Date: Fri, 07 Jul 2000 12:10:32 -0400 From: "Louis A. Mamakos" <louie@TransSys.COM> To: Len Conrad <lconrad@Go2France.com> Cc: freebsd-net@FreeBSD.ORG Subject: Re: KAME stable 20000704 Message-ID: <200007071610.MAA92715@whizzo.transsys.com> In-Reply-To: Your message of "Fri, 07 Jul 2000 16:45:50 %2B0200." <4.3.2.7.2.20000707162836.03d4ead0@mail.Go2France.com> References: <4.3.2.7.2.20000707162836.03d4ead0@mail.Go2France.com>
next in thread | previous in thread | raw e-mail | index | archive | help
There's no current support in KAME or OpenSSL for hardware encryption acceleration. The OpenBSD guys have support for a Hi/fn 7751-based board (see http://www.powercrypt.com which is reasonably priced.) It's supported for use in their IPSEC stack only at this point. I've got a couple of these boards that I'm playing with in my spare time. Currently, I'm learning the wonders of newbus to figure out how to port the OpenBSD driver. The powercrypt board is available with FreeBSD drivers (including for 4.0 and 5.0-current) which exports a user-mode interface for fairly "raw" access to the hardware. You might be able to use that interface to speed-up SSL operations. The Hi/fn board can support probably a couple hundred crypto contexts simultanously, if I recall correctly. That number drops quite a bit if you want to perform compression because the compression contexts are quite a bit larger. louie > Hi > > Are there any hardware-encryption boards for KAME or OpenSSL? > > We've been talking to some large accounts that have evaluated variouis VPN > solutions and had concluded that software-only VPN's just can't keep up > with large number of simultaneous tunnels. They told us some Cisco box > with hardware-encryption had the best comfort level. > > Len > > ===================== > > >As usual, KAME Project has released "stable" packages of IPv6/IPsec > >network code for the following BSD variants. > > > >--- > >bsdi3 BSDI BSD/OS http://www.bsdi.com/ > > kernel: BSD/OS 3.1 patchlevel 0 > > userland: BSD/OS 3.0 patchlevel 0 > > include: BSD/OS 3.0 patchlevel 0 + ISC BIND 4.9.7 > >bsdi4 BSDI BSD/OS 4.1 patchlevel 0 http://www.bsdi.com/ > >freebsd2 FreeBSD 2.2.8-RELEASE http://www.freebsd.org/ > >freebsd3 FreeBSD 3.4-RELEASE http://www.freebsd.org/ > >netbsd NetBSD 1.4.2 http://www.netbsd.org/ > >openbsd OpenBSD 2.7 http://www.openbsd.org/ > >--- > > > >Note: {Free,Net,Open}BSD-current have already merged the KAME source > >code, from *past* versions of KAME codebase. For differences between > >KAME kits and *BSD tree, please visit: > > http://www.kame.net/project-overview.html#release > > http://www.kame.net/dev/cvsweb.cgi/kame/COVERAGE > > > >They are free of charge but absolutely no warranty. They are avaiable > >from the following web site: > > > > http://www.kame.net/ > > > >To know the changes from the previous stable package, please refer to > >the CHANGELOG/RELNOTES file. > > > >--KAME Project > > > > > >To Unsubscribe: send mail to majordomo@FreeBSD.org > >with "unsubscribe freebsd-net" in the body of the message > > Len > http://BIND8NT.MEIway.com: ISC BIND 8 installable binary for NT4 > http://IMGate.MEIway.com: Build free, hi-perf, anti-spam mail gateways > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-net" in the body of the message To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200007071610.MAA92715>