Kurt Jaeger wrote this message on Mon, Nov 04, 2019 at 20:46 +0100: > Has anyone experience with operating a highspeed IPsec connection > up to 10gigabit/s between 2 FreeBSD hosts ? > > Is that speed achievable ? How much tuning is necessary ?
I haven't, but do know some hints. Make sure that you have a machine w/ AESNI, AND make sure you're using AES-GCM or AES-CTR.. Using AES-GCM is best as it avoids using a costly auth algorithm, as the AESNI instructions provide instructionts to make the GCM (auth) part of AES-GCM faster. AES-GCM can run at over 1GB/sec on a single core, so as long as the traffic can be processed by multiple threads (via multiple queues for example), it should be doable. -- John-Mark Gurney Voice: +1 415 225 5579 "All that I will do, has been done, All that I have, has not." _______________________________________________ freebsd-net@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/freebsd-net To unsubscribe, send any mail to "freebsd-net-unsubscr...@freebsd.org"