Date: Sat, 4 Sep 2010 00:43:22 +0300 From: Kostik Belousov <kostikbel@gmail.com> To: Ricky Charlet <RCharlet@adaranet.com> Cc: "freebsd-net@freebsd.org" <freebsd-net@freebsd.org>, Ivan Voras <ivoras@freebsd.org>, "freebsd-security@freebsd.org" <freebsd-security@freebsd.org> Subject: Re: seeking current supported crypto co-processors Message-ID: <20100903214322.GU2396@deviant.kiev.zoral.com.ua> In-Reply-To: <32AB5C9615CC494997D9ABB1DB12783C024C8DE0F5@SJ-EXCH-1.adaranet.com> References: <32AB5C9615CC494997D9ABB1DB12783C024C8DE03A@SJ-EXCH-1.adaranet.com> <i5qg9s$mi9$1@dough.gmane.org> <32AB5C9615CC494997D9ABB1DB12783C024C8DE0F5@SJ-EXCH-1.adaranet.com>
next in thread | previous in thread | raw e-mail | index | archive | help
--HpNsou9EUJHn1L/v Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Fri, Sep 03, 2010 at 02:26:37PM -0700, Ricky Charlet wrote: > Thanks Ivan, >=20 > You have some valid points about performance. I was hoping not to= get distracted from the main thrust of my question by performance consider= ations though. >=20 > Are their PCIe attachable crypto co-processors with current vendo= r support for FreeBSD8.x? If anyone else reading this thread want's to chi= me in with info about current supported crypto co-processors that plug in v= ia PCIe, please drop a note. >=20 >=20 > However, I think you do deserve a reply on the performance topic.= .. >=20 > I am close enough to agreeing with you to not argue much about wh= ether modern CPU parts can saturate a 1 Gb link with crypto data. The CPU p= art I am currently married to (a touch old but not that bad), seems to be a= ble to through around 200Mb of IP-ESP data around. However, in spite of the= se observations, I would prefer if my system could handle that throughput l= oad and yet have CPU power left over for other tasks. >=20 > I'm very attracted to Andre's mention of "newer x86/amd64 > CPU's see: http://en.wikipedia.org/wiki/AES_instruction_set". Does > anyone know if FreeBSD supports or will support this through either > /dev/crypto or through openssl (or any other mechanism I guess)? I believe recent OpenSSL 1.x supports AESNI in usermode. For the AES acceleration in the kernel and /dev/crypto support see the aesni driver in the recent HEAD, working both on i386 and amd64 architectures. I had a plan to merge the driver into RELENG_8, but it is stalled due to some issues (not related to the driver quality). --HpNsou9EUJHn1L/v Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (FreeBSD) iEYEARECAAYFAkyBa/oACgkQC3+MBN1Mb4hzagCfQwfaUXSrtGyvMnfKhFKt1nyW qNEAoIjEPKRs2rqgeh690BXCda/qnmrX =xjfx -----END PGP SIGNATURE----- --HpNsou9EUJHn1L/v--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20100903214322.GU2396>