SSL acceleration cards
jmg at funkthat.com
Thu Mar 13 20:17:46 UTC 2014
Rob Sciuk wrote this message on Thu, Mar 13, 2014 at 14:38 -0400:
> On Thu, 13 Mar 2014, John-Mark Gurney wrote:
> >Date: Thu, 13 Mar 2014 09:35:26 -0700
> >From: John-Mark Gurney <jmg at funkthat.com>
> >To: Riccardo Veraldi <riccardo.veraldi at gmail.com>
> >Cc: freebsd-sparc64 <freebsd-sparc64 at freebsd.org>
> >Subject: Re: SSL acceleration cards
> >Riccardo Veraldi wrote this message on Thu, Mar 13, 2014 at 10:42 +0100:
> >>I have a Sun Blade system with FreeBSD 9.2
> >>I would like to ask which SSL acceleration card is well supported in
> >>particular for sparc64 platform.
> >>Any of the one dor x86 will work also on sparc64 ?
> >>anyone uses that on sparc64 platforms ?
> >I don't know of any modern crypto acceleration card that is supported
> >by FreeBSD... There are many old ones, like the hifn, but when I
> >was researching them a while back, the performance was so slow that
> >you might as well do software crypto...
> >The other one is Broadcom's (ubsec(4)) but the faster card only runs at
> >1Gbit/s and no support for AES-GCM (though we don't have AES-GCM support
> >in the tree, so it wouldn't help anyways)...
> >I'm not sure if anyone has ever tried to run these cards in a non-x86
> >machine... There could be endian issues w/ the drivers....
> >When trying to purchase these cards, either I couldn't find a supplier,
> >or the price was so high, it'd be cheaper to buy a whole new system w/
> >a modern amd64 processor that has AES-NI to do it... Even some sub-$150
> >CPUs support AES-NI which can give you 2GBbytes/s per core AES-XTS
> >(sans geli overhead)... I did most of my AES-NI work on an AMD
> >A10-5700... Though FreeBSD 9.2 doesn't have all the latest AES-NI
> >improvements, nor does 9-stable, so AES-NI is only marginally faster
> >than software crypto in 9.x...
> >There are some modern cards out there, but no one has written drivers
> >out there, or the vendors are not supporting writing drivers for
> >What is your use case that you are looking to use the card for?
> Did I read somewhere about using GPU's (3D accelerated graphics cards) as
> accelerators using domain specific languages?
That could definately be done, but as far as I know, we don't have
any support for running code on the GPU in FreeBSD yet...
It also depends upon the use case... If you want it for IPSEC, you need
to have the driver be able to run in kernel... If you're just talking
about improving OpenSSL, that could definately be done in userland...
John-Mark Gurney Voice: +1 415 225 5579
"All that I will do, has been done, All that I have, has not."
More information about the freebsd-sparc64