09.08.2018 10:57, David P. Discher wrote: > I’m suspecting that IPSec in FreeBSD is not leveraging AESNI on Intel. Is > this correct ? > > A small system, with an Atom C2758 and AESNI can hit 940-950 Mbps on a 1g > copper link SCPing a file with Chiper=aes256-gcm. SSH/OpenSSL automatically > uses AESNI if available. (Side Note, loading cryptodev - openSSH/SSL will > grab crypto dev and cut your speed in half). Same with un-encryrpted > iperf2/3, even with just a single TCP connection. > > Over an IPsec tunnel, this same system bottle necks at 180 Mbps. These > systems are on the same vlan and subnet, same physical switch - so direct > route. > > So, does IPSec use AESNI ? I would have at least expected 600-700 Mbps.
Do you have aesni(4) driver in the kernel or loaded as module? It is present in FreeBSD since version 9.0 _______________________________________________ freebsd-net@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/freebsd-net To unsubscribe, send any mail to "freebsd-net-unsubscr...@freebsd.org"