Is if_ipsec/ipsec - AESNI accelerated ?

Andrey V. Elsukov bu7cher at yandex.ru
Thu Aug 9 08:33:20 UTC 2018 

On 09.08.2018 10:00, David P. Discher wrote:
> 	[ pts/0 sjc2 util201:~ ]
> 	[ dpd ] > iperf3 -c 10.245.0.202 -i 8 -t 16
> 	Connecting to host 10.245.0.202, port 5201
> 	[  5] local 10.245.0.201 port 55165 connected to 10.245.0.202 port 5201
> 	[ ID] Interval           Transfer     Bitrate         Retr  Cwnd
> 	[  5]   0.00-8.00   sec   887 MBytes   930 Mbits/sec    0    419 KBytes
> 	[  5]   8.00-16.00  sec   898 MBytes   941 Mbits/sec    0    419 KBytes
> 	- - - - - - - - - - - - - - - - - - - - - - - - -
> 	[ ID] Interval           Transfer     Bitrate         Retr
> 	[  5]   0.00-16.00  sec  1.74 GBytes   936 Mbits/sec    0             sender
> 	[  5]   0.00-16.01  sec  1.74 GBytes   935 Mbits/sec                  receiver
> 
> 	iperf Done.
> 
> 	[ pts/0 sjc2 util201:~ ]
> 	[ dpd ] > iperf3 -c 172.30.1.14 -i 8 -t 16
> 	Connecting to host 172.30.1.14, port 5201
> 	[  5] local 172.30.1.13 port 41671 connected to 172.30.1.14 port 5201
> 	[ ID] Interval           Transfer     Bitrate         Retr  Cwnd
> 	[  5]   0.00-8.00   sec   166 MBytes   174 Mbits/sec    0   64.3 KBytes
> 	[  5]   8.00-16.00  sec   168 MBytes   176 Mbits/sec    0   64.3 KBytes
> 	- - - - - - - - - - - - - - - - - - - - - - - - -
> 	[ ID] Interval           Transfer     Bitrate         Retr
> 	[  5]   0.00-16.00  sec   334 MBytes   175 Mbits/sec    0             sender
> 	[  5]   0.00-16.01  sec   334 MBytes   175 Mbits/sec                  receiver
I did some tests and here are my results:

# ifconfig ipsec0
ipsec0: flags=8051<UP,POINTOPOINT,RUNNING,MULTICAST> metric 0 mtu 1400
	tunnel inet 10.0.0.15 --> 10.0.0.25
	inet 192.168.0.15 --> 192.168.0.25 netmask 0xffffff00
	inet6 fe80::225:90ff:fef9:3c92%ipsec0 prefixlen 64 scopeid 0x8
	nd6 options=23<PERFORMNUD,ACCEPT_RTADV,AUTO_LINKLOCAL>
	reqid: 16385
	groups: ipsec

# iperf -c 10.0.0.25 -i 8 -t 16
------------------------------------------------------------
Client connecting to 10.0.0.25, TCP port 5001
TCP window size: 35.0 KByte (default)
------------------------------------------------------------
[  3] local 10.0.0.15 port 21371 connected with 10.0.0.25 port 5001
[ ID] Interval       Transfer     Bandwidth
[  3]  0.0- 8.0 sec  9.09 GBytes  9.77 Gbits/sec
[  3]  8.0-16.0 sec  9.22 GBytes  9.90 Gbits/sec
[  3]  0.0-16.0 sec  18.3 GBytes  9.83 Gbits/sec

# iperf -c 192.168.0.25 -i 8 -t 16
------------------------------------------------------------
Client connecting to 192.168.0.25, TCP port 5001
TCP window size: 33.2 KByte (default)
------------------------------------------------------------
[  3] local 192.168.0.15 port 30394 connected with 192.168.0.25 port 5001
[ ID] Interval       Transfer     Bandwidth
[  3]  0.0- 8.0 sec   607 MBytes   636 Mbits/sec
[  3]  8.0-16.0 sec   606 MBytes   636 Mbits/sec
[  3]  0.0-16.0 sec  1.19 GBytes   636 Mbits/sec


# sysctl net.inet.ipsec.async_crypto=1
net.inet.ipsec.async_crypto: 0 -> 1

# iperf -c 192.168.0.25 -i 8 -t 16
------------------------------------------------------------
Client connecting to 192.168.0.25, TCP port 5001
TCP window size: 33.2 KByte (default)
------------------------------------------------------------
[  3] local 192.168.0.15 port 17716 connected with 192.168.0.25 port 5001
[ ID] Interval       Transfer     Bandwidth
[  3]  0.0- 8.0 sec  1.38 GBytes  1.48 Gbits/sec
[  3]  8.0-16.0 sec  1.40 GBytes  1.51 Gbits/sec
[  3]  0.0-16.0 sec  2.78 GBytes  1.50 Gbits/sec


# kldload aesni
# setkey -DF
# setkey -c
add 10.0.0.25 10.0.0.15 esp 10000 -m tunnel -u 16385 -E rijndael-cbc
"0123456789123456";
add 10.0.0.15 10.0.0.25 esp 20000 -m tunnel -u 16385 -E rijndael-cbc
"0123456789123456";

# sysctl net.inet.ipsec.async_crypto=0
net.inet.ipsec.async_crypto: 1 -> 0

# iperf -c 192.168.0.25 -i 8 -t 16
------------------------------------------------------------
Client connecting to 192.168.0.25, TCP port 5001
TCP window size: 33.2 KByte (default)
------------------------------------------------------------
[  3] local 192.168.0.15 port 57206 connected with 192.168.0.25 port 5001
[ ID] Interval       Transfer     Bandwidth
[  3]  0.0- 8.0 sec  1.08 GBytes  1.16 Gbits/sec
[  3]  8.0-16.0 sec  1.11 GBytes  1.19 Gbits/sec
[  3]  0.0-16.0 sec  2.19 GBytes  1.18 Gbits/sec

# sysctl net.inet.ipsec.async_crypto=1
net.inet.ipsec.async_crypto: 0 -> 1

# ifconfig ipsec0 mtu 8000 down up

# iperf -c 192.168.0.25 -i 8 -t 16
------------------------------------------------------------
Client connecting to 192.168.0.25, TCP port 5001
TCP window size: 38.9 KByte (default)
------------------------------------------------------------
[  3] local 192.168.0.15 port 37641 connected with 192.168.0.25 port 5001
[ ID] Interval       Transfer     Bandwidth
[  3]  0.0- 8.0 sec  5.64 GBytes  6.06 Gbits/sec
[  3]  8.0-16.0 sec  5.76 GBytes  6.19 Gbits/sec
[  3]  0.0-16.0 sec  11.4 GBytes  6.12 Gbits/sec


-- 
WBR, Andrey V. Elsukov

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 554 bytes
Desc: OpenPGP digital signature
URL: <http://lists.freebsd.org/pipermail/freebsd-net/attachments/20180809/590d4de2/attachment.sig>

More information about the freebsd-net mailing list