10g IPsec ?
Olivier Cochard-Labbé
olivier at freebsd.org
Tue Nov 5 22:45:25 UTC 2019
On Tue, Nov 5, 2019 at 8:15 PM John-Mark Gurney <jmg at funkthat.com> wrote:
> AES-GCM can run at over 1GB/sec on a single core, so as long as the
> traffic can be processed by multiple threads (via multiple queues
> for example), it should be doable.
>
>
I didn't bench this setup (10Gb/s IPSec) but I believe we will have the
same problem with IPSec as with all VPN setups (like PPPoE or GRE): the
IPSec tunnel will generate one IP flow preventing load sharing between all
the NIC's RSS queues.
I'm not aware of improvement to remove this limitation.
Regards,
Olivier
More information about the freebsd-net
mailing list