The Xeon CPUs are "almost idle". The "old Intel 32-bit Pentium 4 2.4GHz dual core server", however is the other end of that IPSEC tunnel. It's unlikely to be as idle as the Xeon.
-- Jim > On Nov 6, 2013, at 8:04, Thinker Rix <[email protected]> wrote: > >> On 2013-11-06 15:22, Vick Khera wrote: >> >> On Wed, Nov 6, 2013 at 12:53 AM, Thinker Rix <[email protected]> >> wrote: >>> Would pfSense use this CPU instructions so to hardware-encrypt/decrypt all >>> VPN traffic (openVPN)? >>> Woud pfSense benefit from this in any other way, too? >> >> >> pfSense lists the AES-NI as a supported option for crypto acceleration. >> pfSense will use it for OpenVPN and IPsec if you tell it to. There's a >> config setting for it. >> >> As to your question of is it worth the cost, that depends on how much VPN >> traffic you have. The Xeon will handle a damn lot of traffic all on its own. >> If you are pushing more than 40Mbps on the VPN, then perhaps consider the >> extra cost. If it is low, like under 5 or 10Mbps, then I'd probably suggest >> that it is not worth the cost. >> >> As a reference, between my data center and my primary office, I have an >> IPsec tunnel. The office runs on an old Intel 32-bit Pentium 4 2.4GHz dual >> core server. The data center runs on Intel Xeon E31220L @ 2.20GHz >> quad-core. Neither one has any built-in cryptodev supported devices. The >> IPsec tunnel maxes out at about 20Mbps during large file backups. I don't >> think it would go any faster with hardware acceleration, and the load on >> these boxes hovers around 0 still. The data center firewall is also busy >> pushing over 100Mpbs of regular traffic to hundreds of clients as well. > > Hi Vick, > > Thank you for your reference, it is very valuable for me! > I guess I will go with a Pentium (Ivy Bridge) 2x 3.0 GHz CPU. > > What do you think is the reason for your VPN traffic maxing out at 20Mpbs (I > assume that your connection is not the traffic bottle neck, right?), although > your CPUs are almost idle? > > Best regards > Thinker Rix > _______________________________________________ > List mailing list > [email protected] > http://lists.pfsense.org/mailman/listinfo/list
_______________________________________________ List mailing list [email protected] http://lists.pfsense.org/mailman/listinfo/list
