On 06/11/2019 01:45, Olivier Cochard-Labbé wrote:
On Tue, Nov 5, 2019 at 8:15 PM John-Mark Gurney <j...@funkthat.com> wrote:
AES-GCM can run at over 1GB/sec on a single core, so as long as the
traffic can be processed by multiple threads (via multiple queues
for example), it should be doable.
I didn't bench this setup (10Gb/s IPSec) but I believe we will have the
same problem with IPSec as with all VPN setups (like PPPoE or GRE): the
IPSec tunnel will generate one IP flow preventing load sharing between all
the NIC's RSS queues.
I'm not aware of improvement to remove this limitation.
Is it possible to make load-sharing based on
fmod(ipsec_seq_number / NUM_CPU_CORES) for example?
--
CU,
Victor Gamov
_______________________________________________
freebsd-net@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-net
To unsubscribe, send any mail to "freebsd-net-unsubscr...@freebsd.org"
