adrien mistretta wrote:
>
> > The cryptoswift card provides 'onboard' acceleration of SSL based
> > processing, but the card itself can only handle so many transactions per
> > second. What happens if your traffic load exceeds the cards ability?
> > can you easily 'spill' that extra work over to the system if you have
> > any room there?
>
> The only thing done with the cryptoswift is the RSA key calculation. All
> others things are done by your CPU(s)
So what about the actual data encryption/decryption? If the system
handles this, the potential gains are pretty high for a powerful
system. How much of the actual handshake has to be done on the card?
>
> > I know this can be done with a separate appliance, like the Intel 7115
> > (which takes the fun of actually implementing a solution away), but
> > these are overly expensive, and make relational performance measurements
> > pretty complicated in many configurations.
>
> There many other appliance
> CiberIQ, Alteon ...
> cryptoswift is very expensive , The sonicwall card seems to be nice (RSA,
> 3DES, DES, ARC[24], SHA1, MD5) and cheap, but i didn't have the opportunity
> to make some tests
I've heard of the CyberIQ. I've also heard that their numbers were
cooked a little more than most of the providers. I'm sure we will wind
up validating a number of options.
>
> > Enough rambling about this though. Now you have a context for my
> > original question: can the OpenSSL engine spill extra SSL sessions over
> > to the system cpu?
>
> When I run some test with heavy load of ssl transaction with the cryptoswift
> 200, the 2 cpus (p3-700) was 0% idle. But i don't know if some keys
> calculation has been done by the cpus
Interesting. Was your system responsible for anything else (ie, a ftp
server, etc.)? Were you using Apache in the back end?
Our system is pretty streamlined, we have left out a lot of the 'bells
and whistles' found in Apache, so we can handle a lot more throughput.
We can serve 500+ objects on a clear connection from a Netra 440, where
our experience shows Apache at less than half this for the same system.
Purely CPU bound on the server side. Client side (separate system) is
I/O bound until you start fetching on a secure connection. Maybe we
want to see how one of these cards performs there?
Thanks for your feedback.
Lou
>
> Adrien
> ______________________________________________________________________
> OpenSSL Project http://www.openssl.org
> User Support Mailing List [EMAIL PROTECTED]
> Automated List Manager [EMAIL PROTECTED]
--
Louis LeBlanc
Fully Funded Hobbyist, KeySlapper Extrordinaire :)
[EMAIL PROTECTED]
http://acadia.ne.mediaone.net
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
