10g IPsec ?
Muenz, Michael
m.muenz at spam-fetish.org
Tue Nov 5 21:55:21 UTC 2019
Am 05.11.2019 um 20:15 schrieb John-Mark Gurney:
> Kurt Jaeger wrote this message on Mon, Nov 04, 2019 at 20:46 +0100:
>> Has anyone experience with operating a highspeed IPsec connection
>> up to 10gigabit/s between 2 FreeBSD hosts ?
>>
>> Is that speed achievable ? How much tuning is necessary ?
> I haven't, but do know some hints. Make sure that you have a machine
> w/ AESNI, AND make sure you're using AES-GCM or AES-CTR.. Using
> AES-GCM is best as it avoids using a costly auth algorithm, as the
> AESNI instructions provide instructionts to make the GCM (auth) part
> of AES-GCM faster.
>
> AES-GCM can run at over 1GB/sec on a single core, so as long as the
> traffic can be processed by multiple threads (via multiple queues
> for example), it should be doable.
>
These were my short results via OPNsense on 4 year old XEONs.
So its 11.2, mostly untuned and strongswan as IPsec implementation.
If you need more detailed specs just drop me a line.
https://www.routerperformance.net/comparing-opnsense-vpn-performance/
Best,
Michael
More information about the freebsd-net
mailing list