Scott Bennett wrote:

>>
>> One caveat with the BCM5821 or the Sun Crypto 1000 is that not all of them 
>> support AES - I can't tell for sure, but it looks like AES support was 
>> added after the fact, and it depends on firmware version.  The BCM5825 is 
>> a safer bet if you're buying off of ebay, etc., but is more expensive.
>>
>> Everything I have mentioned here appears to be pci64/pci-X, rather than 
>> pci-e.
>>
>>
>>> Any comments on the effectiveness of these parts, and the likelihood that 
>>> they will actually allow a greater network throughput on the same 
>>> underlying 
>>> cpu(s) and memory, is appreciated.
>>>
>>> I have been under the impression that memory is more of a limiting factor 
>>> than cpu - with some estimates being 750-ish megabytes of ram per 
>>> 10mbits/s. 
>>> I am unsure whether hardware crypto acceleration will decrease this memory 
>>> load, or simply decrease cpu load.
>>
>> I got these loose numbers off of an archived list discussion, but it 
>> appears to be false.  Again from irc:
>>
>> "tor is actually cpu-bound rather than ram-bound on the fast relays i 
>> think you should be able to push 10MB/s in 1G of ram"
>>
>> So crypto-acceleration appears to be useful.
>>
>      The symmetric-key processing is very fast and takes up little CPU time.
> The apparent hangup on the high-rate relays is the asymmetric-key processing
> (i.e., onion-skin encrypting/decrypting).  FWIW, when I was running a relay,
> it could be running at rates over 300 KB/s while using less than 1% of the
> CPU when it was simply passing cells back and forth among the various
> connections.  When new onion skins came in to be decrypted was when tor would
> suddenly use much more CPU time for a moment or two.
>> Unanswered questions:
>>
>>
>> - how painful is actual integration?  Just because the driver is there and 
>> those options are available in Tor doesn't mean it will be a snap.  Word 
>> on the street is that "coderman" has actually done this ... comments ?
>>
>> - Is the BCM5825 the most powerful solution that can be easily made to 
>> work on FreeBSD ?  The soekris cards are much less powerful, the SafeNet 
>> 1741 has a lower throughput and the 1742/1746 parts are not listed on the 
>> FreeBSD HCL.  Not sure where the Sun Crypto 6000 lies on this continuum, 
>> but it appears to NOT be a broadcom based card.
>>
>> - Is anyone _actually_ testing Tor, and more specifically, hardware crypto 
>> acceleration of Tor, in high speed (gigabit) test environments ?



I did testing with the Niagara 2 chips on some Sun systems running Solaris and 
got good results.
The critical operation is not necessarily the SSL, but rather the AES CTR mode 
algorithms.
I did not test this on a gigabit test network though.

The problem I discovered was that just getting accelerated AES from hardware
was not giving much improvement if the CTR mode operations had to be done
in software.  The N2 supports AES CTR in hardware so you can pass
the entire buffer to be encrypted at once instead of doing 16 bytes at a time
and updating the counters in software.  

As far as I could tell, OpenSSL had no support for getting AES CTR from
hardware (0.9.8k), at least not without some heavy mods to the engine.

I blogged about it here:
http://blogs.sun.com/wyllys/entry/the_onion_router_tor_in

Also posted a short paper describing the analysis (using DTrace) here:
http://blogs.sun.com/wyllys/resource/tor-analysis.pdf


-Wyllys Ingersoll

***********************************************************************
To unsubscribe, send an e-mail to majord...@torproject.org with
unsubscribe or-talk    in the body. http://archives.seul.org/or/talk/

Reply via email to