> On Aug 8, 2018, at 10:37 PM, Andrey V. Elsukov <bu7c...@yandex.ru> wrote: > > On 09.08.2018 06:57, David P. Discher wrote: >> I’m suspecting that IPSec in FreeBSD is not leveraging AESNI on Intel. Is >> this correct ? > > IPsec uses crypto(9) framework that works by default without any > acceleration. You need to load aesni(4) kernel module to enable > acceleration. Also, you need to recreate security associations after > module loading to take effect.
Yes. I booted with AESNI loaded … via loader.conf. Transcript below. Two endpoint are identical hardware. -- David P. Discher https://davidpdischer.com/ 408.368.3725 • d...@dpdtech.com [ pts/0 sjc2 util201:~ ] [ dpd ] > kldstat Id Refs Address Size Name 1 32 0xffffffff80200000 2081408 kernel 2 1 0xffffffff82283000 259e0 geom_mirror.ko 3 1 0xffffffff822a9000 e568 if_bridge.ko 4 2 0xffffffff822b8000 6d28 bridgestp.ko 5 1 0xffffffff822bf000 7600 if_tap.ko 6 1 0xffffffff822c7000 f988 ipmi.ko 7 2 0xffffffff822d7000 2d10 smbus.ko 8 1 0xffffffff822da000 381130 zfs.ko 9 2 0xffffffff8265c000 a380 opensolaris.ko 10 1 0xffffffff82667000 af98 aesni.ko 11 1 0xffffffff82b11000 2328 ums.ko [ pts/0 sjc2 util201:~ ] [ dpd ] > sudo /usr/local/etc/rc.d/racoon stop Password: Stopping racoon. Waiting for PIDS: 1065. [ pts/0 sjc2 util201:~ ] [ dpd ] > sudo /usr/local/etc/rc.d/racoon start Starting racoon. [ pts/0 sjc2 util201:~ ] [ dpd ] > sudo setkey -f /usr/local/etc/racoon/setkey.conf [ pts/0 sjc2 util201:~ ] [ dpd ] > ifconfig ipsec12 ipsec12: flags=8151<UP,POINTOPOINT,RUNNING,PROMISC,MULTICAST> metric 0 mtu 1350 tunnel inet 10.245.0.201 --> 10.245.0.202 inet 172.30.1.13 --> 172.30.1.14 netmask 0xfffffffc nd6 options=29<PERFORMNUD,IFDISABLED,AUTO_LINKLOCAL> reqid: 12 groups: ipsec [ pts/0 sjc2 util201:~ ] [ dpd ] > ping 172.30.1.14 PING 172.30.1.14 (172.30.1.14): 56 data bytes 64 bytes from 172.30.1.14: icmp_seq=2 ttl=64 time=0.452 ms 64 bytes from 172.30.1.14: icmp_seq=3 ttl=64 time=0.368 ms 64 bytes from 172.30.1.14: icmp_seq=4 ttl=64 time=0.353 ms ^C --- 172.30.1.14 ping statistics --- 5 packets transmitted, 3 packets received, 40.0% packet loss round-trip min/avg/max/stddev = 0.353/0.391/0.452/0.044 ms [ pts/0 sjc2 util201:~ ] [ dpd ] > iperf3 -c 10.245.0.202 -i 8 -t 16 Connecting to host 10.245.0.202, port 5201 [ 5] local 10.245.0.201 port 55165 connected to 10.245.0.202 port 5201 [ ID] Interval Transfer Bitrate Retr Cwnd [ 5] 0.00-8.00 sec 887 MBytes 930 Mbits/sec 0 419 KBytes [ 5] 8.00-16.00 sec 898 MBytes 941 Mbits/sec 0 419 KBytes - - - - - - - - - - - - - - - - - - - - - - - - - [ ID] Interval Transfer Bitrate Retr [ 5] 0.00-16.00 sec 1.74 GBytes 936 Mbits/sec 0 sender [ 5] 0.00-16.01 sec 1.74 GBytes 935 Mbits/sec receiver iperf Done. [ pts/0 sjc2 util201:~ ] [ dpd ] > iperf3 -c 172.30.1.14 -i 8 -t 16 Connecting to host 172.30.1.14, port 5201 [ 5] local 172.30.1.13 port 41671 connected to 172.30.1.14 port 5201 [ ID] Interval Transfer Bitrate Retr Cwnd [ 5] 0.00-8.00 sec 166 MBytes 174 Mbits/sec 0 64.3 KBytes [ 5] 8.00-16.00 sec 168 MBytes 176 Mbits/sec 0 64.3 KBytes - - - - - - - - - - - - - - - - - - - - - - - - - [ ID] Interval Transfer Bitrate Retr [ 5] 0.00-16.00 sec 334 MBytes 175 Mbits/sec 0 sender [ 5] 0.00-16.01 sec 334 MBytes 175 Mbits/sec receiver iperf Done. [ pts/0 sjc2 util201:~ ] [ dpd ] > uname -a FreeBSD util201.sjc2.ixsystems.com 11.2-STABLE FreeBSD 11.2-STABLE #3: Tue Jul 24 20:57:34 UTC 2018 r...@proxima.sjc2.ixsystems.com:/usr/obj/usr/src/sys/IX amd64 [ pts/0 sjc2 util201:~ ] [ dpd ] > _______________________________________________ freebsd-net@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/freebsd-net To unsubscribe, send any mail to "freebsd-net-unsubscr...@freebsd.org"
