Am 05.11.2019 um 20:15 schrieb John-Mark Gurney:
Kurt Jaeger wrote this message on Mon, Nov 04, 2019 at 20:46 +0100:
Has anyone experience with operating a highspeed IPsec connection
up to 10gigabit/s between 2 FreeBSD hosts ?
Is that speed achievable ? How much tuning is necessary ?
I haven't, but do know some hints. Make sure that you have a machine
w/ AESNI, AND make sure you're using AES-GCM or AES-CTR.. Using
AES-GCM is best as it avoids using a costly auth algorithm, as the
AESNI instructions provide instructionts to make the GCM (auth) part
of AES-GCM faster.
AES-GCM can run at over 1GB/sec on a single core, so as long as the
traffic can be processed by multiple threads (via multiple queues
for example), it should be doable.
These were my short results via OPNsense on 4 year old XEONs.
So its 11.2, mostly untuned and strongswan as IPsec implementation.
If you need more detailed specs just drop me a line.
https://www.routerperformance.net/comparing-opnsense-vpn-performance/
Best,
Michael
_______________________________________________
freebsd-net@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-net
To unsubscribe, send any mail to "freebsd-net-unsubscr...@freebsd.org"
