From owner-freebsd-questions@FreeBSD.ORG  Thu May 27 20:49:16 2010
Return-Path: <owner-freebsd-questions@FreeBSD.ORG>
Delivered-To: freebsd-questions@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id 2C2301065674
	for <freebsd-questions@freebsd.org>;
	Thu, 27 May 2010 20:49:16 +0000 (UTC) (envelope-from pcc@gmx.net)
Received: from mail.gmx.net (mail.gmx.net [213.165.64.20])
	by mx1.freebsd.org (Postfix) with SMTP id 684C58FC14
	for <freebsd-questions@freebsd.org>;
	Thu, 27 May 2010 20:49:14 +0000 (UTC)
Received: (qmail 10548 invoked by uid 0); 27 May 2010 20:49:12 -0000
Received: from 84.163.211.120 by www089.gmx.net with HTTP;
	Thu, 27 May 2010 22:49:12 +0200 (CEST)
Content-Type: text/plain; charset="utf-8"
Date: Thu, 27 May 2010 22:49:12 +0200
From: "Peter Cornelius" <pcc@gmx.net>
In-Reply-To: <4BFE99EB.50208@infracaninophile.co.uk>
Message-ID: <20100527204912.143520@gmx.net>
MIME-Version: 1.0
References: <AANLkTinvU5tOZyzzeJmVU1mlXGXMIEEOXWEv5GGArSCl@mail.gmail.com>
	<4BFE99EB.50208@infracaninophile.co.uk>
To: freebsd-questions@freebsd.org
X-Authenticated: #491680
X-Flags: 0001
X-Mailer: WWW-Mail 6100 (Global Message Exchange)
X-Priority: 5
X-Provags-ID: V01U2FsdGVkX1+HQsYNR7eHXsNYwE7F3U8PT/qNlKs/pS3Pu75seC
	Uq96d8xqbw4OnIWiUryoivCi7y+ccZsYX5yg== 
Content-Transfer-Encoding: 8bit
X-GMX-UID: rauXJGIAMydhYvfVbWpldGJjaGRhZtqf
X-FuHaFi: 0.64000000000000001
Cc: kevin.wilcox@gmail.com
Subject: 'Serious' crypto? (was: FreeBSD router - large scale)
X-BeenThere: freebsd-questions@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: User questions <freebsd-questions.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
	<mailto:freebsd-questions-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-questions>
List-Post: <mailto:freebsd-questions@freebsd.org>
List-Help: <mailto:freebsd-questions-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
	<mailto:freebsd-questions-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Thu, 27 May 2010 20:49:16 -0000

Hi,

> NAT.  Doing serious crypto slows things up somewhat.

I've been pondering this since a while but thought that crypto engines on modern hardware would make 'extra' hardware accelerators obsolete?

Or is it still worthwhile to consider hardware accelerators such as the ones guys like soekris [1] and others offer? Does anyone have an idea "how much" such an accelerator may help on older vs. on newer hardware?

Would multiple engines work (and help) at all? From crypto(4), I would not guess so. One consequence would be that there may be certain limitations in using a separate accelerator once the platform comes with its own accelerator device?

Thanks,

Peter.

---

[1]  http://www.soekris.com/vpn1401.htm
-- 
GRATIS für alle GMX-Mitglieder: Die maxdome Movie-FLAT!
Jetzt freischalten unter http://portal.gmx.net/de/go/maxdome01