[Openswan Users] IPSec Hardware Acceleration

hiren joshi joshihirenn at gmail.com
Fri Mar 27 09:36:56 EDT 2009


>> Usually acceleration makes more sense with slower systems. If you want
>> to go this fast, your best bet is probably to just get some Intel Core 2 Quad
>> system.

As this looks the easiest one from the set of options presented by
David and Paul, I want to go with this first.

> Especially if you are happy to run AES (which is much more suited to a
> SW implementation).  Of course this eats CPU you may need for something
> else,  but with a 2+GHz quad core and the right combination of kernels
> and stacks you may get close to Gbit performance using AES.

I have 2x Intel X5335 Quad core machine running linux-2.6.16.13 +
Openswan/KLIPS.
Please comment on this with respect to need for right combination of
kernels and stacks.

> Using openssl/OCF from user space you can get a total throughput of
> about 1.6Gits if you are using 10+ threads doing crypto.  A single
> thread cannot do that well (don't have the number handy).

So here nhelpers should be 9 (2 x Quad +1).
This will help me in supporting more number of tunnel creation at a time.

However, how can I speed up IPSec packet processing in KLIPS (the
packet throughput)?
Does it require any special configuration in
kernel/KLIPS/pluto/network/anything specific to multicore?
Or the SMP kernel itself will balance the processing among different
cores and will help me achieve the 1Gig figure?

Thanks for your time.

Regards,
Hiren


More information about the Users mailing list