Date: Tue, 5 Nov 2019 23:45:12 +0100 From: =?UTF-8?Q?Olivier_Cochard=2DLabb=C3=A9?= <olivier@freebsd.org> To: John-Mark Gurney <jmg@funkthat.com> Cc: Kurt Jaeger <pi@freebsd.org>, freebsd-net@freebsd.org Subject: Re: 10g IPsec ? Message-ID: <CA%2Bq%2BTcogf6uiCX=LiENB=hpz3V-hJtKY-4m_2YYbxbuy9bFVww@mail.gmail.com> In-Reply-To: <20191105191514.GG8521@funkthat.com> References: <20191104194637.GA71627@home.opsec.eu> <20191105191514.GG8521@funkthat.com>
index | next in thread | previous in thread | raw e-mail
On Tue, Nov 5, 2019 at 8:15 PM John-Mark Gurney <jmg@funkthat.com> wrote: > AES-GCM can run at over 1GB/sec on a single core, so as long as the > traffic can be processed by multiple threads (via multiple queues > for example), it should be doable. > > I didn't bench this setup (10Gb/s IPSec) but I believe we will have the same problem with IPSec as with all VPN setups (like PPPoE or GRE): the IPSec tunnel will generate one IP flow preventing load sharing between all the NIC's RSS queues. I'm not aware of improvement to remove this limitation. Regards, Olivierhelp
Want to link to this message? Use this
URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CA%2Bq%2BTcogf6uiCX=LiENB=hpz3V-hJtKY-4m_2YYbxbuy9bFVww>