Kurt Jaeger wrote this message on Mon, Nov 04, 2019 at 20:46 +0100:
> Has anyone experience with operating a highspeed IPsec connection
> up to 10gigabit/s between 2 FreeBSD hosts ?
>
> Is that speed achievable ? How much tuning is necessary ?
I haven't, but do know some hints. Make sure that you have a machine
w/ AESNI, AND make sure you're using AES-GCM or AES-CTR.. Using
AES-GCM is best as it avoids using a costly auth algorithm, as the
AESNI instructions provide instructionts to make the GCM (auth) part
of AES-GCM faster.
AES-GCM can run at over 1GB/sec on a single core, so as long as the
traffic can be processed by multiple threads (via multiple queues
for example), it should be doable.
--
John-Mark Gurney Voice: +1 415 225 5579
"All that I will do, has been done, All that I have, has not."
_______________________________________________
freebsd-net@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-net
To unsubscribe, send any mail to "freebsd-net-unsubscr...@freebsd.org"
