Date: Fri, 30 Nov 2018 18:43:16 +0300 From: Lev Serebryakov <lev@FreeBSD.org> To: =?utf-8?Q?Olivier_Cochard-Labb=C3=A9?= <olivier@freebsd.org> Cc: eugen@grosbein.net, freebsd-net@freebsd.org Subject: Re: IPsec: is it possible to encrypt transit traffic in transport mode? Message-ID: <198535239.20181130184316@serebryakov.spb.ru> In-Reply-To: <CA%2Bq%2BTcoQC=Xy_HBCo6jhoCzH0LRty=CD83kEjp_fFpsNu4sbHg@mail.gmail.com> References: <1519156224.20181130021136@serebryakov.spb.ru> <eb98de09-fe85-a978-15ef-b5c19f964f4e@grosbein.net> <881323908.20181130123008@serebryakov.spb.ru> <9ae35c3c-7af8-e513-7c20-e2d62f2b7b3e@grosbein.net> <108847324.20181130150424@serebryakov.spb.ru> <CA%2Bq%2BTcoQC=Xy_HBCo6jhoCzH0LRty=CD83kEjp_fFpsNu4sbHg@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Hello Olivier, Friday, November 30, 2018, 3:34:50 PM, you wrote: >> I'm benchmarking different possible "native" VPN configurations and I have >> gif(4) and gre(4) with and without IPsec in my battery. I have tunnel mode >> IPsec too. Problem with gif(4) and gre(4) that hey are tremendously >> expensive, and could be more expensive than IPsec itself on CPUs with AES-NI. >> So, this configuration impossible, I understand. Nothing to benchmark :-) > And what about using IPSec VTI (virtual tunneling interface) mode: if_ipsec(4) And this one too. It gives slightly more PPS than "setkey-based" tunnel mode, which is surprise for me. -- Best regards, Lev mailto:lev@FreeBSD.org
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?198535239.20181130184316>