On Dec 14, 2013, at 11:28 , Eitan Adler <[email protected]> wrote:
> Hi arch@, > > The question below has been unanswered since Sat, Sep 14, 2013. > > Are there any known concerns with enabling IPSEC? Is there any reason > to not do so in GENERIC? > Certainly there is always a risk of reduced stability when you mix more code into the system. I do not know, off hand, of any bugs that would prevent us from turning this on in GENERIC. It would be nice to know what kind of user/customer demand you’re seeing so we could evaluate whether or not we should turn IPSec on by default in GENERIC in the base FreeBSD. Best, George > On Sun, Dec 8, 2013 at 2:02 PM, Olivier Cochard-Labbé > <[email protected]> wrote: >> On Sun, Dec 8, 2013 at 12:16 AM, Eitan Adler <[email protected]> wrote: >>> Hi all, >>> >>> I understand this is an old thread but I do not see an answer here. >>> Can anyone answer the question below? >>> >>> On Sat, Sep 14, 2013 at 8:33 AM, Robert Millan <[email protected]> wrote: >>>> >>>> Hi! >>>> >>>> Is there any particular reason (performance, stability concerns...) >>>> IPSEC support is not enabled in GENERIC? >>>> >>>> In Debian GNU/kFreeBSD we're considering enabling it in our default >>>> builds, due to increased user demand and as it is already enabled for >>>> our Linux-based flavours. >>>> >>>> However we're concerned about diverging from FreeBSD as there might be >>>> unforeseen consequences. Is there any specific concern on your side? >>>> >>>> If not, perhaps it could be considered for HEAD after 10.0 release? >>> >>> >> >> Here are my own bench result regarding forwarding speed (paquet-per-second) >> with a kernel compiled without-ipsec and with ipsec (ipsec is not enabled >> during the tests, just present on the kernel) of FreeBSD 10.0-PRERELEASE: >> >> ministat -s without-ipsec ipsec >> x without-ipsec >> + ipsec >> +--------------------------------------------------------------------------------+ >> |x + x + +x x x + >> +| >> | |__________________A_____M____________| >> | >> | |_______________M_________A__________________________| >> | >> +--------------------------------------------------------------------------------+ >> N Min Max Median Avg Stddev >> x 5 1646075 1764528 1725461 1713080 44560.059 >> + 5 1685034 1833206 1724461 1748666.8 62356.218 >> No difference proven at 95.0% confidence >> >> I didn't see negative impact of enabling ipsec (it's even a little bit >> better with it). >> >> Regards, >> >> Olivier > > > > -- > Eitan Adler > _______________________________________________ > [email protected] mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-arch > To unsubscribe, send any mail to "[email protected]" -- To UNSUBSCRIBE, email to [email protected] with a subject of "unsubscribe". Trouble? Contact [email protected] Archive: http://lists.debian.org/[email protected]
