multiple crypto accelerator cards in one FreeBSD box

Sam Leffler sam at
Thu Feb 17 21:20:59 PST 2005

sekchye goh wrote:
> Hi there!
>  we are thinking of  deploying a IPSEC VPN concentrator using multiple PCI bus
> version VPN1401 cards  in a FreeBSD box using hifn support..
>  From the technical specs in Soekris website
> each card can support 24 to 70 connections.  The question is if we
> put 3 VPN1401 cards in a single box, does this mean the FreeBSD box can support
> 3 x (24 to 70) IPSEC connections ?

Not sure where the 24-70 connection numbers come from.  If it's based on 
alllocating session state in on-chip SDRAM then that was removed a while 
ago by moving the session state allocation to host memory.  If the 
numbers are representative of peak performance then I'd be curious where 
they came from.  Understand that you're likely to be bus-limited for 
performance and adding additional cards isn't going to help unless cards 
are on separate pci buses.  Beware however that the current crypto code 
does not manage multiple cards well.  If you decide to go with multiple 
cards you'll want to do some load balancing.


More information about the freebsd-security mailing list