Skip site navigation (1)Skip section navigation (2) 
Date:      Fri, 7 Feb 2003 10:25:27 -0800
From:      "Sam Leffler" <sam@errno.com>
To:        "Jack Xiao" <jack_xiao99@hotmail.com>, <freebsd-security@FreeBSD.ORG>
Subject:   Re: hardware encryption under freebsd
Message-ID:  <05d201c2ced6$49f96700$52557f42@errno.com>
References:  <OE66ELVP4zi6UUG7WGM000064ef@hotmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help 
> It's said "A new in-kernel cryptographic framework (see crypto(4) and
> crypto(9)) has been imported from OpenBSD. It provides a consistent
> interface to hardware and software implementations of cryptographic
> algorithms for use by the kernel and access to cryptographic hardware for
> user-mode applications. Hardware device drivers are provided to support
> hifn-based cards ( hifn(4)) and Broadcom-based cards ( ubsec(4))."
>
> "A FAST_IPSEC kernel option now allows the IPsec implementation to use the
> kernel crypto(4) framework, along with its support for hardware
> cryptographic acceleration. More information can be found in the
> fast_ipsec(4) manual page."
>
> In this case, if I want to use hardware encryption/decryption, should I
use
> fast_ipsec instead of ipsec in the kenerl option? By the way, I am using
> FreeBSD 4.7 Release. I am also curious if anybody has such experience in
> this group before my trial. How's the performance?

4.7-release does not have the new ipsec code.  I can't recall if the crypto
code got in.

Performance depends on many factors.  Give particulars about a configuration
and the setup of the machine (e.g. firewall, client, server) and I can give
you hints.  In general I see 100% utilization of the crypto h/w under IPsec
or user load when machines are connected back-to-back with gigE interfaces.
Start loading the host with other duties (e.g. running ipfw rules) or
changing the NIC's and I can't say what you'll get.

    Sam


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?05d201c2ced6$49f96700$52557f42>