From owner-freebsd-security@FreeBSD.ORG  Fri Feb 18 18:16:36 2005
Return-Path: <owner-freebsd-security@FreeBSD.ORG>
Delivered-To: freebsd-security@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 90D0916A4CE
	for <freebsd-security@freebsd.org>;
	Fri, 18 Feb 2005 18:16:36 +0000 (GMT)
Received: from ebb.errno.com (ebb.errno.com [66.127.85.87])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 5228D43D1F
	for <freebsd-security@freebsd.org>;
	Fri, 18 Feb 2005 18:16:36 +0000 (GMT)	(envelope-from sam@errno.com)
Received: from [66.127.85.91] (sam@[66.127.85.91])
	(authenticated bits=0)
	by ebb.errno.com (8.12.9/8.12.6) with ESMTP id j1IIGZWi084775
	(version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO);
	Fri, 18 Feb 2005 10:16:35 -0800 (PST)
	(envelope-from sam@errno.com)
Message-ID: <4216312F.10609@errno.com>
Date: Fri, 18 Feb 2005 10:17:19 -0800
From: Sam Leffler <sam@errno.com>
User-Agent: Mozilla Thunderbird 1.0RC1 (X11/20041208)
X-Accept-Language: en-us, en
MIME-Version: 1.0
To: sekchye goh <sekchye@gmail.com>
References: <21f8a77b0502172000693da743@mail.gmail.com>
	<42157B60.8000404@errno.com> <21f8a77b05021722173994d3bf@mail.gmail.com>
In-Reply-To: <21f8a77b05021722173994d3bf@mail.gmail.com>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
X-Mailman-Approved-At: Fri, 18 Feb 2005 19:11:22 +0000
cc: freebsd-security@freebsd.org
Subject: Re: multiple crypto accelerator cards in one FreeBSD box
X-BeenThere: freebsd-security@freebsd.org
X-Mailman-Version: 2.1.1
Precedence: list
List-Id: Security issues [members-only posting]
	<freebsd-security.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-security>,
	<mailto:freebsd-security-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-security>
List-Post: <mailto:freebsd-security@freebsd.org>
List-Help: <mailto:freebsd-security-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-security>,
	<mailto:freebsd-security-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Fri, 18 Feb 2005 18:16:36 -0000

sekchye goh wrote:
> Hi Sam,
> 
> On Thu, 17 Feb 2005 21:21:36 -0800, Sam Leffler <sam@errno.com> wrote:
> 
>>Beware however that the current crypto code
>>does not manage multiple cards well.  If you decide to go with multiple
>>cards you'll want to do some load balancing.
> 
>  
>    just to explore the load balancing, I searched but cannot find much
> info on IPSEC load balancing with multiple crypto acceleretor cards. 
> How  do I do IPSEC load balancing with multiple cards in FreeBSD?  
> Any pointers will be much appreciated.  Thanks!

The load balancing I mentioned was for the crypto subsystem.  openbsd 
has a small change to round-robin session allocation across devices so 
you can actually use more than one crypto card in a machine.  You could 
try that though I think you'd find the results unsatisfying.  I did a 
prototype load balancer a while back that was more intelligent but never 
got it to the point where it could be committed.  I'd like to revisit 
that work this year but it will depend on time+funding.

	Sam