Date: Sat, 4 Sep 2010 00:43:22 +0300 From: Kostik Belousov <kostikbel@gmail.com> To: Ricky Charlet <RCharlet@adaranet.com> Cc: "freebsd-net@freebsd.org" <freebsd-net@freebsd.org>, Ivan Voras <ivoras@freebsd.org>, "freebsd-security@freebsd.org" <freebsd-security@freebsd.org> Subject: Re: seeking current supported crypto co-processors Message-ID: <20100903214322.GU2396@deviant.kiev.zoral.com.ua> In-Reply-To: <32AB5C9615CC494997D9ABB1DB12783C024C8DE0F5@SJ-EXCH-1.adaranet.com> References: <32AB5C9615CC494997D9ABB1DB12783C024C8DE03A@SJ-EXCH-1.adaranet.com> <i5qg9s$mi9$1@dough.gmane.org> <32AB5C9615CC494997D9ABB1DB12783C024C8DE0F5@SJ-EXCH-1.adaranet.com>
next in thread | previous in thread | raw e-mail | index | archive | help
[-- Attachment #1 --] On Fri, Sep 03, 2010 at 02:26:37PM -0700, Ricky Charlet wrote: > Thanks Ivan, > > You have some valid points about performance. I was hoping not to get distracted from the main thrust of my question by performance considerations though. > > Are their PCIe attachable crypto co-processors with current vendor support for FreeBSD8.x? If anyone else reading this thread want's to chime in with info about current supported crypto co-processors that plug in via PCIe, please drop a note. > > > However, I think you do deserve a reply on the performance topic... > > I am close enough to agreeing with you to not argue much about whether modern CPU parts can saturate a 1 Gb link with crypto data. The CPU part I am currently married to (a touch old but not that bad), seems to be able to through around 200Mb of IP-ESP data around. However, in spite of these observations, I would prefer if my system could handle that throughput load and yet have CPU power left over for other tasks. > > I'm very attracted to Andre's mention of "newer x86/amd64 > CPU's see: http://en.wikipedia.org/wiki/AES_instruction_set". Does > anyone know if FreeBSD supports or will support this through either > /dev/crypto or through openssl (or any other mechanism I guess)? I believe recent OpenSSL 1.x supports AESNI in usermode. For the AES acceleration in the kernel and /dev/crypto support see the aesni driver in the recent HEAD, working both on i386 and amd64 architectures. I had a plan to merge the driver into RELENG_8, but it is stalled due to some issues (not related to the driver quality). [-- Attachment #2 --] -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (FreeBSD) iEYEARECAAYFAkyBa/oACgkQC3+MBN1Mb4hzagCfQwfaUXSrtGyvMnfKhFKt1nyW qNEAoIjEPKRs2rqgeh690BXCda/qnmrX =xjfx -----END PGP SIGNATURE-----
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20100903214322.GU2396>