On Oct 20, 2005, at 5:27 PM, Rainer Duffner wrote:
when i get around to it and buy some cards i'll report back
here... :-)
THX.
I've got no problem buying the Soekris card (with the company
CreditCard, that is <g>) - but at 70 quid (€) - what can I expect?
;-)
Well, here's what I know. There are basically three chipsets that
implement crytpo in hardware. There are three drivers in FreeBSD
that work with them: hifn(4), safe(4), and ubsec(4).
Of these, the hifn(4) driver seems to register to support many more
modes of operation than the other two do, especially if you use the
recent chipsets. The current Soekris 1401 card uses the hifn 7955
chip, so one would expect that most IPsec operations are
accelerated. However, the man page for the driver says this about
the chip:
Support for the 7955 and 7956 is incomplete; the asymmetric
crypto facil-
ities are to be added and the performance is suboptimal.
So everything is just confusing beyond belief now. The cards using
the ubsec(4) driver support async operations (eg, RSA needed for SSL
accelaration). So which card to choose depends on what your use for
it will be.
Here are the links to the cards I am considering so far:
http://www.safenet-inc.com/products/accCards/safeXcel171.asp
http://www.gtgi.com/products_powercrypt5x.php
http://www.soekris.com/vpn1401.htm
I have need for both IPsec use on my pfSense box as well as SSL
acceleration on my front-end web servers, so I may end up buying
different cards for each purpose. I guess it depends on price, even
when using the company card. :-)
I suspect the Soekris will be great for IPsec workload.
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
