On Sat, Nov 15, 2008 at 3:15 PM, Patrick Lamaizière <[EMAIL PROTECTED]>wrote:
> Le Fri, 14 Nov 2008 13:37:58 +0200, > "Riaan Kruger" <[EMAIL PROTECTED]> a écrit : > > > I would like to know how IPsec makes use of a multi processor machine? > > > > I have gateway (FreeBSD 7.0) with four SAs configured. When testing > > throughput through the configured SAs, I see (with systat) that only > > one cpu works really hard (+-10% idle min), two others work a bit > > (+-70% idle min) and the fourth CPU does pretty much nothing. > > > > Is this normal, shouldn't at least the two cpus work hard because of > > the high throughput? > > I guess that's because the cryptographic requests are dispatched > and done by two kernel threads. The thread 'crypto' dispatches and > processes the requests, the thread 'crypto-returns' returns the results. > > You can see these kernel threads with top S H > > Regards. > Thanx for your reply. So there is one thread to dispatch the crypto operations to the crypto providers and another to get the return. Also if i am using software crypto providers, as supplied per default on FreeBSD, there will be effectively one thread that does the actual symmetric crypto operations. I think this is so because the actual crypto operations in cryptosoft are synchronous and will complete and then return. With hardware crypto providers the crypto thread will pass the operation to the device and return letting the driver of the device call back when it is done. If my above assesment is correct then using the software crypto providers will result in only 1 CPU effectively being used for symmetric encryption. Regards _______________________________________________ email@example.com mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"