FreeBSD + Rainbow Cryptoswift
Sam Leffler
sam at errno.com
Mon Jan 26 10:39:34 PST 2004
On Monday 26 January 2004 10:25 am, Robert Watson wrote:
> On Mon, 26 Jan 2004, Rumen Telbizov wrote:
> > Thank for the reply Mike.
> >
> > I took a look at those cards (vpn1201 and vpn1211). They don't seem to
> > have AES support and only support 2-8 RSA connections/sec. Rainbow say
> > that their cards support 1000 RSA connections/sec which is quite
> > astonishing. The vpn1401 and vpn1411 seem to have better performance
> > but as you said the hifn(4) driver support is broken for those :(
>
> Poul-Henning recently sent me some performance numbers from his initial
> work to hook GEOM up to the AES support in the crypto framework using the
> VPN1401/1411. He didn't seem to report any brokenness in the driver in
> -CURRENT. The support may not yet have been MFC'd to -STABLE yet,
> however. I've CC'd Sam since his fingerprints are all over the code in
> question. :-)
Asymmetric crypto calculations are presently very slow because the code is
unchanged from openbsd. Each operation malloc's several buffers and requires
multiple context switches to insure the mallocs can be done in a blockable
context. In addition the asymmetric crypto handling code has not been
optimized using the techniques applied to the symmetric crypto code paths.
If these issues were addressed we'd probably get similar results.
Not sure about the comment about the hifn driver being broken. If there's
something wrong noone's reported it to me.
Sam
More information about the freebsd-stable
mailing list