10g IPsec ?
John-Mark Gurney
jmg at funkthat.com
Tue Nov 5 19:15:36 UTC 2019
Kurt Jaeger wrote this message on Mon, Nov 04, 2019 at 20:46 +0100:
> Has anyone experience with operating a highspeed IPsec connection
> up to 10gigabit/s between 2 FreeBSD hosts ?
>
> Is that speed achievable ? How much tuning is necessary ?
I haven't, but do know some hints. Make sure that you have a machine
w/ AESNI, AND make sure you're using AES-GCM or AES-CTR.. Using
AES-GCM is best as it avoids using a costly auth algorithm, as the
AESNI instructions provide instructionts to make the GCM (auth) part
of AES-GCM faster.
AES-GCM can run at over 1GB/sec on a single core, so as long as the
traffic can be processed by multiple threads (via multiple queues
for example), it should be doable.
--
John-Mark Gurney Voice: +1 415 225 5579
"All that I will do, has been done, All that I have, has not."
More information about the freebsd-net
mailing list