Hi Andrey, For the moment we are not using hardware crypto offloading devices except AESNI instruction set mainly because our product are certified by common criteria and thus have restriction on how crypto can be made. We have some plan to look at intel quick-assist, chelsio or melanox devices in the future.
Damien -- Damien Deville IPS Technical Leader http://www.stormshield.eu Stormshield 2/6 Avenue de l'Horizon, Bat. 6 - FR 59650 Villeneuve d'Ascq ----- Le 7 Nov 19, à 17:12, ae a...@freebsd.org a écrit : | On 07.11.2019 12:52, Damien DEVILLE wrote: |> At Stormshield we have various patches related to that topic that we |> can share. | | Hi, | | that would be nice. | |> The goal was to optimize this code in the context of a single IPsec |> tunnel and a single network flow in that tunnel. On one of our high |> end hardware (Intel(R) Xeon(R) E-2176G with 6 cores / ixl network |> cards), the previous code was running around 2.4Gbps using AES-GCM | | Have you thought about implementing hardware IPsec offloading on NICs? | I saw Intel's and Mellanox's documentation about such support, I think | Chelsio also does support it. It probably can give good performance boost. | | | -- | WBR, Andrey V. Elsukov _______________________________________________ freebsd-net@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/freebsd-net To unsubscribe, send any mail to "freebsd-net-unsubscr...@freebsd.org"
