From owner-freebsd-net@FreeBSD.ORG Sat Oct 10 15:03:16 2009 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id D37D01065694; Sat, 10 Oct 2009 15:03:16 +0000 (UTC) (envelope-from siquijorphilips@gmail.com) Received: from mail-vw0-f180.google.com (mail-vw0-f180.google.com [209.85.212.180]) by mx1.freebsd.org (Postfix) with ESMTP id 6DC2C8FC19; Sat, 10 Oct 2009 15:03:16 +0000 (UTC) Received: by vws10 with SMTP id 10so4720260vws.7 for ; Sat, 10 Oct 2009 08:03:15 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:mime-version:received:in-reply-to:references :date:message-id:subject:from:to:cc:content-type; bh=rrq1Z3KUL7E2pCJn6vG70I4KoAG0pL093uszUHryrF4=; b=wau17Yexmrrc4oHJAgR2LxXYYsjkjFdCrS5LL8hbLXZXkGVkd2xBU79Oe4qnaJ0Lgz 6ukypVu3cgMWbZxlni6cUFU8f0ZYJxBw238KaFLOV3i9B2MVaBEnYbBolIKG8A6AihEU tNS9hZwJjZjkn3sr9u2Yfih6xzmdDP4Kjb5NY= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; b=a+ods/EWpD7K/A54E56yzb961joiuG8U7RdD1udQi42uSA3C+uEFEEsg4sNGdIStms qmAKxT3+jfWP1WsAqf7i7GaNpaiRvCPyREq6aSvl9/PZoixvr2z4pOM7q9p2+hImApU+ t/7/7I4gF+KDAnYGYwYgr3HoRtz37H3ue0+/Y= MIME-Version: 1.0 Received: by 10.220.79.140 with SMTP id p12mr5904553vck.57.1255186995672; Sat, 10 Oct 2009 08:03:15 -0700 (PDT) In-Reply-To: <2a41acea0910091117q6cfab252sa8d5dfcf0182b660@mail.gmail.com> References: <20091008174521.GE3843@michelle.cdnetworks.com> <2a41acea0910091117q6cfab252sa8d5dfcf0182b660@mail.gmail.com> Date: Sat, 10 Oct 2009 23:03:15 +0800 Message-ID: From: Siquijor Philips To: Jack Vogel Content-Type: text/plain; charset=ISO-8859-1 Cc: pyunyh@gmail.com, freebsd-net@freebsd.org, freebsd-drivers@freebsd.org Subject: Re: intel 82576 ipsec offload? X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 10 Oct 2009 15:03:16 -0000 On Sat, Oct 10, 2009 at 2:17 AM, Jack Vogel wrote: > I am Jack, the network engineer at Intel responsible for all FreeBSD wired > lan drivers. Hi Jack! Thanks for introducing yourself since I am new to this mailing list :-) > This is the first I've seen about this. Our understanding was that the > infrastructure needed > to do IPSec was not available for either Linux or FreeBSD, can you please > explain things? > Yes, basically I am implementing an IPsec infrastructure to our network. Our network is composed of a main office and 3 branch offices to be linked over VPN. I'm using both FreeBSD and Windows platforms. Our FreeBSD (7.1-Release) platforms comprises the 4 firewall/gateways (which should be also our VPN concentrators) as well as our mail server (7.1-Release). The Windows platforms comprises the local/remote clients (FreeBSD/Windows XP/Vista) and the Active Directory server (Windows Server 2008). Since our 4 FreeBSD perimeter firewall/gateways are currently processing big amount of traffic, so I have decided to buy these Intel NICs with IPsec offloading just to make sure it can carry out the current traffic processing. Aside from that, our local and remote FreeBSD clients will also be configured on transport-mode IPsec sooner because these clients are also network intensive hosts. So, from here I really wanted to have the IPsec offloading be available to my NICs since I intend to buy these as its primary purpose. > If everything is there except the support in the driver then I might be able > to add that to > my queue. > Yes, please because I really need to have my IPsec infra working sooner. Thank you so much! Siquijor > Cheers, > > Jack > > > On Thu, Oct 8, 2009 at 9:14 PM, Siquijor Philips > wrote: >> >> On Fri, Oct 9, 2009 at 1:45 AM, Pyun YongHyeon wrote: >> > On Thu, Oct 08, 2009 at 01:24:20PM +0800, Siquijor Philips wrote: >> >> Hi, >> >> >> >> I got a dual-port Intel Gigabit NIC with 82576 (ET) chipset >> >> http://www.intel.com/Assets/PDF/prodbrief/320116.pdf. It has a feature >> >> on IPsec offloading but it only mentioned Microsoft Windows 2008 and >> >> Vista servers. I wonder if FreeBSD have also support on this feature? >> >> >> > >> > AFAIK it's not yet, not sure whether Jack has plan to implement the >> > offloading. I know old Intel i82550 also supported IPSec offloading >> > but Intel didn't release required information to implement it. 3Com >> > also supported IPSec offloading in their 3XP hardwares(txp(4)) but >> > the offloading was not implemented. >> > >> >> Hi Pyun, >> >> Thanks for your info! By the way, who is Jack? Is he the author of >> this driver? I really need to have this feature usable on the driver. >> I bought these NICs with 82576 chipset for the purpose of implementing >> IPsec in my network and my current FreeBSD servers could benefit it. >> Just really thought it has support because FreeBSD was already part of >> the supported operating system. I was alerted when I've re-read the >> product info document again that it only support Windows 2008 and >> Vista platforms. Now, I've confirmed that with the current existing >> driver. I hope this guy has the plan of implementing it sooner because >> I really need it. >> >> Thanks, >> Siquijor >> _______________________________________________ >> freebsd-net@freebsd.org mailing list >> http://lists.freebsd.org/mailman/listinfo/freebsd-net >> To unsubscribe, send any mail to "freebsd-net-unsubscribe@freebsd.org" > >