is there somewhere one can get a list of the supported engine cards?
I mean, there are vendors out there, other than Rainbow, who'd like
to put their two milli-euro's worth into this conversation but
that would be impolite and a commercial advertisement....
(yeah, yeah, read the source. I mean a real list of the cards
and how you buy them/etc.)
At 08:52 AM 1/19/01 -0500, you wrote:
>adrien mistretta wrote:
> >
> > > The cryptoswift card provides 'onboard' acceleration of SSL based
> > > processing, but the card itself can only handle so many transactions per
> > > second. What happens if your traffic load exceeds the cards ability?
> > > can you easily 'spill' that extra work over to the system if you have
> > > any room there?
> >
> > The only thing done with the cryptoswift is the RSA key calculation. All
> > others things are done by your CPU(s)
>
>So what about the actual data encryption/decryption? If the system
>handles this, the potential gains are pretty high for a powerful
>system. How much of the actual handshake has to be done on the card?
>
> >
> > > I know this can be done with a separate appliance, like the Intel 7115
> > > (which takes the fun of actually implementing a solution away), but
> > > these are overly expensive, and make relational performance measurements
> > > pretty complicated in many configurations.
> >
> > There many other appliance
> > CiberIQ, Alteon ...
> > cryptoswift is very expensive , The sonicwall card seems to be nice (RSA,
> > 3DES, DES, ARC[24], SHA1, MD5) and cheap, but i didn't have the opportunity
> > to make some tests
>
>I've heard of the CyberIQ. I've also heard that their numbers were
>cooked a little more than most of the providers. I'm sure we will wind
>up validating a number of options.
>
> >
> > > Enough rambling about this though. Now you have a context for my
> > > original question: can the OpenSSL engine spill extra SSL sessions over
> > > to the system cpu?
> >
> > When I run some test with heavy load of ssl transaction with the
> cryptoswift
> > 200, the 2 cpus (p3-700) was 0% idle. But i don't know if some keys
> > calculation has been done by the cpus
>
>Interesting. Was your system responsible for anything else (ie, a ftp
>server, etc.)? Were you using Apache in the back end?
>Our system is pretty streamlined, we have left out a lot of the 'bells
>and whistles' found in Apache, so we can handle a lot more throughput.
>We can serve 500+ objects on a clear connection from a Netra 440, where
>our experience shows Apache at less than half this for the same system.
>Purely CPU bound on the server side. Client side (separate system) is
>I/O bound until you start fetching on a secure connection. Maybe we
>want to see how one of these cards performs there?
>
>Thanks for your feedback.
>
>Lou
>
>
> >
> > Adrien
> > ______________________________________________________________________
> > OpenSSL Project http://www.openssl.org
> > User Support Mailing List [EMAIL PROTECTED]
> > Automated List Manager [EMAIL PROTECTED]
>
>--
>Louis LeBlanc
>Fully Funded Hobbyist, KeySlapper Extrordinaire :)
>[EMAIL PROTECTED]
>http://acadia.ne.mediaone.net
>______________________________________________________________________
>OpenSSL Project http://www.openssl.org
>User Support Mailing List [EMAIL PROTECTED]
>Automated List Manager [EMAIL PROTECTED]
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
