Skip site navigation (1)Skip section navigation (2)
Date:      Thu, 9 Aug 2018 11:13:46 +0700
From:      Eugene Grosbein <eugen@grosbein.net>
To:        "David P. Discher" <dpd@dpdtech.com>, freebsd-net@freebsd.org
Subject:   Re: Is if_ipsec/ipsec - AESNI accelerated ?
Message-ID:  <0f4d3532-cb34-e606-4deb-593b4116495c@grosbein.net>
In-Reply-To: <D47976AF-A0AF-4A58-B80E-31E9DED96D26@dpdtech.com>

index | next in thread | previous in thread | raw e-mail

09.08.2018 10:57, David P. Discher wrote:

> I’m suspecting that IPSec in FreeBSD is not leveraging AESNI on Intel.  Is this correct ?
> 
> A small system, with an Atom C2758 and AESNI can hit 940-950 Mbps on a 1g copper link SCPing a file with Chiper=aes256-gcm.   SSH/OpenSSL automatically uses AESNI if available.  (Side Note, loading cryptodev - openSSH/SSL will grab crypto dev and cut your speed in half).  Same with un-encryrpted iperf2/3, even with just a single TCP connection.
> 
> Over an IPsec tunnel, this same system bottle necks at 180 Mbps.  These systems are on the same vlan and subnet, same physical switch - so direct route.
> 
> So, does IPSec use AESNI ?  I would have at least expected 600-700 Mbps.

Do you have aesni(4) driver in the kernel or loaded as module?
It is present in FreeBSD since version 9.0




home | help

Want to link to this message? Use this
URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?0f4d3532-cb34-e606-4deb-593b4116495c>