On Tue, Oct 11, 2011 at 04:03:48PM +0200, BARDOU Pierre wrote:
> I'm looking for hardware capable of doing 1bgps IPsec, under OpenBSD
> of course. Do you think it is possible with a brand new high end
> server and their new instructions (AES/NI and/or AVX) ?
Currently I don't think you'll be able to find a single system that will
push 1GB of IPsec running OpenBSD.
I've tested -current with aes-gcm across a pair of HP DL360 G7 boxes with
Xeon X5650 @ 2.67GHz; I was able to get around 550 Mbps with tcpbench -n
10 through a gif tunnel + IPsec transport mode. You'll need to be
running amd64 for this to work.
> Or would a crypto card be necessary ? If yes, do you have a
> brand/model to recommend ?
>
> In the crypto section most of the devices I see are old chipsets,
> which are far from 1 Gbps throughput. The only thing I see is the Via
> Padlock, but I think the CPU is not capable of Gigabit routing. There
> is also the BCM5862, but I can't find a card embedding it.
There are no crypto processors that come anywhere close to the CPU
crypto instructions (at least for network traffic). The interupt and PCI
bandwidth cost of the crypto cards is just too high. (they probably
still make sense for heavily asymetric crypto, like SSL acceleration.
Some improvements may be seen in the next few releases with some smaller
planned optimizations, and of course a higher clock speed should help,
but I don't expect you'll get a solid 1Gb without taking the crypto code
out of the biglock and allowing it to run MP. (non trivial, unlikely to
happen any time soon)
If you _really_ need 1Gbps and it's not just to meet some marketing
fantasy, you're probably best building some kind of architecture that
load balances the traffic across 2 or 3 VPN tunnels that terminate on
different boxes (and you could get some kind of redundancy this way as
well)
--
CVSROOT: /cvs
Module name: src
Changes by: mi...@cvs.openbsd.org 2011/08/17 11:00:35
Modified files:
sys/arch/amd64/amd64: aes_intel.S aesni.c
Log message:
Assembler implementation of the GCM mode using the Carry-less
Multiplication (CLMUL) instruction found in the new Intel and
future AMD CPUs.
Done about a year ago and was rotting in my trees until Ryan
prodded Theo to read the white paper and figure out the license
issues. Apparently, there are none. All C code and SSE glue
code was written by me, while the GF multiplication function
is taken from the CLMUL white paper, specifically Figure 6:
"Code Sample - Performing Ghash Using Algorithms 1 and 5".
