(replying to my own post to pass on what I've learned in the last day)
On Mon, 12 Oct 2009, John Case wrote:
I can see notes like this in the changelog:
Solve a bug that kept hardware crypto acceleration from getting
enabled when accounting was turned on. Fixes bug 907. Bugfix on
0.0.9pre6.
From irc:
jcase: be sure to use 0.2.2.x:
... as it appears that only that release and newer can be assured of
proper "HardwareAccel" support ...
- New AccelName and AccelDir options add support for dynamic OpenSSL
hardware crypto acceleration engines.
I would like hardware acceleration for my nodes. What part or parts are
known to work well with FreeBSD ?
While there are several drivers in FreeBSD, my own impression is that the
ubsec driver is the right choice, currently, as it drives a long list of
broadcom-based PCI cards, most notably the BCM5821, which is the chip
driving the "Sun Crypto 1000" which can be had cheaply on ebay, and the
BCM5825, which is the latest and greatest of these cards.
One caveat with the BCM5821 or the Sun Crypto 1000 is that not all of them
support AES - I can't tell for sure, but it looks like AES support was
added after the fact, and it depends on firmware version. The BCM5825 is
a safer bet if you're buying off of ebay, etc., but is more expensive.
Everything I have mentioned here appears to be pci64/pci-X, rather than
pci-e.
Any comments on the effectiveness of these parts, and the likelihood that
they will actually allow a greater network throughput on the same underlying
cpu(s) and memory, is appreciated.
I have been under the impression that memory is more of a limiting factor
than cpu - with some estimates being 750-ish megabytes of ram per 10mbits/s.
I am unsure whether hardware crypto acceleration will decrease this memory
load, or simply decrease cpu load.
I got these loose numbers off of an archived list discussion, but it
appears to be false. Again from irc:
"tor is actually cpu-bound rather than ram-bound on the fast relays i
think you should be able to push 10MB/s in 1G of ram"
So crypto-acceleration appears to be useful.
Unanswered questions:
- how painful is actual integration? Just because the driver is there and
those options are available in Tor doesn't mean it will be a snap. Word
on the street is that "coderman" has actually done this ... comments ?
- Is the BCM5825 the most powerful solution that can be easily made to
work on FreeBSD ? The soekris cards are much less powerful, the SafeNet
1741 has a lower throughput and the 1742/1746 parts are not listed on the
FreeBSD HCL. Not sure where the Sun Crypto 6000 lies on this continuum,
but it appears to NOT be a broadcom based card.
- Is anyone _actually_ testing Tor, and more specifically, hardware crypto
acceleration of Tor, in high speed (gigabit) test environments ?
- Is anyone _actually_ performing SSL operations in CUDA using GPUs, and
if not, how much of my free time and mindshare over the next year will be
spent on that fascinating question ?
I'll be ordering some parts and setting up some rudimentary tests in the
next few months, but any comments or suggestions or war stories would be
very helpful.
***********************************************************************
To unsubscribe, send an e-mail to majord...@torproject.org with
unsubscribe or-talk in the body. http://archives.seul.org/or/talk/
