>-----Original Message-----
>From: Charles Steinkuehler
>Subject: Re: [Leaf-user] Is this newbie even in the right ballpark with
>LEAF? (Summary)
>
>
>> >Do not make the mistake of equating "stripped down" with "low capacity".
>>
>> I'm not confusing the two. However, I've already identified two
>optimizations that can't be used with the standard LEAF distro
>>
>> 1) No linux support for hardware encryption accelerators;
>>
>> 2) No IP stack multithreading in the 2.2 kernel, which effectively neuters
>> dual CPU hardware.
>
>Both correct, AFAIK, but you can use the 2.4 kernel with LEAF and get around
>the second issue...
>
>> With an ipsec tunnel in place, throughput was between 3268 and 3402
>> KB/sec [Which is 32 to 34 megabits per second encryption rate]
>>
>> ---
>>
>> This 3.3 megabit 3DES encryption rate with the PIII/733 is only about that
>of a pair of T-1 lines; while the similar hardware in the Intel box has an
>> encryption rate of 95 megabits.
>
>??? You're confusing me...how do you go from 32-34 MBits/s to 3.3 MBits/s?
My bad: I slipped a decimal point
><major snipage>
>
>> I'm not trying to bash FreeS/WAN - Quite to the contrary! I know it's a
>> decent product that does its job well. When I see something with about the
>> same hardware (PIII/733) that's 3 times more efficient, though, it raises
>> a flag.
>
>Yeah, but those are the specs with the optional hardware crypto accelerator.
>You can't compare the hardware assisted numbers of the intel box with the
>CPU only numbers of FreeS/WAN, and claim the intel box is 3x faster code, or
>3x more efficient code...it's faster because it has a crypto ASIC built-in
>to offload the CPU.
>
>I've seen a number of reports from folks successfully using hardware
>acceleration with FreeS/WAN,
Oh? I didn't see any drivers for hardware accelerators - Or did
I miss something.
>although this is not a particularly main-stream
>thing. If you really want to burst to 155 MBits/sec, you'll probably need
>some form of hardware acceleration (at least for a year or two, until the
>5-6 GHz CPU's come out).
If I need more CPU horsepower, I'll use 21264 (Alpha) CPU's instead.
>You might also want to note that the new AES
>crypto algorithm is much more CPU friendly than 3DES (as are several other
>cryto standards). You may be able to find FreeS/WAN patches for rijendall
>(sp?) or some of the other alternate crypto schemes that will give you
>higher throughput than 3DES.
>
>Charles Steinkuehler
Cheers!
Dan
When the chips are down, the buffalo is empty
_______________________________________________
Leaf-user mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
