On 2006/04/12 11:57, Marek Nixworx wrote: > can you explain me please, why aren't PCI/miniPCI cards sufficient ? I'd > like to use same hardware and only add PCI card on server and end-points..
There's a lot more overhead involved with the PCI cards which are serviced by interrupt-handlers (rather than just issuing an instruction to the CPU as is the case with the VIA chips). Since you mention miniPCI I'll take a wild guess at low-power hardware where this is common (e.g. Soekris, WRAP etc) - the PCI on these is not high-performance: particularly on this type of hardware, you're only likely to see much (if any) benefit with larger packet sizes. Perhaps changing server to EPIA SP or MII 12000 or something with a C7 cpu, while keeping endpoints as they are (or perhaps adding hw cards if you find they help for your mix of packet sizes) would give a useful performance boost. You might also find that under OpenBSD, ipsec is simple enough (http://www.openbsd.org/cgi-bin/man.cgi?query=ipsec.conf#EXAMPLES) that you want to use it, at least on permanent links, and could improve performance that way (in-kernel -> fewer context switches).
