On Fri, Sep 03, 2010 at 02:26:37PM -0700, Ricky Charlet wrote: > Thanks Ivan, > > You have some valid points about performance. I was hoping not to get > distracted from the main thrust of my question by performance considerations > though. > > Are their PCIe attachable crypto co-processors with current vendor > support for FreeBSD8.x? If anyone else reading this thread want's to chime > in with info about current supported crypto co-processors that plug in via > PCIe, please drop a note. > > > However, I think you do deserve a reply on the performance topic... > > I am close enough to agreeing with you to not argue much about > whether modern CPU parts can saturate a 1 Gb link with crypto data. The CPU > part I am currently married to (a touch old but not that bad), seems to be > able to through around 200Mb of IP-ESP data around. However, in spite of > these observations, I would prefer if my system could handle that throughput > load and yet have CPU power left over for other tasks. > > I'm very attracted to Andre's mention of "newer x86/amd64 > CPU's see: http://en.wikipedia.org/wiki/AES_instruction_set";. Does > anyone know if FreeBSD supports or will support this through either > /dev/crypto or through openssl (or any other mechanism I guess)? I believe recent OpenSSL 1.x supports AESNI in usermode.
For the AES acceleration in the kernel and /dev/crypto support see the aesni driver in the recent HEAD, working both on i386 and amd64 architectures. I had a plan to merge the driver into RELENG_8, but it is stalled due to some issues (not related to the driver quality).
pgpVwtyn6t18j.pgp
Description: PGP signature
