multiple crypto accelerator cards in one FreeBSD box
sam at errno.com
Thu Feb 17 21:20:59 PST 2005
sekchye goh wrote:
> Hi there!
> we are thinking of deploying a IPSEC VPN concentrator using multiple PCI bus
> version VPN1401 cards in a FreeBSD box using hifn support..
> From the technical specs in Soekris website
> each card can support 24 to 70 connections. The question is if we
> put 3 VPN1401 cards in a single box, does this mean the FreeBSD box can support
> 3 x (24 to 70) IPSEC connections ?
Not sure where the 24-70 connection numbers come from. If it's based on
alllocating session state in on-chip SDRAM then that was removed a while
ago by moving the session state allocation to host memory. If the
numbers are representative of peak performance then I'd be curious where
they came from. Understand that you're likely to be bus-limited for
performance and adding additional cards isn't going to help unless cards
are on separate pci buses. Beware however that the current crypto code
does not manage multiple cards well. If you decide to go with multiple
cards you'll want to do some load balancing.
More information about the freebsd-security