SSL acceleration cards
John-Mark Gurney
jmg at funkthat.com
Thu Mar 13 21:47:02 UTC 2014
Riccardo Veraldi wrote this message on Thu, Mar 13, 2014 at 20:31 +0100:
> the problem is that SSL applications like SSH fiel transfer with SCP or SFTP
> performs terrivle on Ultra SPARC III CPU, on 1Gbit network LAN
> i get only 3MB/s, and this is CPU bottle neck...
> i thought that a SSL accel card could help out a bit on my sun blade 1000
> but maybe I am wrong...
If you load cryptodev.ko and have a card, you will be able to make use
of the accelerator card... depending upon how much you are willing to
pay will determine the performance...
For example, the hifn mini-pci card w/ a 7954 that is readily available
will only do 128bit AES at 19Mbps (bits), so that'd be slower than what
you're seeing now...
I have not been able to find a card that is >100Mbps that isn't the cost
of a complete new computer... Though I'd be willing to be proven wrong..
> On 3/13/14 5:35 PM, John-Mark Gurney wrote:
> >Riccardo Veraldi wrote this message on Thu, Mar 13, 2014 at 10:42 +0100:
> >>I have a Sun Blade system with FreeBSD 9.2
> >>I would like to ask which SSL acceleration card is well supported in
> >>par a iticular for sparc64 platform.
> >>Any of the one dor x86 will work also on sparc64 ?
> >>anyone uses that on sparc64 platforms ?
> >I don't know of any modern crypto acceleration card that is supported
> >by FreeBSD... There are many old ones, like the hifn, but when I
> >was researching them a while back, the performance was so slow that
> >you might as well do software crypto...
> >
> >The other one is Broadcom's (ubsec(4)) but the faster card only runs at
> >1Gbit/s and no support for AES-GCM (though we don't have AES-GCM support
> >in the tree, so it wouldn't help anyways)...
> >
> >I'm not sure if anyone has ever tried to run these cards in a non-x86
> >machine... There could be endian issues w/ the drivers....
> >
> >When trying to purchase these cards, either I couldn't find a supplier,
> >or the price was so high, it'd be cheaper to buy a whole new system w/
> >a modern amd64 processor that has AES-NI to do it... Even some sub-$150
> >CPUs support AES-NI which can give you 2GBbytes/s per core AES-XTS
> >(sans geli overhead)... I did most of my AES-NI work on an AMD
> >A10-5700... Though FreeBSD 9.2 doesn't have all the latest AES-NI
> >improvements, nor does 9-stable, so AES-NI is only marginally faster
> >than software crypto in 9.x...
> >
> >There are some modern cards out there, but no one has written drivers
> >out there, or the vendors are not supporting writing drivers for
> >them...
> >
> >What is your use case that you are looking to use the card for?
--
John-Mark Gurney Voice: +1 415 225 5579
"All that I will do, has been done, All that I have, has not."
More information about the freebsd-sparc64
mailing list