Hello,
In would kindly ask you if anynone can share theis experience with
HW acceleration/offloading of TLS operations. In 1.8.0, experimental
QAT support was announced. Is anyone using it? We have a lot of TLS
sessions due to DoT. When running it on bare metal HW (Xeon 5217/EPYC
7313) we are struggling with CPU load. I am considering a HW upgrade and
going for Xeon 5520 or 6538 with build-in accelerators - if they can be
used of course. Preferably on Debian Linux.
I have a few questions - maybe someone here can advise me:
1. What do I need to do to enable acceleration? My understanding is
QAT device must be initialized (QAT lib, qatmgr), dnsdist has to call
loadTLSProvider(). Does OpenSSL have do be compiled also with QAT
support and configured to use QAT providers?
2. Some Xeon CPUs have two QAT units. Is it somehow transparent to
the applications? Does it simply mean that it is more powerful or does
it have to be taken info account in configuration?
My AMD EPYC 7313 CPUs have hw support for AES-NI. From my understanding
OpenSSL and dnsdist benefit from that and it is completely transparent,
am I right?
Many thanks
Aleš
_______________________________________________
dnsdist mailing list
dnsdist@mailman.powerdns.com
https://mailman.powerdns.com/mailman/listinfo/dnsdist
