Date: Thu, 9 Aug 2018 11:13:46 +0700 From: Eugene Grosbein <eugen@grosbein.net> To: "David P. Discher" <dpd@dpdtech.com>, freebsd-net@freebsd.org Subject: Re: Is if_ipsec/ipsec - AESNI accelerated ? Message-ID: <0f4d3532-cb34-e606-4deb-593b4116495c@grosbein.net> In-Reply-To: <D47976AF-A0AF-4A58-B80E-31E9DED96D26@dpdtech.com> References: <D47976AF-A0AF-4A58-B80E-31E9DED96D26@dpdtech.com>
next in thread | previous in thread | raw e-mail | index | archive | help
09.08.2018 10:57, David P. Discher wrote: > I’m suspecting that IPSec in FreeBSD is not leveraging AESNI on Intel. Is this correct ? > > A small system, with an Atom C2758 and AESNI can hit 940-950 Mbps on a 1g copper link SCPing a file with Chiper=aes256-gcm. SSH/OpenSSL automatically uses AESNI if available. (Side Note, loading cryptodev - openSSH/SSL will grab crypto dev and cut your speed in half). Same with un-encryrpted iperf2/3, even with just a single TCP connection. > > Over an IPsec tunnel, this same system bottle necks at 180 Mbps. These systems are on the same vlan and subnet, same physical switch - so direct route. > > So, does IPSec use AESNI ? I would have at least expected 600-700 Mbps. Do you have aesni(4) driver in the kernel or loaded as module? It is present in FreeBSD since version 9.0
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?0f4d3532-cb34-e606-4deb-593b4116495c>