Thanks for all the responses, With sysctl kern.usercrypto=0
The 'numbers' are in 1000s of bytes per second processed. type 16 bytes 64 bytes 256 bytes 1024 bytes 8192 bytes aes-128-cbc 4864.23k 7017.85k 7896.30k 8215.34k 8238.61k aes-256-cbc 4589.43k 5356.36k 5956.85k 6008.82k 6070.19k With sysctl kern.usercrypto=1 The 'numbers' are in 1000s of bytes per second processed. type 16 bytes 64 bytes 256 bytes 1024 bytes 8192 bytes aes-128-cbc 193.60k 681.73k 2049.24k 6516.71k 12357.51k aes-256-cbc 188.07k 656.00k 2048.68k 6462.63k 12346.79k Which is slower on the on the smaller blocks and faster on the large blocks as you said. What I am really trying to achieve is decent throughput on SFTP file transfers, I have a NAS box connected to NIC vr1 and have mounted that via NFS to /nas, and then connect via SFTP on NIC vr0 and pull files out of /nas, I seem to achieve approx 2 megabytes / sec regardless of whether I have the HIFN chip installed in the mini PCI slot or not, and CPU usage also seems exactly the same. Top with crypto card removed while SFTP transfer at 2200 KiB/s is running; load averages: 1.66, 0.60, 0.33 02:21:37 20 processes: 1 running, 18 idle, 1 on processor CPU states: 69.0% user, 0.0% nice, 17.2% system, 13.9% interrupt, 0.0% idle Memory: Real: 9872K/46M act/tot Free: 197M Swap: 0K/256M used/tot PID USERNAME PRI NICE SIZE RES STATE WAIT TIME CPU COMMAND 22278 root 58 0 3480K 2580K run - 1:28 71.44% sshd 28432 root -5 0 656K 1128K sleep getblk 0:09 7.18% sftp-server 968 _openvpn 2 0 1064K 2616K sleep poll 0:26 0.00% openvpn 21013 _syslogd 2 0 544K 720K sleep poll 0:05 0.00% syslogd 6090 root 2 0 3408K 2552K sleep select 0:00 0.00% sshd 14650 root 2 0 1008K 1500K sleep select 0:00 0.00% sendmail 16844 root 18 0 508K 460K idle pause 0:00 0.00% ksh 2099 _ntp 2 0 704K 820K idle poll 0:00 0.00% ntpd 30378 root 28 0 564K 1244K onproc - 0:00 0.00% top 7669 _pflogd 4 0 472K 312K sleep bpf 0:00 0.00% pflogd 6463 root 3 0 564K 424K idle ttyin 0:00 0.00% ksh 10777 _ntp 2 0 580K 868K idle poll 0:00 0.00% ntpd 1 root 10 0 428K 308K idle wait 0:00 0.00% init 18163 root 2 0 616K 808K idle select 0:00 0.00% cron 24412 root 18 0 556K 376K idle pause 0:00 0.00% ksh 3300 root 2 0 296K 736K idle select 0:00 0.00% inetd 4900 root 2 0 508K 676K idle netio 0:00 0.00% syslogd 8166 root 2 0 676K 1176K idle select 0:00 0.00% sshd Top with crypto card installed while SFTP transfer at 2200 KiB/s running; load averages: 1.66, 0.55, 0.22 02:27:41 20 processes: 1 running, 18 idle, 1 on processor CPU states: 67.2% user, 0.0% nice, 16.5% system, 16.1% interrupt, 0.2% idle Memory: Real: 9652K/47M act/tot Free: 197M Swap: 0K/256M used/tot PID USERNAME PRI NICE SIZE RES STATE WAIT TIME CPU COMMAND 30075 root 64 0 3472K 2572K run - 0:33 72.41% sshd 10999 root -5 0 720K 1068K sleep pipewr 0:03 7.08% sftp-server 2199 _openvpn 2 0 1052K 2476K sleep poll 0:01 0.00% openvpn 29905 _syslogd 2 0 600K 696K sleep poll 0:00 0.00% syslogd 19752 root 2 0 3368K 2548K sleep select 0:00 0.00% sshd 10009 root 28 0 560K 1240K onproc - 0:00 0.00% top 21763 _ntp 2 0 664K 832K idle poll 0:00 0.00% ntpd 22026 root 18 0 568K 436K idle pause 0:00 0.00% ksh 1 root 10 0 432K 300K idle wait 0:00 0.00% init 13567 root 2 0 1036K 1452K sleep select 0:00 0.00% sendmail 9852 root 18 0 484K 368K idle pause 0:00 0.00% ksh 16925 _ntp 2 0 540K 864K sleep poll 0:00 0.00% ntpd 12897 root 2 0 356K 732K idle select 0:00 0.00% inetd 7259 root 3 0 276K 736K idle ttyin 0:00 0.00% getty 29710 root 2 0 508K 792K idle select 0:00 0.00% cron 18649 root 2 0 644K 1172K idle select 0:00 0.00% sshd 22471 _pflogd 4 0 696K 316K sleep bpf 0:00 0.00% pflogd 30995 root 2 0 580K 664K idle netio 0:00 0.00% syslogd I expected that there would be some difference with the card in and out, if sshd was using the crypto shouldn't less CPU time be going to sshd and more to interrupt as its pushing more data onto the PCI bus? Would the PCI bus be a limiting factor here? From what I understand PCI 32-bit/33 MHz has a bus speed of 133.33 MB/s which should be sufficient? Thanks Liam On Friday, February 19, 2010, at 12:33PM, "Stuart Henderson" <s...@spacehopper.org> wrote: >On 2010-02-18, Liam Farr <liamf...@me.com> wrote: >> I have a AMD Geode LX800 based system (PC Engines ALIX 2C3) and >> am trying to use a HIFN 7955 (Soekris VPN1411) crypto card to improve >> OpenSSL performance (for SFTP and OpenVPN). > >You could compare your current results with those after setting >sysctl kern.usercrypto=0 - e.g. openssl speed -evp aes128 -elapsed > >If the accelerator is working for the cipher you're testing, you >will most likely see some gains on the larger block sizes, and >probably a slow-down on smaller block sizes.