[top-posting and no-trimming damage repaired manually] >> On the coming net6501, would it help to install crypto acceleration >> module, like vpn1401, or the CPU is powerful enough to do it [...]
> A good deal depends on whether or not your applications can make use > of the hardware crypto accelerator. > As I understand it ([...]), OpenBSD and FreeBSD have a framework that > makes use of the crypto hardware if it is available and supports the > selected algorithm, and falls back to software otherwise. Indeed. However, it's not quite that simple. Some years ago, I had occasion to work with NetBSD on a Soekris with a crypto accelerator - the number I remember is 1411, but that's pretty hazy - and found that it did not actually help. On investigation, the problem proved to be that, while the crypto accelerator did indeed accelerate the crypto, it did so at the price of requiring a userland/kernel boundary crossing, and, for the block sizes and cryptosystems in question, trapping to the kernel and the associated overhead approximately counterbalanced the benefit brought when viewed from the perspective of just the crypto. If we'd been able to routinely process much larger blocks, the crypto accelerator would have been a clear win, but that did not fit our use case. Similarly, if we'd been doing something where the crypto client had been in-kernel (such as IPsec), the effective overhead would have been lower. Depending on the hardware in question and quite possibly the OS, the overhead may vary, as of course will the speeds of the hardware in question. And different applications will use crypto in different ways. So about the only definite thing I can say is "it depends". Unless your use case is rather unusual, you pretty much will have to try it and see. /~\ The ASCII Mouse \ / Ribbon Campaign X Against HTML [email protected] / \ Email! 7D C8 61 52 5D E7 2D 39 4E F1 31 3E E8 B3 27 4B _______________________________________________ Soekris-tech mailing list [email protected] http://lists.soekris.com/mailman/listinfo/soekris-tech
