Date: Thu, 9 Aug 2018 11:13:46 +0700 From: Eugene Grosbein <eugen@grosbein.net> To: "David P. Discher" <dpd@dpdtech.com>, freebsd-net@freebsd.org Subject: Re: Is if_ipsec/ipsec - AESNI accelerated ? Message-ID: <0f4d3532-cb34-e606-4deb-593b4116495c@grosbein.net> In-Reply-To: <D47976AF-A0AF-4A58-B80E-31E9DED96D26@dpdtech.com>
index | next in thread | previous in thread | raw e-mail
09.08.2018 10:57, David P. Discher wrote: > I’m suspecting that IPSec in FreeBSD is not leveraging AESNI on Intel. Is this correct ? > > A small system, with an Atom C2758 and AESNI can hit 940-950 Mbps on a 1g copper link SCPing a file with Chiper=aes256-gcm. SSH/OpenSSL automatically uses AESNI if available. (Side Note, loading cryptodev - openSSH/SSL will grab crypto dev and cut your speed in half). Same with un-encryrpted iperf2/3, even with just a single TCP connection. > > Over an IPsec tunnel, this same system bottle necks at 180 Mbps. These systems are on the same vlan and subnet, same physical switch - so direct route. > > So, does IPSec use AESNI ? I would have at least expected 600-700 Mbps. Do you have aesni(4) driver in the kernel or loaded as module? It is present in FreeBSD since version 9.0home | help
Want to link to this message? Use this
URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?0f4d3532-cb34-e606-4deb-593b4116495c>
