Date: Thu, 17 Feb 2005 21:21:36 -0800 From: Sam Leffler <sam@errno.com> To: sekchye goh <sekchye@gmail.com> Cc: freebsd-security@freebsd.org Subject: Re: multiple crypto accelerator cards in one FreeBSD box Message-ID: <42157B60.8000404@errno.com> In-Reply-To: <21f8a77b0502172000693da743@mail.gmail.com> References: <21f8a77b0502172000693da743@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
sekchye goh wrote: > Hi there! > we are thinking of deploying a IPSEC VPN concentrator using multiple PCI bus > version VPN1401 cards in a FreeBSD box using hifn support.. > From the technical specs in Soekris website > http://www.soekris.com/vpn1401.htm, > each card can support 24 to 70 connections. The question is if we > put 3 VPN1401 cards in a single box, does this mean the FreeBSD box can support > 3 x (24 to 70) IPSEC connections ? > Not sure where the 24-70 connection numbers come from. If it's based on alllocating session state in on-chip SDRAM then that was removed a while ago by moving the session state allocation to host memory. If the numbers are representative of peak performance then I'd be curious where they came from. Understand that you're likely to be bus-limited for performance and adding additional cards isn't going to help unless cards are on separate pci buses. Beware however that the current crypto code does not manage multiple cards well. If you decide to go with multiple cards you'll want to do some load balancing. Sam
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?42157B60.8000404>