[Bug 274007] IPSec asymmetric crypto broken

Reply: bugzilla-noreply_a_freebsd.org: "[Bug 274007] IPSec asymmetric crypto broken"
Go to: [ bottom of page ] [ top of archives ] [ this month ]

From: <bugzilla-noreply_at_freebsd.org>
Date: Thu, 21 Sep 2023 20:24:48 UTC

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=274007

            Bug ID: 274007
           Summary: IPSec asymmetric crypto broken
           Product: Base System
           Version: 13.2-STABLE
          Hardware: Any
                OS: Any
            Status: New
          Severity: Affects Only Me
          Priority: ---
         Component: kern
          Assignee: bugs@FreeBSD.org
          Reporter: tpearson@raptorengineering.com

After upgrading from FreeBSD 11 to FreeBSD 13, I noticed the IPSec asymmetric
crypto option (net.inet.ipsec.async_crypto=1) no longer functions correctly. 

On FreeBSD 11, enabling this option pushed the bandwidth of an accelerated
(AES-NI) AES 256 GCM tunnel from ~500Mbit/s to ~800Mbit/s with no packet loss,
but on FreeBSD 13 it causes massive packet loss inside the tunnel, well over
20%.

The hardware is AMD Opteron CPUs with Intel X520 10Gb NICs.  MTU on the
underlying link is set to 2000, with MTU inside the tunnel at the standard
1500.

-- 
You are receiving this mail because:
You are the assignee for the bug.