Hi Malcolm, On Thu, May 29, 2014 at 11:56:40AM -0400, Malcolm Turnbull wrote: > John-Paul, > > Nice to have some stats, thanks. > > However the most intensive CPU part of the SSL transaction on a load > balancer is the handshake (that's why we measure TPS) and as far as I'm > aware AES-NI is not used in the handshake?
Confirmed, AES-NI is only used for symmetric crypto. > We don't use it in our product because we couldn't find any benefit. > http://blog.loadbalancer.org/ssl-offload-testing/ > Very happy for someone to prove us wrong though? AES-NI will not change a single iota in your TPS measurements. However if you measure the data rate on large objects, you'll definitely find a massive boost. We get something like 5.4 or 5.6 Gbps per core on the ALOHA with AES256 (Baptiste, correct me if I'm wrong). Of course, that's with large objects (256k or 1M, I don't remember). If you want my opinion, the real gain here is not to reach such high bandwidth, but to slightly reduce the CPU usage on average object size. Cheers, Willy
