> I was doing some quick OpenVPN tests on a pair of 5501-70s back to > back [...]
> FreeBSD does not support the crypto offload. Has anyone tried > something similar with OpenBSD or NetBSD ? They both have drivers for > AES crypto offload. My experience isn't with the 5501 - if memory serves, it's the 4801 - but I have tried crypto "accelerator" hardware with OpenVPN on Soekris under NetBSD. I put "accelerator" in quotes because I found that, in those tests, using the crypto hardware (a 1411, I think it was) actually impaired throughput. Apparently the penalty of crossing the kernel/user boundary outweighed the benefit from the crypto hardware. Of course, my results should not be extended to cases where large amounts of data are processed at once (thereby amortizing the syscall penalty over more bytes and giving the crypto hardware more of a chance to pull ahead), or where the crypto user is actually in-kernel (such as IPsec). Also, using the crypto hardware means that the main CPU is waiting instead of processing; if you have other, CPU-bound, work to do at the same time, pushing the crypto to specialized hardware may be worth it even though it makes the crypto take more wall-clock time. /~\ The ASCII der Mouse \ / Ribbon Campaign X Against HTML [EMAIL PROTECTED] / \ Email! 7D C8 61 52 5D E7 2D 39 4E F1 31 3E E8 B3 27 4B _______________________________________________ Soekris-tech mailing list [email protected] http://lists.soekris.com/mailman/listinfo/soekris-tech
