AESNI is not hooked yet to the IPsec stack. On Thu, Jul 2, 2015 at 2:42 AM, Zhihao Yuan <[email protected]> wrote:
> It might be hypervisor's problem because they use KVM, but here are > some information I have: > > DO smallest instance. > > > uname -a > FreeBSD megashadow2 10.2-PRERELEASE FreeBSD 10.2-PRERELEASE #3 > r284996: Wed Jul 1 17:58:13 UTC 2015 > freebsd@megashadow2:/usr/obj/usr/src/sys/DOIPSEC amd64 > > cryptotest w/wo -p -- 2Gb/s, 400Mb/s, aesni, cryptodev present. > > strongswan ipsec.conf: > > ike=aes256-sha1-modp1024! > esp=aes256-sha1! > > NAT done through one simple pf rule. > > natstat -inw1 shows no error, no drop, just very small packets (10K-30K) > even > for large data. > > Top two functions in pmcstat -TS instructions -w1 are kernel > rijndaelEncrypt and sha1_step are the top two consuming function, > 10%-20% for each. > > TSO, IPSEC_DEBUG do not matter. > > Boost performance is same as Ubuntu 15 (300kb/s in ssh, downloading to > my laptop), but most of the time is < 100kb/s, and overall speed is > 50% slower. Uploading is good. > > -- > Zhihao Yuan, ID lichray > The best way to predict the future is to invent it. > ___________________________________________________ > 4BSD -- http://bit.ly/blog4bsd > _______________________________________________ > [email protected] mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-net > To unsubscribe, send any mail to "[email protected]" > > -- > Ermal > _______________________________________________ [email protected] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-net To unsubscribe, send any mail to "[email protected]"
