Re: seeking current supported crypto co-processors

On Fri, Sep 03, 2010 at 02:26:37PM -0700, Ricky Charlet wrote:
Thanks Ivan,

You have some valid points about performance. I was hoping not to get distracted from the main thrust of my question by performance considerations though.

Are their PCIe attachable crypto co-processors with current vendor support for FreeBSD8.x? If anyone else reading this thread want's to chime in with info about current supported crypto co-processors that plug in via PCIe, please drop a note.

However, I think you do deserve a reply on the performance topic...

I am close enough to agreeing with you to not argue much about whether modern CPU parts can saturate a 1 Gb link with crypto data. The CPU part I am currently married to (a touch old but not that bad), seems to be able to through around 200Mb of IP-ESP data around. However, in spite of these observations, I would prefer if my system could handle that throughput load and yet have CPU power left over for other tasks.

I'm very attracted to Andre's mention of "newer x86/amd64
CPU's see:";. Does
anyone know if FreeBSD supports or will support this through either
/dev/crypto or through openssl (or any other mechanism I guess)?
I believe recent OpenSSL 1.x supports AESNI in usermode.

For the AES acceleration in the kernel and /dev/crypto support
see the aesni driver in the recent HEAD, working both on i386 and
amd64 architectures. I had a plan to merge the driver into RELENG_8,
but it is stalled due to some issues (not related to the driver

Attachment: pgpCDxc1D1dTo.pgp
Description: PGP signature