Date: Thu, 21 Sep 2023 20:24:48 +0000 From: bugzilla-noreply@freebsd.org To: bugs@FreeBSD.org Subject: [Bug 274007] IPSec asymmetric crypto broken Message-ID: <bug-274007-227@https.bugs.freebsd.org/bugzilla/>
next in thread | raw e-mail | index | archive | help
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D274007 Bug ID: 274007 Summary: IPSec asymmetric crypto broken Product: Base System Version: 13.2-STABLE Hardware: Any OS: Any Status: New Severity: Affects Only Me Priority: --- Component: kern Assignee: bugs@FreeBSD.org Reporter: tpearson@raptorengineering.com After upgrading from FreeBSD 11 to FreeBSD 13, I noticed the IPSec asymmetr= ic crypto option (net.inet.ipsec.async_crypto=3D1) no longer functions correct= ly.=20 On FreeBSD 11, enabling this option pushed the bandwidth of an accelerated (AES-NI) AES 256 GCM tunnel from ~500Mbit/s to ~800Mbit/s with no packet lo= ss, but on FreeBSD 13 it causes massive packet loss inside the tunnel, well over 20%. The hardware is AMD Opteron CPUs with Intel X520 10Gb NICs. MTU on the underlying link is set to 2000, with MTU inside the tunnel at the standard 1500. --=20 You are receiving this mail because: You are the assignee for the bug.=
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?bug-274007-227>