Is if_ipsec/ipsec - AESNI accelerated ?
David P. Discher
dpd at dpdtech.com
Thu Aug 9 03:57:41 UTC 2018
I’m suspecting that IPSec in FreeBSD is not leveraging AESNI on Intel. Is this correct ?
A small system, with an Atom C2758 and AESNI can hit 940-950 Mbps on a 1g copper link SCPing a file with Chiper=aes256-gcm. SSH/OpenSSL automatically uses AESNI if available. (Side Note, loading cryptodev - openSSH/SSL will grab crypto dev and cut your speed in half). Same with un-encryrpted iperf2/3, even with just a single TCP connection.
Over an IPsec tunnel, this same system bottle necks at 180 Mbps. These systems are on the same vlan and subnet, same physical switch - so direct route.
So, does IPSec use AESNI ? I would have at least expected 600-700 Mbps.
--
David P. Discher
https://davidpdischer.com/
More information about the freebsd-net
mailing list