Date: Thu, 9 Aug 2018 00:00:25 -0700 From: "David P. Discher" <dpd@dpdtech.com> To: "Andrey V. Elsukov" <bu7cher@yandex.ru> Cc: freebsd-net@freebsd.org Subject: Re: Is if_ipsec/ipsec - AESNI accelerated ? Message-ID: <62E0C365-AD64-4383-8BA4-298AA0E292F4@dpdtech.com> In-Reply-To: <dc8bea35-1770-48d0-3662-c58e72bd3d2d@yandex.ru> References: <D47976AF-A0AF-4A58-B80E-31E9DED96D26@dpdtech.com> <dc8bea35-1770-48d0-3662-c58e72bd3d2d@yandex.ru>
next in thread | previous in thread | raw e-mail | index | archive | help
> On Aug 8, 2018, at 10:37 PM, Andrey V. Elsukov <bu7cher@yandex.ru> = wrote: >=20 > On 09.08.2018 06:57, David P. Discher wrote: >> I=E2=80=99m suspecting that IPSec in FreeBSD is not leveraging AESNI = on Intel. Is this correct ? >=20 > IPsec uses crypto(9) framework that works by default without any > acceleration. You need to load aesni(4) kernel module to enable > acceleration. Also, you need to recreate security associations after > module loading to take effect. Yes. I booted with AESNI loaded =E2=80=A6 via loader.conf. Transcript = below. Two endpoint are identical hardware. -- David P. Discher=20 https://davidpdischer.com/ 408.368.3725 =E2=80=A2 dpd@dpdtech.com [ pts/0 sjc2 util201:~ ] [ dpd ] > kldstat Id Refs Address Size Name 1 32 0xffffffff80200000 2081408 kernel 2 1 0xffffffff82283000 259e0 geom_mirror.ko 3 1 0xffffffff822a9000 e568 if_bridge.ko 4 2 0xffffffff822b8000 6d28 bridgestp.ko 5 1 0xffffffff822bf000 7600 if_tap.ko 6 1 0xffffffff822c7000 f988 ipmi.ko 7 2 0xffffffff822d7000 2d10 smbus.ko 8 1 0xffffffff822da000 381130 zfs.ko 9 2 0xffffffff8265c000 a380 opensolaris.ko 10 1 0xffffffff82667000 af98 aesni.ko 11 1 0xffffffff82b11000 2328 ums.ko [ pts/0 sjc2 util201:~ ] [ dpd ] > sudo /usr/local/etc/rc.d/racoon stop Password: Stopping racoon. Waiting for PIDS: 1065. [ pts/0 sjc2 util201:~ ] [ dpd ] > sudo /usr/local/etc/rc.d/racoon start Starting racoon. [ pts/0 sjc2 util201:~ ] [ dpd ] > sudo setkey -f /usr/local/etc/racoon/setkey.conf [ pts/0 sjc2 util201:~ ] [ dpd ] > ifconfig ipsec12 ipsec12: flags=3D8151<UP,POINTOPOINT,RUNNING,PROMISC,MULTICAST> = metric 0 mtu 1350 tunnel inet 10.245.0.201 --> 10.245.0.202 inet 172.30.1.13 --> 172.30.1.14 netmask 0xfffffffc nd6 options=3D29<PERFORMNUD,IFDISABLED,AUTO_LINKLOCAL> reqid: 12 groups: ipsec [ pts/0 sjc2 util201:~ ] [ dpd ] > ping 172.30.1.14 PING 172.30.1.14 (172.30.1.14): 56 data bytes 64 bytes from 172.30.1.14: icmp_seq=3D2 ttl=3D64 time=3D0.452 ms 64 bytes from 172.30.1.14: icmp_seq=3D3 ttl=3D64 time=3D0.368 ms 64 bytes from 172.30.1.14: icmp_seq=3D4 ttl=3D64 time=3D0.353 ms ^C --- 172.30.1.14 ping statistics --- 5 packets transmitted, 3 packets received, 40.0% packet loss round-trip min/avg/max/stddev =3D 0.353/0.391/0.452/0.044 ms [ pts/0 sjc2 util201:~ ] [ dpd ] > iperf3 -c 10.245.0.202 -i 8 -t 16 Connecting to host 10.245.0.202, port 5201 [ 5] local 10.245.0.201 port 55165 connected to 10.245.0.202 = port 5201 [ ID] Interval Transfer Bitrate Retr Cwnd [ 5] 0.00-8.00 sec 887 MBytes 930 Mbits/sec 0 419 = KBytes [ 5] 8.00-16.00 sec 898 MBytes 941 Mbits/sec 0 419 = KBytes - - - - - - - - - - - - - - - - - - - - - - - - - [ ID] Interval Transfer Bitrate Retr [ 5] 0.00-16.00 sec 1.74 GBytes 936 Mbits/sec 0 = sender [ 5] 0.00-16.01 sec 1.74 GBytes 935 Mbits/sec = receiver iperf Done. [ pts/0 sjc2 util201:~ ] [ dpd ] > iperf3 -c 172.30.1.14 -i 8 -t 16 Connecting to host 172.30.1.14, port 5201 [ 5] local 172.30.1.13 port 41671 connected to 172.30.1.14 port = 5201 [ ID] Interval Transfer Bitrate Retr Cwnd [ 5] 0.00-8.00 sec 166 MBytes 174 Mbits/sec 0 64.3 = KBytes [ 5] 8.00-16.00 sec 168 MBytes 176 Mbits/sec 0 64.3 = KBytes - - - - - - - - - - - - - - - - - - - - - - - - - [ ID] Interval Transfer Bitrate Retr [ 5] 0.00-16.00 sec 334 MBytes 175 Mbits/sec 0 = sender [ 5] 0.00-16.01 sec 334 MBytes 175 Mbits/sec = receiver iperf Done. [ pts/0 sjc2 util201:~ ] [ dpd ] > uname -a FreeBSD util201.sjc2.ixsystems.com 11.2-STABLE FreeBSD = 11.2-STABLE #3: Tue Jul 24 20:57:34 UTC 2018 = root@proxima.sjc2.ixsystems.com:/usr/obj/usr/src/sys/IX amd64 [ pts/0 sjc2 util201:~ ] [ dpd ] >=
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?62E0C365-AD64-4383-8BA4-298AA0E292F4>