tech-crypto archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

Hardware-accelerated IPsec, anyone?




Hi,

what do people use for hardware accelerated IPsec these days?
I understand that only FAST_IPSEC (and not IPSEC) supports hardware
acceleration. Question is - what hardware out there does support IPsec?

Options that I see are:

 * glxsb(4) - here the manpage says no hardware IPsec is supported due to
   the lack of HMAC support:

     The glxsb driver only provides random numbers and AES acceleration.
     Since it does not provide HMACs, IPSec will not currently use it; it will
     however be used by OpenSSH.

 * hifn(4) - Available in various cards, but also with some warnings in
   the manpage:

     Support for the 7955 and 7956 is incomplete; the asymmetric crypto facil-
     ities are to be added and the performance is suboptimal.

 * ubsec(4) - looks promising by the manpage, but I've hardly heared of
   anyone use them (in contrast to HIFN based boards). Does anyone have
   a comment e.g. on the BCM58xx based NIAGARA cards sold by
   InterfaceMasters
   (http://www.interfacemasters.com/products/SSL_IPSec_cards.html)?

 * n8 / nsp(4) - I couldn't find a manufacturer here, and the driver
   is not listed in GENERIC (in contast to the above drivers).
   Not an option as far as I can see - anyone got a vendor for any cards?

What do people use for hardware accelerated IPsec these days?
What options did I miss, which ones are good, which ones to avoid?
Any dmesg examples that are known working / not working?

Thanks!


 - Hubert


Home | Main Index | Thread Index | Old Index