL, so I created a docker-compose.yml and gave it some labels in order to expose it through Traefik (as my other services).
To my surprise, after this change the speed was dramatically reduced (~450mbps, almost 50% decrease).
At first I blamed Traefik, but then I just disabled HTTPS and the speeds where back to ~800mbps.
What I've checked:
- All other settings and stack are exactly the same.
- TLS handshake seems to be happening only once, so this does not explain the difference.
- The cypher being used is TLS_AES_128_GCM_SHA256, 128bit keys, TLS 1.3. I didn't change any of Traefik default settings about cyphers, so this is probably Traefik's default.
- The browser used to test was Firefox 84.0.2 (64-bit).
What I'd like to know:
- Is this a common performance downgrade?
- Is Traefik really slow encrypting traffic?
- Does dockerization impact AES encryption in some way (perhaps blocking some hardware access)?
Thanks in advance
Edit: the noble people of reddit made me realize that my old CPU does not have hardware AES acceleration, so that answers most of my concerns. I think this question is still relevant anyway, at least to alert other people that this can happen).