From owner-freebsd-net@FreeBSD.ORG Tue Apr 18 23:50:11 2006 Return-Path: X-Original-To: freebsd-net@freebsd.org Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id B869B16A40B for ; Tue, 18 Apr 2006 23:50:11 +0000 (UTC) (envelope-from dave@dogwood.com) Received: from ms-smtp-02-eri0.socal.rr.com (ms-smtp-02-qfe0.socal.rr.com [66.75.162.134]) by mx1.FreeBSD.org (Postfix) with ESMTP id 2B89D43D45 for ; Tue, 18 Apr 2006 23:45:41 +0000 (GMT) (envelope-from dave@dogwood.com) Received: from white.dogwood.com (white.dogwood.com [66.91.140.178]) by ms-smtp-02-eri0.socal.rr.com (8.13.4/8.13.4) with ESMTP id k3INjdV6027511 for ; Tue, 18 Apr 2006 16:45:40 -0700 (PDT) Received: from white.dogwood.com (localhost.dogwood.com [127.0.0.1]) by white.dogwood.com (8.13.4/8.13.4) with ESMTP id k3INglEc085875; Tue, 18 Apr 2006 13:42:47 -1000 (HST) (envelope-from dave@white.dogwood.com) Received: (from dave@localhost) by white.dogwood.com (8.13.4/8.13.1/Submit) id k3INe2Ep085862; Tue, 18 Apr 2006 13:40:02 -1000 (HST) (envelope-from dave) From: Dave Cornejo Message-Id: <200604182340.k3INe2Ep085862@white.dogwood.com> In-Reply-To: <20060418191015.GE28496@spc.org> To: Bruce M Simpson Date: Tue, 18 Apr 2006 13:40:02 -1000 (HST) X-Mailer: ELM [version 2.4ME+ PL121h (25)] MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Content-Type: text/plain; charset=US-ASCII X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-2.0.2 (white.dogwood.com [127.0.0.1]); Tue, 18 Apr 2006 13:42:47 -1000 (HST) X-Virus-Scanned: Symantec AntiVirus Scan Engine Cc: freebsd-net@freebsd.org Subject: Re: crypto accelerators X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 18 Apr 2006 23:50:11 -0000 > On Mon, Apr 17, 2006 at 04:44:38PM -1000, Dave Cornejo wrote: > > So the question is whether these cards, regardless of their affect on > > throughput, increase usable CPU cycles? I have several Soekris 1401 > > cards and am wondering if there would be any point to putting them > > into some machines that provide logins over ssh. These machines are > > generally pretty good spec, 2.4GHz+, 1GB RAM, Intel MBs, mostly > > on-board peripherals. > > Given that spec of machine, I don't see that a hardware cipher would > offer much improvement -- and some of the available crypto accelerators > don't perform Diffie-Helmann or AES, some do. > > I myself have a ubsec(4) card, and even when I hacked OpenSSH to use > OpenSSL engine support by default (with someone else's patch), I didn't > see that much improvement (even when I forced the use of MD5, RSA and > 3DES). > > I could be wrong though - the above is qualitative not quantitative. > > Regards, > BMS it sounds like you're thinking in terms of throughput and speed of the encrypted connections, which i agree probably won't see much of an improvement. but it would seem to me that doing the heavy math off-CPU reduces the amount of work the CPU does. are these saved CPU cycles available to someone who might be doing a compilation on this machine? Doug Ambriskos answer (thanks!) implies that maybe they are. thanks, dave c