John Arnold schrieb: >> It isn't worth using it. The overhead is too high. >> >> > > OK, thanks for the response. > > That being the case, can anybody give me any advice on what hardware I would > need to achieve gigabit VPN throughput (aes/3des & md5/sha1) with ipsec? >
Hi, my max throughput with ipsec is around 218 Mbit/s with the following hardware: 3Ghz Intel Dual Core and Intel "EM"-Network Devices. This is a building to building tunnel with "ipsec-bridge" and the two boxes are directly connected. Without any dedicated crypto hardware you need a single core cpu as fast a possible (dual/quad core is also possible but won't help you, as the encryption/decryption is done by the kernel which uses only one kernel) dmesg: OpenBSD 4.3 (GENERIC) #1368: Wed Mar 12 11:05:31 MDT 2008 dera...@amd64.openbsd.org:/usr/src/sys/arch/amd64/compile/GENERIC real mem = 1071693824 (1022MB) avail mem = 1028931584 (981MB) mainbus0 at root bios0 at mainbus0: SMBIOS rev. 2.5 @ 0x3fee0000 (38 entries) bios0: vendor Phoenix Technologies LTD version "1.1a" date 04/03/2008 bios0: Supermicro X7SBi acpi0 at bios0: rev 2 acpi0: tables DSDT FACP _MAR MCFG HPET APIC BOOT SPCR SSDT SSDT SSDT SSDT acpi0: wakeup devices PXHA(S5) PEX_(S5) LAN_(S5) USB4(S5) USB5(S5) USB7(S5) ESB2(S5) EXP1(S5) EXP5(S5) EXP6(S5) USB1(S5) USB2(S5) USB3(S5) USB6(S5) ESB1(S5) PCIB(S5) KBC0(S1) MSE0(S1) COM1(S5) COM2(S5) PWRB(S3) acpitimer0 at acpi0: 3579545 Hz, 24 bits acpihpet0 at acpi0: 14318179 Hz acpiprt0 at acpi0: bus 0 (PCI0) acpiprt1 at acpi0: bus 2 (PXHA) acpiprt2 at acpi0: bus 3 (PEX_) acpiprt3 at acpi0: bus 5 (EXP1) acpiprt4 at acpi0: bus 13 (EXP5) acpiprt5 at acpi0: bus 15 (EXP6) acpiprt6 at acpi0: bus 17 (PCIB) acpicpu0 at acpi0: C1, FVS, 3000, 2667, 2333, 2000 MHz acpibtn0 at acpi0: PWRB cpu0 at mainbus0: (uniprocessor) cpu0: Intel(R) Core(TM)2 Duo CPU E8400 @ 3.00GHz, 2992.90 MHz cpu0: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,TM,SBF,SSE3,MWAIT,DS-CPL,VMX,EST,TM2,CX16,xTPR,NXE,LONG cpu0: 6MB 64b/line 16-way L2 cache pci0 at mainbus0 bus 0: configuration mode 1 pchb0 at pci0 dev 0 function 0 vendor "Intel", unknown product 0x29f0 rev 0x01 ppb0 at pci0 dev 1 function 0 vendor "Intel", unknown product 0x29f1 rev 0x01: irq 5 pci1 at ppb0 bus 1 ppb1 at pci1 dev 0 function 0 "Intel PCIE-PCIE" rev 0x09 pci2 at ppb1 bus 2 "Intel IOxAPIC" rev 0x09 at pci1 dev 0 function 1 not configured ppb2 at pci0 dev 6 function 0 vendor "Intel", unknown product 0x29f9 rev 0x01: irq 5 pci3 at ppb2 bus 3 em0 at pci3 dev 0 function 0 "Intel PRO/1000 PF (82572EI)" rev 0x06: irq 5, address 00:15:17:57:8a:f5 ppb3 at pci0 dev 28 function 0 "Intel 82801I PCIE" rev 0x02: irq 5 pci4 at ppb3 bus 5 ppb4 at pci0 dev 28 function 4 "Intel 82801I PCIE" rev 0x02: irq 5 pci5 at ppb4 bus 13 em1 at pci5 dev 0 function 0 "Intel PRO/1000MT (82573E)" rev 0x03: irq 5, address 00:30:48:64:eb:48 ppb5 at pci0 dev 28 function 5 "Intel 82801I PCIE" rev 0x02: irq 10 pci6 at ppb5 bus 15 em2 at pci6 dev 0 function 0 "Intel PRO/1000MT (82573L)" rev 0x00: irq 10, address 00:30:48:64:eb:49 ppb6 at pci0 dev 30 function 0 "Intel 82801BA Hub-to-PCI" rev 0x92 pci7 at ppb6 bus 17 vga1 at pci7 dev 3 function 0 "ATI ES1000" rev 0x02 wsdisplay0 at vga1 mux 1: console (80x25, vt100 emulation) wsdisplay0: screen 1-5 added (80x25, vt100 emulation) pciide0 at pci7 dev 4 function 0 vendor "ITExpress", unknown product 0x8213 rev 0x00: DMA (unsupported), channel 0 wired to native-PCI, channel 1 wired to native-PCI pciide0: using irq 10 for native-PCI interrupt pciide0: channel 0 ignored (not responding; disabled or no drives?) pciide0: channel 1 ignored (not responding; disabled or no drives?) pcib0 at pci0 dev 31 function 0 "Intel 82801IR LPC" rev 0x02 ahci0 at pci0 dev 31 function 2 "Intel 82801I AHCI" rev 0x02: irq 10, AHCI 1.2 scsibus0 at ahci0: 32 targets sd0 at scsibus0 targ 0 lun 0: <ATA, ST380815AS, 4.AA> SCSI3 0/direct fixed sd0: 76319MB, 9729 cyl, 255 head, 63 sec, 512 bytes/sec, 156301488 sec total ichiic0 at pci0 dev 31 function 3 "Intel 82801I SMBus" rev 0x02: irq 10 iic0 at ichiic0 lm1 at iic0 addr 0x2d: W83627HF wbng0 at iic0 addr 0x2f: w83793g iic0: addr 0x48 00=7d 02=4b 03=50 04=7d 06=4b 07=50 08=7d 0a=4b 0b=50 0c=7d 0e=4b 0f=50 10=7d 12=4b 13=50 14=7d 16=4b 17=50 18=7d 1a=4b 1b=50 1c=7d 1e=4b 1f=50 20=7d 22=4b 23=50 24=7d 26=4b 27=50 28=7d 2a=4b 2b=50 2c=7d 2e=4b 2f=50 30=7d 32=4b 33=50 34=7d 36=4b 37=50 38=7d 3a=4b 3b=50 3c=7d 3e=4b 3f=50 40=7d 42=4b 43=50 44=7d 46=4b 47=50 48=7d 4a=4b 4b=50 4c=7d 4e=4b 4f=50 50=7d 52=4b 53=50 54=7d 56=4b 57=50 58=7d 5a=4b 5b=50 5c=7d 5e=4b 5f=50 60=7d 62=4b 63=50 64=7d 66=4b 67=50 68=7d 6a=4b 6b=50 6c=7d 6e=4b 6f=50 70=7d 72=4b 73=50 74=7d 76=4b 77=50 78=7d 7a=4b 7b=50 7c=7d 7e=4b 7f=50 80=7d 82=4b 83=50 84=7d 86=4b 87=50 88=7d 8a=4b 8b=50 8c=7d 8e=4b 8f=50 90=7d 92=4b 93=50 94=7d 96=4b 97=50 98=7d 9a=4b 9b=50 9c=7d 9e=4b 9f=50 a0=7d a2=4b a3=50 a4=7d a6=4b a7=50 a8=7d aa=4b ab=50 ac=7d ae=4b af=50 b0=7d b2=4b b3=50 b4=7d b6=4b b7=50 b8=7d ba=4b bb=50 bc=7d be=4b bf=50 c0=7d c2=4b c3=50 c4=7d c6=4b c7=50 c8=7d ca=4b cb=50 cc=7d ce=4b cf=50 d0=7d d2=4b d3=50 d4=7d d6=4b d7=50 d8=7d da=4b db=50 dc=7d de=4b df=50 e0=7d e2=4b e3=50 e4=7d e6=4b e7=50 e8=7d ea=4b eb=50 ec=7d ee=4b ef=50 f0=7d f2=4b f3=50 f4=7d f6=4b f7=50 f8=7d fa=4b fb=50 fc=7d fe=4b ff=50 words 00=7d00 01=00ff 02=4b00 03=5000 04=7d00 05=00ff 06=4b00 07=5000 08=7d00 09=00ff 0a=4b00 0b=5000 0c=7d00 0d=00ff 0e=4b00 0f=5000 iic0: addr 0x49 00=7d 02=4b 03=50 04=7d 06=4b 07=50 08=7d 0a=4b 0b=50 0c=7d 0e=4b 0f=50 10=7d 12=4b 13=50 14=7d 16=4b 17=50 18=7d 1a=4b 1b=50 1c=7d 1e=4b 1f=50 20=7d 22=4b 23=50 24=7d 26=4b 27=50 28=7d 2a=4b 2b=50 2c=7d 2e=4b 2f=50 30=7d 32=4b 33=50 34=7d 36=4b 37=50 38=7d 3a=4b 3b=50 3c=7d 3e=4b 3f=50 40=7d 42=4b 43=50 44=7d 46=4b 47=50 48=7d 4a=4b 4b=50 4c=7d 4e=4b 4f=50 50=7d 52=4b 53=50 54=7d 56=4b 57=50 58=7d 5a=4b 5b=50 5c=7d 5e=4b 5f=50 60=7d 62=4b 63=50 64=7d 66=4b 67=50 68=7d 6a=4b 6b=50 6c=7d 6e=4b 6f=50 70=7d 72=4b 73=50 74=7d 76=4b 77=50 78=7d 7a=4b 7b=50 7c=7d 7e=4b 7f=50 80=7d 82=4b 83=50 84=7d 86=4b 87=50 88=7d 8a=4b 8b=50 8c=7d 8e=4b 8f=50 90=7d 92=4b 93=50 94=7d 96=4b 97=50 98=7d 9a=4b 9b=50 9c=7d 9e=4b 9f=50 a0=7d a2=4b a3=50 a4=7d a6=4b a7=50 a8=7d aa=4b ab=50 ac=7d ae=4b af=50 b0=7d b2=4b b3=50 b4=7d b6=4b b7=50 b8=7d ba=4b bb=50 bc=7d be=4b bf=50 c0=7d c2=4b c3=50 c4=7d c6=4b c7=50 c8=7d ca=4b cb=50 cc=7d ce=4b cf=50 d0=7d d2=4b d3=50 d4=7d d6=4b d7=50 d8=7d da=4b db=50 dc=7d de=4b df=50 e0=7d e2=4b e3=50 e4=7d e6=4b e7=50 e8=7d ea=4b eb=50 ec=7d ee=4b ef=50 f0=7d f2=4b f3=50 f4=7d f6=4b f7=50 f8=7d fa=4b fb=50 fc=7d fe=4b ff=50 words 00=7d00 01=00ff 02=4b00 03=5000 04=7d00 05=00ff 06=4b00 07=5000 08=7d00 09=00ff 0a=4b00 0b=5000 0c=7d00 0d=00ff 0e=4b00 0f=5000 spdmem0 at iic0 addr 0x50: 512MB DDR2 SDRAM ECC PC2-5300CL5 spdmem1 at iic0 addr 0x52: 512MB DDR2 SDRAM ECC PC2-5300CL5 vendor "Intel", unknown product 0x2932 (class DASP subclass miscellaneous, rev 0x02) at pci0 dev 31 function 6 not configured isa0 at pcib0 isadma0 at isa0 pckbc0 at isa0 port 0x60/5 pckbd0 at pckbc0 (kbd slot) pckbc0: using irq 1 for kbd slot wskbd0 at pckbd0: console keyboard, using wsdisplay0 pcppi0 at isa0 port 0x61 midi0 at pcppi0: <PC speaker> spkr0 at pcppi0 wbsio0 at isa0 port 0x2e/2: W83627HF rev 0x41 port 0x295/2 not configured lm0 at isa0 port 0x290/8: W83627HF lm1 detached softraid0 at root root on sd0a swap on sd0b dump on sd0b