Hi, > are there any reliable performance figures for IPsec throughput on > x86_64 Linux machines?
Nothing I could reference here. > Is 10 GBit/s feasable? If yes, how? On commodity hardware, maybe, but only if/when: * using AES-GCM with AESNI/CLMUL, which can handle ~1Gbit/s/core * your NIC can separate traffic to multiple queues (8+), and each queue has assigned a core to process its traffic * you have multiple SAs and flows, so the flows can actually be separated to queues (and cores) in both directions. If you can't effectively distribute traffic over NIC queues, you should consider using pcrypt. Not sure if 10Gbit/s are possible, though. Regards Martin _______________________________________________ Users mailing list Users@lists.strongswan.org https://lists.strongswan.org/mailman/listinfo/users
