Skip site navigation (1)Skip section navigation (2) 
Date:      Sun, 8 Dec 2013 20:02:42 +0100
From:      =?ISO-8859-1?Q?Olivier_Cochard=2DLabb=E9?= <olivier@cochard.me>
To:        Eitan Adler <lists@eitanadler.com>
Cc:        "freebsd-net@freebsd.org" <freebsd-net@freebsd.org>, Robert Millan <rmh@debian.org>, "debian-bsd@lists.debian.org" <debian-bsd@lists.debian.org>
Subject:   Re: IPSEC
Message-ID:  <CA%2Bq%2BTcrSZitbJkPJFO501O1MVWe8o2o%2BP_S_a3q21NdPtSGewQ@mail.gmail.com>
In-Reply-To: <CAF6rxgntjNFdr8unFQC=OWCNs7-UDYJaE30v4heWh_EeOg1JGA@mail.gmail.com>
References:  <523457A1.3090606@debian.org> <CAF6rxgntjNFdr8unFQC=OWCNs7-UDYJaE30v4heWh_EeOg1JGA@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help 
On Sun, Dec 8, 2013 at 12:16 AM, Eitan Adler <lists@eitanadler.com> wrote:
> Hi all,
>
> I understand this is an old thread but I do not see an answer here.
> Can anyone answer the question below?
>
> On Sat, Sep 14, 2013 at 8:33 AM, Robert Millan <rmh@debian.org> wrote:
>>
>> Hi!
>>
>> Is there any particular reason (performance, stability concerns...)
>> IPSEC support is not enabled in GENERIC?
>>
>> In Debian GNU/kFreeBSD we're considering enabling it in our default
>> builds, due to increased user demand and as it is already enabled for
>> our Linux-based flavours.
>>
>> However we're concerned about diverging from FreeBSD as there might be
>> unforeseen consequences. Is there any specific concern on your side?
>>
>> If not, perhaps it could be considered for HEAD after 10.0 release?
>
>

Here are my own bench result regarding forwarding speed (paquet-per-second)
with a kernel compiled without-ipsec and with ipsec (ipsec is not enabled
during the tests, just present on the kernel) of FreeBSD 10.0-PRERELEASE:

ministat -s without-ipsec ipsec
x without-ipsec
+ ipsec
+--------------------------------------------------------------------------------+
|x               +    x    +      +x  x            x           +
     +|
|         |__________________A_____M____________|
     |
|                 |_______________M_________A__________________________|
      |
+--------------------------------------------------------------------------------+
    N           Min           Max        Median           Avg        Stddev
x   5       1646075       1764528       1725461       1713080     44560.059
+   5       1685034       1833206       1724461     1748666.8     62356.218
No difference proven at 95.0% confidence

I didn't see negative impact of enabling ipsec (it's even a little bit
better with it).

Regards,

Olivier

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CA%2Bq%2BTcrSZitbJkPJFO501O1MVWe8o2o%2BP_S_a3q21NdPtSGewQ>