https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=274007
Bug ID: 274007
Summary: IPSec asymmetric crypto broken
Product: Base System
Version: 13.2-STABLE
Hardware: Any
OS: Any
Status: New
Severity: Affects Only Me
Priority: ---
Component: kern
Assignee: [email protected]
Reporter: [email protected]
After upgrading from FreeBSD 11 to FreeBSD 13, I noticed the IPSec asymmetric
crypto option (net.inet.ipsec.async_crypto=1) no longer functions correctly.
On FreeBSD 11, enabling this option pushed the bandwidth of an accelerated
(AES-NI) AES 256 GCM tunnel from ~500Mbit/s to ~800Mbit/s with no packet loss,
but on FreeBSD 13 it causes massive packet loss inside the tunnel, well over
20%.
The hardware is AMD Opteron CPUs with Intel X520 10Gb NICs. MTU on the
underlying link is set to 2000, with MTU inside the tunnel at the standard
1500.
--
You are receiving this mail because:
You are the assignee for the bug.
