I’m suspecting that IPSec in FreeBSD is not leveraging AESNI on Intel. Is this correct ?
A small system, with an Atom C2758 and AESNI can hit 940-950 Mbps on a 1g copper link SCPing a file with Chiper=aes256-gcm. SSH/OpenSSL automatically uses AESNI if available. (Side Note, loading cryptodev - openSSH/SSL will grab crypto dev and cut your speed in half). Same with un-encryrpted iperf2/3, even with just a single TCP connection. Over an IPsec tunnel, this same system bottle necks at 180 Mbps. These systems are on the same vlan and subnet, same physical switch - so direct route. So, does IPSec use AESNI ? I would have at least expected 600-700 Mbps. -- David P. Discher https://davidpdischer.com/ _______________________________________________ freebsd-net@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/freebsd-net To unsubscribe, send any mail to "freebsd-net-unsubscr...@freebsd.org"
