tech-crypto archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
Re: Hardware-accelerated IPsec, anyone?
> what do people use for hardware accelerated IPsec these days?
> I understand that only FAST_IPSEC (and not IPSEC) supports hardware
> acceleration. Question is - what hardware out there does support IPsec?
>
> Options that I see are:
>
> * glxsb(4) - here the manpage says no hardware IPsec is supported due to
> the lack of HMAC support:
>
> The glxsb driver only provides random numbers and AES acceleration.
> Since it does not provide HMACs, IPSec will not currently use it; it will
> however be used by OpenSSH.
>
> * hifn(4) - Available in various cards, but also with some warnings in
> the manpage:
>
> Support for the 7955 and 7956 is incomplete; the asymmetric crypto facil-
> ities are to be added and the performance is suboptimal.
>
> * ubsec(4) - looks promising by the manpage, but I've hardly heared of
> anyone use them (in contrast to HIFN based boards). Does anyone have
> a comment e.g. on the BCM58xx based NIAGARA cards sold by
> InterfaceMasters
> (http://www.interfacemasters.com/products/SSL_IPSec_cards.html)?
>
> * n8 / nsp(4) - I couldn't find a manufacturer here, and the driver
> is not listed in GENERIC (in contast to the above drivers).
> Not an option as far as I can see - anyone got a vendor for any cards?
>
> What do people use for hardware accelerated IPsec these days?
> What options did I miss, which ones are good, which ones to avoid?
> Any dmesg examples that are known working / not working?
I am not using it at all on faster machines since offloading the data to the
crypto device over a PCI bus is slower than doing the math in the CPU.
HW accelerators help for slow machines like Soekris or ALIX, though.
Home |
Main Index |
Thread Index |
Old Index