Date: Wed, 8 Aug 2018 20:57:36 -0700 From: "David P. Discher" <dpd@dpdtech.com> To: freebsd-net@freebsd.org Subject: Is if_ipsec/ipsec - AESNI accelerated ? Message-ID: <D47976AF-A0AF-4A58-B80E-31E9DED96D26@dpdtech.com>
next in thread | raw e-mail | index | archive | help
I=E2=80=99m suspecting that IPSec in FreeBSD is not leveraging AESNI on = Intel. Is this correct ? A small system, with an Atom C2758 and AESNI can hit 940-950 Mbps on a = 1g copper link SCPing a file with Chiper=3Daes256-gcm. SSH/OpenSSL = automatically uses AESNI if available. (Side Note, loading cryptodev - = openSSH/SSL will grab crypto dev and cut your speed in half). Same with = un-encryrpted iperf2/3, even with just a single TCP connection. Over an IPsec tunnel, this same system bottle necks at 180 Mbps. These = systems are on the same vlan and subnet, same physical switch - so = direct route. So, does IPSec use AESNI ? I would have at least expected 600-700 Mbps. -- David P. Discher=20 https://davidpdischer.com/
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?D47976AF-A0AF-4A58-B80E-31E9DED96D26>