End-points are running on ibase's network security appliance hardware: http://www.ibasetechnology.net/EN/fwa7204.html
- the only way to put some hw accel to this is miniPCI - that's why I've asked about it before.. The central server is some Fujitsu-Siemens server with free PCI slot You mentioned packet sizes - the traffic there is very mixed, for example in average about 300kbit/s from every end-point to server are VoIP calls - SIP/RTP (G.729), so there is big amount of small packets mixed with common services' packets (HTTP, SQL, RDP etc..) Switchover to some VIA C7 CPU's would be great, but I don't think my manager will accept it.. Thank you very much Marek 2006/4/12, Stuart Henderson <[EMAIL PROTECTED]>: > > There's a lot more overhead involved with the PCI cards which are > serviced by interrupt-handlers (rather than just issuing an instruction > to the CPU as is the case with the VIA chips). > > Since you mention miniPCI I'll take a wild guess at low-power hardware > where this is common (e.g. Soekris, WRAP etc) - the PCI on these is not > high-performance: particularly on this type of hardware, you're only > likely to see much (if any) benefit with larger packet sizes. > > Perhaps changing server to EPIA SP or MII 12000 or something with a > C7 cpu, while keeping endpoints as they are (or perhaps adding hw cards > if you find they help for your mix of packet sizes) would give a > useful performance boost. > > You might also find that under OpenBSD, ipsec is simple enough > (http://www.openbsd.org/cgi-bin/man.cgi?query=ipsec.conf#EXAMPLES) > that you want to use it, at least on permanent links, and could > improve performance that way (in-kernel -> fewer context switches).
