Guido Tschakert schrieb: > John Arnold schrieb: >>> It isn't worth using it. The overhead is too high. >>> >>> >> OK, thanks for the response. >> >> That being the case, can anybody give me any advice on what hardware I would >> need to achieve gigabit VPN throughput (aes/3des & md5/sha1) with ipsec? >> > And yes I forgot a few things:
what I use is described in man brconfig (how I love the faqs and manuals) and we use hmac-sha2-256 and aes128 (the default) > > Hi, > my max throughput with ipsec is around 218 Mbit/s with the following > hardware: > 3Ghz Intel Dual Core and Intel "EM"-Network Devices. > > > This is a building to building tunnel with "ipsec-bridge" and the two > boxes are directly connected. > Without any dedicated crypto hardware you need a single core cpu as fast > a possible (dual/quad core is also possible but won't help you, as the > encryption/decryption is done by the kernel which uses only one kernel) > > dmesg: > > OpenBSD 4.3 (GENERIC) #1368: Wed Mar 12 11:05:31 MDT 2008 > dera...@amd64.openbsd.org:/usr/src/sys/arch/amd64/compile/GENERIC > real mem = 1071693824 (1022MB) > avail mem = 1028931584 (981MB) > mainbus0 at root > bios0 at mainbus0: SMBIOS rev. 2.5 @ 0x3fee0000 (38 entries) > bios0: vendor Phoenix Technologies LTD version "1.1a" date 04/03/2008 > bios0: Supermicro X7SBi > acpi0 at bios0: rev 2 > acpi0: tables DSDT FACP _MAR MCFG HPET APIC BOOT SPCR SSDT SSDT SSDT SSDT > acpi0: wakeup devices PXHA(S5) PEX_(S5) LAN_(S5) USB4(S5) USB5(S5) > USB7(S5) ESB2(S5) EXP1(S5) EXP5(S5) EXP6(S5) USB1(S5) USB2(S5) USB3(S5) > USB6(S5) ESB1(S5) PCIB(S5) KBC0(S1) MSE0(S1) COM1(S5) COM2(S5) PWRB(S3) > acpitimer0 at acpi0: 3579545 Hz, 24 bits > acpihpet0 at acpi0: 14318179 Hz > acpiprt0 at acpi0: bus 0 (PCI0) > acpiprt1 at acpi0: bus 2 (PXHA) > acpiprt2 at acpi0: bus 3 (PEX_) > acpiprt3 at acpi0: bus 5 (EXP1) > acpiprt4 at acpi0: bus 13 (EXP5) > acpiprt5 at acpi0: bus 15 (EXP6) > acpiprt6 at acpi0: bus 17 (PCIB) > acpicpu0 at acpi0: C1, FVS, 3000, 2667, 2333, 2000 MHz > acpibtn0 at acpi0: PWRB > cpu0 at mainbus0: (uniprocessor) > cpu0: Intel(R) Core(TM)2 Duo CPU E8400 @ 3.00GHz, 2992.90 MHz > cpu0: > FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,TM,SBF,SSE3,MWAIT,DS-CPL,VMX,EST,TM2,CX16,xTPR,NXE,LONG > cpu0: 6MB 64b/line 16-way L2 cache > pci0 at mainbus0 bus 0: configuration mode 1 > pchb0 at pci0 dev 0 function 0 vendor "Intel", unknown product 0x29f0 > rev 0x01 > ppb0 at pci0 dev 1 function 0 vendor "Intel", unknown product 0x29f1 rev > 0x01: irq 5 > pci1 at ppb0 bus 1 > ppb1 at pci1 dev 0 function 0 "Intel PCIE-PCIE" rev 0x09 > pci2 at ppb1 bus 2 > "Intel IOxAPIC" rev 0x09 at pci1 dev 0 function 1 not configured > ppb2 at pci0 dev 6 function 0 vendor "Intel", unknown product 0x29f9 rev > 0x01: irq 5 > pci3 at ppb2 bus 3 > em0 at pci3 dev 0 function 0 "Intel PRO/1000 PF (82572EI)" rev 0x06: irq > 5, address 00:15:17:57:8a:f5 > ppb3 at pci0 dev 28 function 0 "Intel 82801I PCIE" rev 0x02: irq 5 > pci4 at ppb3 bus 5 > ppb4 at pci0 dev 28 function 4 "Intel 82801I PCIE" rev 0x02: irq 5 > pci5 at ppb4 bus 13 > em1 at pci5 dev 0 function 0 "Intel PRO/1000MT (82573E)" rev 0x03: irq > 5, address 00:30:48:64:eb:48 > ppb5 at pci0 dev 28 function 5 "Intel 82801I PCIE" rev 0x02: irq 10 > pci6 at ppb5 bus 15 > em2 at pci6 dev 0 function 0 "Intel PRO/1000MT (82573L)" rev 0x00: irq > 10, address 00:30:48:64:eb:49 > ppb6 at pci0 dev 30 function 0 "Intel 82801BA Hub-to-PCI" rev 0x92 > pci7 at ppb6 bus 17 > vga1 at pci7 dev 3 function 0 "ATI ES1000" rev 0x02 > wsdisplay0 at vga1 mux 1: console (80x25, vt100 emulation) > wsdisplay0: screen 1-5 added (80x25, vt100 emulation) > pciide0 at pci7 dev 4 function 0 vendor "ITExpress", unknown product > 0x8213 rev 0x00: DMA (unsupported), channel 0 wired to native-PCI, > channel 1 wired to native-PCI > pciide0: using irq 10 for native-PCI interrupt > pciide0: channel 0 ignored (not responding; disabled or no drives?) > pciide0: channel 1 ignored (not responding; disabled or no drives?) > pcib0 at pci0 dev 31 function 0 "Intel 82801IR LPC" rev 0x02 > ahci0 at pci0 dev 31 function 2 "Intel 82801I AHCI" rev 0x02: irq 10, > AHCI 1.2 > scsibus0 at ahci0: 32 targets > sd0 at scsibus0 targ 0 lun 0: <ATA, ST380815AS, 4.AA> SCSI3 0/direct fixed > sd0: 76319MB, 9729 cyl, 255 head, 63 sec, 512 bytes/sec, 156301488 sec total > ichiic0 at pci0 dev 31 function 3 "Intel 82801I SMBus" rev 0x02: irq 10 > iic0 at ichiic0 > lm1 at iic0 addr 0x2d: W83627HF > wbng0 at iic0 addr 0x2f: w83793g > iic0: addr 0x48 00=7d 02=4b 03=50 04=7d 06=4b 07=50 08=7d 0a=4b 0b=50 > 0c=7d 0e=4b 0f=50 10=7d 12=4b 13=50 14=7d 16=4b 17=50 18=7d 1a=4b 1b=50 > 1c=7d 1e=4b 1f=50 20=7d 22=4b 23=50 24=7d 26=4b 27=50 28=7d 2a=4b 2b=50 > 2c=7d 2e=4b 2f=50 30=7d 32=4b 33=50 34=7d 36=4b 37=50 38=7d 3a=4b 3b=50 > 3c=7d 3e=4b 3f=50 40=7d 42=4b 43=50 44=7d 46=4b 47=50 48=7d 4a=4b 4b=50 > 4c=7d 4e=4b 4f=50 50=7d 52=4b 53=50 54=7d 56=4b 57=50 58=7d 5a=4b 5b=50 > 5c=7d 5e=4b 5f=50 60=7d 62=4b 63=50 64=7d 66=4b 67=50 68=7d 6a=4b 6b=50 > 6c=7d 6e=4b 6f=50 70=7d 72=4b 73=50 74=7d 76=4b 77=50 78=7d 7a=4b 7b=50 > 7c=7d 7e=4b 7f=50 80=7d 82=4b 83=50 84=7d 86=4b 87=50 88=7d 8a=4b 8b=50 > 8c=7d 8e=4b 8f=50 90=7d 92=4b 93=50 94=7d 96=4b 97=50 98=7d 9a=4b 9b=50 > 9c=7d 9e=4b 9f=50 a0=7d a2=4b a3=50 a4=7d a6=4b a7=50 a8=7d aa=4b ab=50 > ac=7d ae=4b af=50 b0=7d b2=4b b3=50 b4=7d b6=4b b7=50 b8=7d ba=4b bb=50 > bc=7d be=4b bf=50 c0=7d c2=4b c3=50 c4=7d c6=4b c7=50 c8=7d ca=4b cb=50 > cc=7d ce=4b cf=50 d0=7d d2=4b d3=50 d4=7d d6=4b d7=50 d8=7d da=4b db=50 > dc=7d de=4b df=50 e0=7d e2=4b e3=50 e4=7d e6=4b e7=50 e8=7d ea=4b eb=50 > ec=7d ee=4b ef=50 f0=7d f2=4b f3=50 f4=7d f6=4b f7=50 f8=7d fa=4b fb=50 > fc=7d fe=4b ff=50 words 00=7d00 01=00ff 02=4b00 03=5000 04=7d00 05=00ff > 06=4b00 07=5000 08=7d00 09=00ff 0a=4b00 0b=5000 0c=7d00 0d=00ff 0e=4b00 > 0f=5000 > iic0: addr 0x49 00=7d 02=4b 03=50 04=7d 06=4b 07=50 08=7d 0a=4b 0b=50 > 0c=7d 0e=4b 0f=50 10=7d 12=4b 13=50 14=7d 16=4b 17=50 18=7d 1a=4b 1b=50 > 1c=7d 1e=4b 1f=50 20=7d 22=4b 23=50 24=7d 26=4b 27=50 28=7d 2a=4b 2b=50 > 2c=7d 2e=4b 2f=50 30=7d 32=4b 33=50 34=7d 36=4b 37=50 38=7d 3a=4b 3b=50 > 3c=7d 3e=4b 3f=50 40=7d 42=4b 43=50 44=7d 46=4b 47=50 48=7d 4a=4b 4b=50 > 4c=7d 4e=4b 4f=50 50=7d 52=4b 53=50 54=7d 56=4b 57=50 58=7d 5a=4b 5b=50 > 5c=7d 5e=4b 5f=50 60=7d 62=4b 63=50 64=7d 66=4b 67=50 68=7d 6a=4b 6b=50 > 6c=7d 6e=4b 6f=50 70=7d 72=4b 73=50 74=7d 76=4b 77=50 78=7d 7a=4b 7b=50 > 7c=7d 7e=4b 7f=50 80=7d 82=4b 83=50 84=7d 86=4b 87=50 88=7d 8a=4b 8b=50 > 8c=7d 8e=4b 8f=50 90=7d 92=4b 93=50 94=7d 96=4b 97=50 98=7d 9a=4b 9b=50 > 9c=7d 9e=4b 9f=50 a0=7d a2=4b a3=50 a4=7d a6=4b a7=50 a8=7d aa=4b ab=50 > ac=7d ae=4b af=50 b0=7d b2=4b b3=50 b4=7d b6=4b b7=50 b8=7d ba=4b bb=50 > bc=7d be=4b bf=50 c0=7d c2=4b c3=50 c4=7d c6=4b c7=50 c8=7d ca=4b cb=50 > cc=7d ce=4b cf=50 d0=7d d2=4b d3=50 d4=7d d6=4b d7=50 d8=7d da=4b db=50 > dc=7d de=4b df=50 e0=7d e2=4b e3=50 e4=7d e6=4b e7=50 e8=7d ea=4b eb=50 > ec=7d ee=4b ef=50 f0=7d f2=4b f3=50 f4=7d f6=4b f7=50 f8=7d fa=4b fb=50 > fc=7d fe=4b ff=50 words 00=7d00 01=00ff 02=4b00 03=5000 04=7d00 05=00ff > 06=4b00 07=5000 08=7d00 09=00ff 0a=4b00 0b=5000 0c=7d00 0d=00ff 0e=4b00 > 0f=5000 > spdmem0 at iic0 addr 0x50: 512MB DDR2 SDRAM ECC PC2-5300CL5 > spdmem1 at iic0 addr 0x52: 512MB DDR2 SDRAM ECC PC2-5300CL5 > vendor "Intel", unknown product 0x2932 (class DASP subclass > miscellaneous, rev 0x02) at pci0 dev 31 function 6 not configured > isa0 at pcib0 > isadma0 at isa0 > pckbc0 at isa0 port 0x60/5 > pckbd0 at pckbc0 (kbd slot) > pckbc0: using irq 1 for kbd slot > wskbd0 at pckbd0: console keyboard, using wsdisplay0 > pcppi0 at isa0 port 0x61 > midi0 at pcppi0: <PC speaker> > spkr0 at pcppi0 > wbsio0 at isa0 port 0x2e/2: W83627HF rev 0x41 > port 0x295/2 not configured > lm0 at isa0 port 0x290/8: W83627HF > lm1 detached > softraid0 at root > root on sd0a swap on sd0b dump on sd0b > -- Mit freundlichen Gr|_en, Guido Tschakert _____________________________________________________________ SRC Security Research & Consulting GmbH Graurheindorfer Str. 149 a Tel: +49-228-2806-138 53117 Bonn Fax: +49-228-2806-199 http://www.src-gmbh.de Mob: +49-160-3671422 Handelsregister Bonn: HRB 9414 Geschdftsf|hrer: Gerd Cimiotti
