Hi Martin, Thanks for your input...
-Sunil On 09-01-2014 14:19, Martin Willi wrote: > Hi, > >> I want to enhance IPsec stack performance, I'm evaluating few NIC/PCI >> IPsec hardware acceleration cards. >> >> Please suggest plugin card compatible with strong swan. > strongSwan usually does not process raw ESP packets, that's handled in > the kernel. So to increase IPsec throughput, you'll need an accelerator > for the kernel. > > Linux with its native IPsec stack uses the Linux Crypto API. So you > should check that your accelerator provides a driver for this API. A > growing set of drivers comes with vanilla Linux. > > Accelerating userland is different. Usually it is not that important, as > there are not that much IKE packets to encrypt. You can use the af-alg > plugin, though, allowing you to delegate encryption to the Linux crypto > API. Specific hardware drivers are possible as well, the padlock plugin > is an example. > > Delegating DH or RSA to crypto hardware might help to increase tunnel > setup performance. If you use our openssl plugin, you might take > advantage of an engine to accelerate crypto in userspace. The pkcs11 > plugin can be used as well to delegate some operations if your driver > has a PKCS#11 interface. > > Regards > Martin > > > -- Sunil Vasanta Sawridgesystems _______________________________________________ Users mailing list [email protected] https://lists.strongswan.org/mailman/listinfo/users
