Jivin Prashant Kumar lays it down ...
> Hello Group,
>
> I am using Broadcom (ubsec) based hardware accelerator on a Vxworks 5.x
> platform. I see that my CPU usage is just 40 % when I hit the max number of
> TLS connection. I have a queue between the TCP stack and the application
> where I am running the TLS. I am running TLS using the memory bios. What I
> see is that the queue between the TCP stack and my TLS application is getting
> full because the TLS application is not picking the packets from the queue
> fast enough eventhough it is running at a higher priority. My preliminary
> thinking was that because I am using a blocking call to the Hardware
> accelerator, my TLS application is wasting a lot of time waiting for the
> operation to complete and not keeping up with the TCP since my TLS
> application is just using 40% of the CPU.
>
> My question is even if I get my Broadcom to run asynchronously, how can i
> make openssl engine to behave asynchronous as I understand from the code that
> the operation is very synchronous.
If you make the engine async, then it will benefit multiple openssl
instances. So something like:
openssl speed -evp des -elapsed -multi 10
where you run 10 processes at the same time should get more throughput.
An async engine will not improve a single thread of execution though,
since the API in user space is still sync.
Cheers,
Davidm
> Girish Venkatachalam <[EMAIL PROTECTED]> wrote:
>
>
> --- Prashant Kumar
> wrote:
>
> > Hello Group,
> >
> > Is there anyway I could use the crypto hardware
> > engine asynchronously with OpenSsl. Looking at the
> > code it doesn't look like.
> >
> > The reason I am asking this is, in our deployment,
> > I see that the CPU on which I am running OpenSsl is
> > loaded just 40% and I still hit the maximum number
> > of TLS sessions i could process. My assumption is
> > that it could be because we are using synchronous
> > call with the hardware accelerator and are blocked
> > waiting for the hardware engine to do its works
> > (that is decryption/encryption of each packet).
> >
> Did you try "opessl speed -engine rsa ...."?
>
> Do your results correspond to the documentation given
> with your hardware device?
>
> Try to isolate the problem first. How do you say you
> are hitting the maximum number of TLS sessions? It
> could mean various things like network, your card, CPU
> anything.
>
> More details on what crypto you are accelerating could
> help.
>
> regards,
> Girish
> > Any help is appreciated.
> >
> > Thanks,
> > Prashant.
> >
> >
> > ---------------------------------
> > Do you Yahoo!?
> > Everyone is raving about the all-new Yahoo! Mail
> Beta.
>
>
> __________________________________________________
> Do You Yahoo!?
> Tired of spam? Yahoo! Mail has the best spam protection around
> http://mail.yahoo.com
> ______________________________________________________________________
> OpenSSL Project http://www.openssl.org
> Development Mailing List [email protected]
> Automated List Manager [EMAIL PROTECTED]
>
>
>
> ---------------------------------
> Talk is cheap. Use Yahoo! Messenger to make PC-to-Phone calls. Great rates
> starting at 1?/min.
--
David McCullough, [EMAIL PROTECTED], Ph:+61 734352815
Secure Computing - SnapGear http://www.uCdot.org http://www.cyberguard.com
______________________________________________________________________
OpenSSL Project http://www.openssl.org
Development Mailing List [email protected]
Automated List Manager [EMAIL PROTECTED]
