[Soekris] vpn1411 in a net4801 with FreeBSD
der Mouse
mouse at Rodents.Montreal.QC.CA
Mon Dec 10 19:53:50 UTC 2007
> [...FreeBSD 6.2...OpenVPN...]
> My question is whether adding the vpn1411 encryption card will help
> increase my throughput.
I tried it under NetBSD (with a 4801, I think it was) and my experience
says it won't. I found that, for OpenVPN's use, the overhead of
crossing into the kernel outweighed the crypto performance gain.
FreeBSD may be different; I don't know how much of that overhead is the
hardware and how much is the software. Also, this was testing a single
stream in isolation. It's possible that if you have multiple data
streams going, you'd see an overall throughput win even if a single
stream in isolation is impaired, because crypto offload means
non-crypto stuff can happen on the main CPU while the crypto is
running.
> I've searched the mailing list archives and I've seen several folks
> having issues with the vpn1411 card and getting "Corrupted MAC on
> input" errors with any kind of usermode encryption, which OpenVPN
> uses.
I saw that with ssh. I didn't see anything to make me think that
OpenVPN was getting hit with comparable problems, but I didn't look,
either; it's entirely possible some small fraction of OpenVPN's packets
were getting corrupted too, with the corruption hidden by
retransmissions.
Also, my experience is a few years old by now. It's possible some
relevant piece has changed since then.
/~\ The ASCII der Mouse
\ / Ribbon Campaign
X Against HTML mouse at rodents.montreal.qc.ca
/ \ Email! 7D C8 61 52 5D E7 2D 39 4E F1 31 3E E8 B3 27 4B
More information about the Soekris-tech
mailing list