> > Given the relatively low CPU power to perform encryption these days and > still maintain wire speed, it's just not worth taking the risk of *not* > encrypting. > > > "Wire-speed" on fiber-optic links is much higher than you relate here. > It's unlikely that any off-the-shelf pfSense box would handle same, even > without encryption. >
The context here is a wireless link though. Chances are it wont even be close to fiber speed. And seeing as this is a pfsense list, most applications being discussed will be as-stated like here (microwave) or 10/100/1000 copper, so within the scope of the vast majority of users it was an appropriate statement Full wire-speed encryption on fiber is a corner case and usually isn't relevant when talking about a perimeter device. Especially since this sounds like a layer 2 discussion. But you are correct that wirespeed encryption on optical links won't happen with typical home user commodity hardware. You don't even get into the speed range where CPU becomes an issue in a typical deployment till you have midrange or higher enterprise grade switches though, so again it's kind of out of scope. -Ian
_______________________________________________ List mailing list List@lists.pfsense.org http://lists.pfsense.org/mailman/listinfo/list
