From owner-freebsd-net@freebsd.org  Tue Nov  5 22:45:25 2019
Return-Path: <owner-freebsd-net@freebsd.org>
Delivered-To: freebsd-net@mailman.nyi.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
 by mailman.nyi.freebsd.org (Postfix) with ESMTP id D827C1A15AF
 for <freebsd-net@mailman.nyi.freebsd.org>;
 Tue,  5 Nov 2019 22:45:25 +0000 (UTC)
 (envelope-from olivier@freebsd.org)
Received: from smtp.freebsd.org (smtp.freebsd.org [96.47.72.83])
 (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
 server-signature RSA-PSS (4096 bits)
 client-signature RSA-PSS (4096 bits) client-digest SHA256)
 (Client CN "smtp.freebsd.org",
 Issuer "Let's Encrypt Authority X3" (verified OK))
 by mx1.freebsd.org (Postfix) with ESMTPS id 4774W95GsHz492w;
 Tue,  5 Nov 2019 22:45:25 +0000 (UTC)
 (envelope-from olivier@freebsd.org)
Received: from mail-pf1-f176.google.com (mail-pf1-f176.google.com
 [209.85.210.176])
 (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
 (Client CN "smtp.gmail.com", Issuer "GTS CA 1O1" (verified OK))
 (Authenticated sender: olivier/mail)
 by smtp.freebsd.org (Postfix) with ESMTPSA id 7317B3B70;
 Tue,  5 Nov 2019 22:45:25 +0000 (UTC)
 (envelope-from olivier@freebsd.org)
Received: by mail-pf1-f176.google.com with SMTP id v19so17162545pfm.3;
 Tue, 05 Nov 2019 14:45:25 -0800 (PST)
X-Gm-Message-State: APjAAAWYH2pw2Rl8fOE3+uXBdLGuz1Np9N0GbyKE0uorvcfgqk2KOmk2
 4zPAXKE6ltHfsC7jrARfOOf10BcH6C+8bo7iRwM=
X-Google-Smtp-Source: APXvYqz28BPa3GRhucwPP2+Biz2RBVD19GsSfk1NrBog3VzOmQyqywUAgqU4MCgmFxJbaHxTPObDY/vf/e3VYbQKmtg=
X-Received: by 2002:a17:90a:2ec7:: with SMTP id
 h7mr1831438pjs.125.1572993924355; 
 Tue, 05 Nov 2019 14:45:24 -0800 (PST)
MIME-Version: 1.0
References: <20191104194637.GA71627@home.opsec.eu>
 <20191105191514.GG8521@funkthat.com>
In-Reply-To: <20191105191514.GG8521@funkthat.com>
From: =?UTF-8?Q?Olivier_Cochard=2DLabb=C3=A9?= <olivier@freebsd.org>
Date: Tue, 5 Nov 2019 23:45:12 +0100
X-Gmail-Original-Message-ID: <CA+q+Tcogf6uiCX=LiENB=hpz3V-hJtKY-4m_2YYbxbuy9bFVww@mail.gmail.com>
Message-ID: <CA+q+Tcogf6uiCX=LiENB=hpz3V-hJtKY-4m_2YYbxbuy9bFVww@mail.gmail.com>
Subject: Re: 10g IPsec ?
To: John-Mark Gurney <jmg@funkthat.com>
Cc: Kurt Jaeger <pi@freebsd.org>, freebsd-net@freebsd.org
Content-Type: text/plain; charset="UTF-8"
X-Content-Filtered-By: Mailman/MimeDel 2.1.29
X-BeenThere: freebsd-net@freebsd.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Networking and TCP/IP with FreeBSD <freebsd-net.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/freebsd-net>,
 <mailto:freebsd-net-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-net/>
List-Post: <mailto:freebsd-net@freebsd.org>
List-Help: <mailto:freebsd-net-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/freebsd-net>,
 <mailto:freebsd-net-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Tue, 05 Nov 2019 22:45:25 -0000

On Tue, Nov 5, 2019 at 8:15 PM John-Mark Gurney <jmg@funkthat.com> wrote:

> AES-GCM can run at over 1GB/sec on a single core, so as long as the
> traffic can be processed by multiple threads (via multiple queues
> for example), it should be doable.
>
>
I didn't bench this setup (10Gb/s IPSec) but I believe we will have the
same problem with IPSec as with all VPN setups (like PPPoE or GRE): the
IPSec tunnel will generate one IP flow preventing load sharing between all
the NIC's RSS queues.
I'm not aware of improvement to remove this limitation.

Regards,
Olivier