I have done some brief testing of AES-NI a few months back, though I can't seem to find the results at the moment and that test environment isn't online currently. It doesn't give the performance benefit that it should at this time. So the immediate benefit is minimal (except for the fact the Xeon proc would be faster than the Pentium), but it will be properly supported in the future, hopefully in 2.2 with its FreeBSD 10 base, but we haven't done any testing there yet.
On Tue, Nov 5, 2013 at 11:53 PM, Thinker Rix <[email protected]> wrote: > Hello all, > > as I am planning to buy new hardware for pfSense, I was wondering if it is > worthy to buy a CPU that supports "AES new instructions", i.e. > hardware-support for AES encyption. > > Would pfSense use this CPU instructions so to hardware-encrypt/decrypt all > VPN traffic (openVPN)? > Woud pfSense benefit from this in any other way, too? > > The motherboards that I want to buy unfortunately support AES-NI only with > Xeons that currently start from approx 170 €. If I would take a CPU without > AES-IN, I could go with a dual-Pentium for 40€. What impact would you expect > from AES-IN, in regards to the fact tht I will be having traffic from VPN > secured WLAN with approx 300-450 Mpbs and VPN to/from the internet, 1-2 > users at a time max. Do you think the AES-IN would be worthy the price > premium of the Xeon for my case, e.g. because it would reduce VPN latency, > etc., or is it just a pure waste of money in my case? > > Best regards > Thinker Rix > > > > _______________________________________________ > List mailing list > [email protected] > http://lists.pfsense.org/mailman/listinfo/list _______________________________________________ List mailing list [email protected] http://lists.pfsense.org/mailman/listinfo/list
