Date: Fri, 18 Feb 2005 13:53:17 +0800 From: sekchye goh <sekchye@gmail.com> To: Sam Leffler <sam@errno.com> Cc: freebsd-security@freebsd.org Subject: Re: multiple crypto accelerator cards in one FreeBSD box Message-ID: <21f8a77b050217215355da2672@mail.gmail.com> In-Reply-To: <42157B60.8000404@errno.com> References: <21f8a77b0502172000693da743@mail.gmail.com> <42157B60.8000404@errno.com>
next in thread | previous in thread | raw e-mail | index | archive | help
HI Sam thanks for the enlightening answer. Initially, we are thinking of building a super duper IPSEC VPN concentrator using FreeBSD with multiple crypto accelerator cards like Soekris VPN1401 and a Gigabit interface card to terminate many many IPSEC connections in one single box. After reading your reply, I guess we will just use one crypto accelerator card in each FreeBSD box and scale up by adding more boxes. Thanks! On Thu, 17 Feb 2005 21:21:36 -0800, Sam Leffler <sam@errno.com> wrote: > sekchye goh wrote: > > Hi there! > > we are thinking of deploying a IPSEC VPN concentrator using multiple PCI bus > > version VPN1401 cards in a FreeBSD box using hifn support.. > > From the technical specs in Soekris website > > http://www.soekris.com/vpn1401.htm, > > each card can support 24 to 70 connections. The question is if we > > put 3 VPN1401 cards in a single box, does this mean the FreeBSD box can support > > 3 x (24 to 70) IPSEC connections ? > > > > Not sure where the 24-70 connection numbers come from. If it's based on > alllocating session state in on-chip SDRAM then that was removed a while > ago by moving the session state allocation to host memory. If the > numbers are representative of peak performance then I'd be curious where > they came from. Understand that you're likely to be bus-limited for > performance and adding additional cards isn't going to help unless cards > are on separate pci buses. Beware however that the current crypto code > does not manage multiple cards well. If you decide to go with multiple > cards you'll want to do some load balancing. > > Sam >
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?21f8a77b050217215355da2672>