[RFC/RFT] projects/ipsec
Olivier Cochard-Labbé
olivier at cochard.me
Tue Dec 13 13:45:51 UTC 2016
On Sun, Dec 11, 2016 at 12:07 AM, Andrey V. Elsukov <ae at freebsd.org> wrote:
> Hi All,
>
> I am pleased to announce that projects/ipsec, that I started several
> months ago is ready for testing and review.
> The main goals were:
> * rework locking to make IPsec code more friendly for concurrent
> processing;
> * make lookup in SADB/SPDB faster;
> * revise PFKEY implementation, remove stale code, make it closer
> to RFC;
> * implement IPsec VTI (virtual tunneling interface);
> * make IPsec code loadable as kernel module.
>
>
I've got a very simple configuration (static key),but I like the
performance improvement brings by projects/ipsec :-)
A simple packet-per-second using null encryption should be enough for
benching the improvement, but my IPSec lab (using Equilibrium methodology)
did a little more.
https://github.com/ocochard/netbenches/blob/master/AMD_GX-
412TC_4Cores_Intel_i210AT/ipsec/results/fbsd12.projects-
ipsec.equilibrium/graph.png
Thanks for your work!
Olivier
More information about the freebsd-current
mailing list