Subject: Re: IPsec performance
To: None <>
From: None <>
List: tech-security
Date: 07/19/2000 06:24:05
  by with SMTP; 18 Jul 2000 21:24:55 -0000
	by (8.9.3+3.2W/3.7W) with ESMTP id GAA00940;
	Wed, 19 Jul 2000 06:24:05 +0900 (JST)
In-reply-to: tls's message of Tue, 18 Jul 2000 12:57:01 -0400.
Subject: Re: IPsec performance
Date: Wed, 19 Jul 2000 06:24:05 +0900
Message-ID: <>

>With 466MHz Celeron CPUs and decent network hardware (3c905B) the most
>throughput I seem to be able to force through our IPsec is about 1.5MB/sec
>(that's mega *bytes*, not bits).  Though I'm told by several people that
>this is not atypical for a software-only IPsec implementation, I don't
>understand _why_.

	see KAME PR 229.

	basically, blowfish uses very big intermediate data and we cant
	hold it on the stack.  we endup using static memory pool and
	hence we need spl locks.  we'll try to correct it.