Date: Sat, 14 Dec 2013 14:28:36 -0500 From: Eitan Adler <lists@eitanadler.com> To: =?UTF-8?Q?Olivier_Cochard=2DLabb=C3=A9?= <olivier@cochard.me>, "freebsd-arch@freebsd.org" <arch@freebsd.org> Cc: Robert Millan <rmh@debian.org>, "debian-bsd@lists.debian.org" <debian-bsd@lists.debian.org> Subject: Re: IPSEC Message-ID: <CAF6rxgmDJZVrzaNScjNqB8YJbHK2MXaYW3BVCu7DVMcZmwPiyw@mail.gmail.com> In-Reply-To: <CA%2Bq%2BTcrSZitbJkPJFO501O1MVWe8o2o%2BP_S_a3q21NdPtSGewQ@mail.gmail.com> References: <523457A1.3090606@debian.org> <CAF6rxgntjNFdr8unFQC=OWCNs7-UDYJaE30v4heWh_EeOg1JGA@mail.gmail.com> <CA%2Bq%2BTcrSZitbJkPJFO501O1MVWe8o2o%2BP_S_a3q21NdPtSGewQ@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Hi arch@, The question below has been unanswered since Sat, Sep 14, 2013. Are there any known concerns with enabling IPSEC? Is there any reason to not do so in GENERIC? On Sun, Dec 8, 2013 at 2:02 PM, Olivier Cochard-Labb=C3=A9 <olivier@cochard.me> wrote: > On Sun, Dec 8, 2013 at 12:16 AM, Eitan Adler <lists@eitanadler.com> wrote= : >> Hi all, >> >> I understand this is an old thread but I do not see an answer here. >> Can anyone answer the question below? >> >> On Sat, Sep 14, 2013 at 8:33 AM, Robert Millan <rmh@debian.org> wrote: >>> >>> Hi! >>> >>> Is there any particular reason (performance, stability concerns...) >>> IPSEC support is not enabled in GENERIC? >>> >>> In Debian GNU/kFreeBSD we're considering enabling it in our default >>> builds, due to increased user demand and as it is already enabled for >>> our Linux-based flavours. >>> >>> However we're concerned about diverging from FreeBSD as there might be >>> unforeseen consequences. Is there any specific concern on your side? >>> >>> If not, perhaps it could be considered for HEAD after 10.0 release? >> >> > > Here are my own bench result regarding forwarding speed (paquet-per-secon= d) > with a kernel compiled without-ipsec and with ipsec (ipsec is not enabled > during the tests, just present on the kernel) of FreeBSD 10.0-PRERELEASE: > > ministat -s without-ipsec ipsec > x without-ipsec > + ipsec > +------------------------------------------------------------------------= --------+ > |x + x + +x x x + > +| > | |__________________A_____M____________| > | > | |_______________M_________A__________________________| > | > +------------------------------------------------------------------------= --------+ > N Min Max Median Avg Stdd= ev > x 5 1646075 1764528 1725461 1713080 44560.0= 59 > + 5 1685034 1833206 1724461 1748666.8 62356.2= 18 > No difference proven at 95.0% confidence > > I didn't see negative impact of enabling ipsec (it's even a little bit > better with it). > > Regards, > > Olivier --=20 Eitan Adler
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CAF6rxgmDJZVrzaNScjNqB8YJbHK2MXaYW3BVCu7DVMcZmwPiyw>