On Nov 6, 2013, at 1:43 PM, Jim Thompson <[email protected]> wrote: > > On Nov 6, 2013, at 8:06 AM, Thinker Rix <[email protected]> wrote: > >> On 2013-11-06 15:29, Jim Thompson wrote: >>>> On Nov 6, 2013, at 7:22, Vick Khera <[email protected]> wrote: >>>> >>>> pfSense lists the AES-NI as a supported option for crypto acceleration. >>>> pfSense will use it for OpenVPN and IPsec if you tell it to. There's a >>>> config setting for it. >>> I'm not aware if any performance testing for AES-NI on pfSense. >>> >>> There are reports that FreeBSD doesn't support AES-NI very well. >> >> Thank you for this information, Jim. So I figure, that buying the Xeon just >> for it's AES functions would (currently) be a waste of money. > > I can’t answer this, because I’ve not tested it. > > I know that the linux kernel, and openbsd both take full advantage of AES-NI > instructions. > > http://ibatanov.blogspot.com/2012/04/ipsec-performance-benchmarking-is-end.html > http://comments.gmane.org/gmane.os.openbsd.misc/199639 > > I know there is an implementation of AES-NI for cryptdev, but **I HAVE NOT > TESTED IT (nor has anyone else on the pfSense team, AFAIK). > > There seems to be an issue: > http://forum.pfsense.org/index.php/topic,54008.30.html > http://lists.freebsd.org/pipermail/freebsd-hackers/2012-May/038762.html > > In the meantime, it might be possible to use OpenVPN with a patched openssl > library to achieve the results you desire (but now you’re off into DIY land.) > https://community.openvpn.net/openvpn/wiki/Gigabit_Networks_Linux > > That all said, we will find and fix the issue at some point. (I’m actually > in San Jose for the FreeBSD Vendor Summit, and plan to bring it up as a > potential issue.)
Well, there's this thread from late August this year about improving AES-NI support that eventually kicked off into an epic kerfuffle and bike shed about the status of gcc in FreeBSD 10: http://lists.freebsd.org/pipermail/freebsd-toolchain/2013-August/000920.html Cheers, Paul. _______________________________________________ List mailing list [email protected] http://lists.pfsense.org/mailman/listinfo/list
