From owner-freebsd-net@FreeBSD.ORG  Wed Apr 19 00:00:58 2006
Return-Path: <owner-freebsd-net@FreeBSD.ORG>
X-Original-To: freebsd-net@freebsd.org
Delivered-To: freebsd-net@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 0B9D116A400
	for <freebsd-net@freebsd.org>; Wed, 19 Apr 2006 00:00:58 +0000 (UTC)
	(envelope-from sam@errno.com)
Received: from ebb.errno.com (ebb.errno.com [69.12.149.25])
	by mx1.FreeBSD.org (Postfix) with ESMTP id A237E43D45
	for <freebsd-net@freebsd.org>; Wed, 19 Apr 2006 00:00:57 +0000 (GMT)
	(envelope-from sam@errno.com)
Received: from [10.0.0.248] (trouble.errno.com [10.0.0.248])
	(authenticated bits=0)
	by ebb.errno.com (8.13.6/8.12.6) with ESMTP id k3J00qEL081629
	(version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO);
	Tue, 18 Apr 2006 17:00:53 -0700 (PDT) (envelope-from sam@errno.com)
Message-ID: <44457DB4.4030601@errno.com>
Date: Tue, 18 Apr 2006 17:00:52 -0700
From: Sam Leffler <sam@errno.com>
User-Agent: Thunderbird 1.5 (X11/20060210)
MIME-Version: 1.0
To: Mike Tancsa <mike@sentex.net>
References: <200604180244.k3I2icZj076600@white.dogwood.com>
	<bjua42ds5esbkeek8v8a9qelhtbebteqm4@4ax.com>
In-Reply-To: <bjua42ds5esbkeek8v8a9qelhtbebteqm4@4ax.com>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
Cc: freebsd-net@freebsd.org
Subject: Re: crypto accelerators
X-BeenThere: freebsd-net@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: Networking and TCP/IP with FreeBSD <freebsd-net.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-net>,
	<mailto:freebsd-net-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-net>
List-Post: <mailto:freebsd-net@freebsd.org>
List-Help: <mailto:freebsd-net-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-net>,
	<mailto:freebsd-net-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Wed, 19 Apr 2006 00:00:58 -0000

Mike Tancsa wrote:
> On Mon, 17 Apr 2006 16:44:38 -1000 (HST), in sentex.lists.freebsd.net
> you wrote:
> 
>> I've read here before (or maybe some other freebsd list) that cards
>> like the Soekris 1401 don't gain as much as you'd expect due to moving
>> packets to/from the card over the PCI bus.  But the context is usually
>> one of trying to encrypt packets to increase throughput.
>>
>> So the question is whether these cards, regardless of their affect on
>> throughput, increase usable CPU cycles?  I have several Soekris 1401
>> cards and am wondering if there would be any point to putting them
>> into some machines that provide logins over ssh.  These machines are
>> generally pretty good spec, 2.4GHz+, 1GB RAM, Intel MBs, mostly
>> on-board peripherals.
> 
> 
> The only place I found it really helpful for ssh connections was on
> our backup server where we had multiple inbound ssh connections (e.g.
> 10+ at once sending dump piped through ssh) it kept the CPU
> utilization down.  If you have just one or two, it doesnt really
> matter

Unless you're doing lots of scp's it's unlikely ssh traffic is going to 
generate large packets so offloading the crypto won't be worthwhile 
(cost to setup the h/w op probably is higher than doing the op in s/w). 
  This has been discussed previously; see for example my BSDCan 2003 paper.

	Sam