IPSEC
Olivier Cochard-Labbé
olivier at cochard.me
Sun Dec 8 19:03:04 UTC 2013
On Sun, Dec 8, 2013 at 12:16 AM, Eitan Adler <lists at eitanadler.com> wrote:
> Hi all,
>
> I understand this is an old thread but I do not see an answer here.
> Can anyone answer the question below?
>
> On Sat, Sep 14, 2013 at 8:33 AM, Robert Millan <rmh at debian.org> wrote:
>>
>> Hi!
>>
>> Is there any particular reason (performance, stability concerns...)
>> IPSEC support is not enabled in GENERIC?
>>
>> In Debian GNU/kFreeBSD we're considering enabling it in our default
>> builds, due to increased user demand and as it is already enabled for
>> our Linux-based flavours.
>>
>> However we're concerned about diverging from FreeBSD as there might be
>> unforeseen consequences. Is there any specific concern on your side?
>>
>> If not, perhaps it could be considered for HEAD after 10.0 release?
>
>
Here are my own bench result regarding forwarding speed (paquet-per-second)
with a kernel compiled without-ipsec and with ipsec (ipsec is not enabled
during the tests, just present on the kernel) of FreeBSD 10.0-PRERELEASE:
ministat -s without-ipsec ipsec
x without-ipsec
+ ipsec
+--------------------------------------------------------------------------------+
|x + x + +x x x +
+|
| |__________________A_____M____________|
|
| |_______________M_________A__________________________|
|
+--------------------------------------------------------------------------------+
N Min Max Median Avg Stddev
x 5 1646075 1764528 1725461 1713080 44560.059
+ 5 1685034 1833206 1724461 1748666.8 62356.218
No difference proven at 95.0% confidence
I didn't see negative impact of enabling ipsec (it's even a little bit
better with it).
Regards,
Olivier
More information about the freebsd-net
mailing list