hi,
Just jumping in here. The Soekris 1401 offers only limited
performance enhancements. If you read the specs, it is only useful
(and used?) for certain encryption algorithms. Its also deprecated
and would imagine that Soren regrets even releasing it in the first
place.
None the less, we have seen significant enhancements using that chip
on 4.9+ BSD releases on older platforms. I don't have our thruput
metrics in front of me right now, but I seem to recall they could
take IPSec on a Soekris 4501 from about 2Mbit to about 6, with kernel
polling enabled. I presume that kernel polling on the network side
could adversely affect performance on the VPN board as well.
It depends what you want in many ways. The only time I've seen IPSec
or SSH traffic limited on a BSD box is from sheer CPU cycles, and a
lot of that has to do with bandwidth over the PCI bus (or busses). I
would expect a good crypto accelerator on a PCI bus separated from
the network bus to perform much better?
Michael F. DeMan
Director of Technology
OpenAccess Network Services
Bellingham, WA 98225
[EMAIL PROTECTED]
360-647-0785
On Apr 18, 2006, at 5:00 PM, Sam Leffler wrote:
Mike Tancsa wrote:
On Mon, 17 Apr 2006 16:44:38 -1000 (HST), in sentex.lists.freebsd.net
you wrote:
I've read here before (or maybe some other freebsd list) that cards
like the Soekris 1401 don't gain as much as you'd expect due to
moving
packets to/from the card over the PCI bus. But the context is
usually
one of trying to encrypt packets to increase throughput.
So the question is whether these cards, regardless of their
affect on
throughput, increase usable CPU cycles? I have several Soekris 1401
cards and am wondering if there would be any point to putting them
into some machines that provide logins over ssh. These machines are
generally pretty good spec, 2.4GHz+, 1GB RAM, Intel MBs, mostly
on-board peripherals.
The only place I found it really helpful for ssh connections was on
our backup server where we had multiple inbound ssh connections (e.g.
10+ at once sending dump piped through ssh) it kept the CPU
utilization down. If you have just one or two, it doesnt really
matter
Unless you're doing lots of scp's it's unlikely ssh traffic is
going to generate large packets so offloading the crypto won't be
worthwhile (cost to setup the h/w op probably is higher than doing
the op in s/w). This has been discussed previously; see for
example my BSDCan 2003 paper.
Sam
_______________________________________________
freebsd-net@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-net
To unsubscribe, send any mail to "[EMAIL PROTECTED]"
_______________________________________________
freebsd-net@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-net
To unsubscribe, send any mail to "[EMAIL PROTECTED]"
