Hi, i am looking for ways to improve the throughput while using the strongswan IPSEC.
I read that AES-GCM provides excellent throughput over default AES-CBC-128 when used with AES-NI support in intel processors. i want to enable AES-GCM128 cipher in my xeon E5 processor, and from looking at the Intel white paper, it mentioned about using "Linux AES-NI-GCM Crypto Plug-in" to enable this support. It described about a patch to existing AES-NI driver file, called aesni-intel_glue.c and aesni-intel_asm.s. Paper: http://www.intel.com/content/www/us/en/intelligent-systems/wireless-infrastructure/aes-ipsec-performance-linux-paper.html 1. There is strongswan plugin for intel AES-NI, Can somebody confirm/tell me a way to find if this is the same plugin as the one mentioned in intel Doc ? To me it looks like that, but i wanted to check with someone who might be already using this. 2. Is there some other way to get higher throughput ? pcrypt module is available, will it work with AES-GCM ? *libstrongswan plugin : * aesni - Intel AES-NI crypto plugin (since 5.3.1 <https://wiki.strongswan.org/versions/56>) The new *aesni* plugin provides CBC, CTR, XCBC, CMAC, CCM and GCM crypto primitives for AES-128/192/256. The plugin requires AES-NI and PCLMULQDQ instructions and works on both x86 and x64 architectures. It provides superior crypto performance in userland without any external libraries. Thanks kapil.
_______________________________________________ Users mailing list [email protected] https://lists.strongswan.org/mailman/listinfo/users
