|
Hello,
Your main bottleneck will be in the amount of data that your average CPU
can {de,en}crypt. Something like a 2Ghz chip should be able to encrypt a
little over a megabyte a second, with a good tail wind. You would be
:) Nice statement. It's not only the CPU that needs some power. You
definitely want to find a CPU with a lot of L2 (maybe L3) cache. At
least 1 MByte. If it supports data prefetch logic like a Tualatin or a
Xeon it can be loaded in the advance transfer cache and is still hot for
number crunching. Of course a fast processor is important but even more
important for CPU intensive work is the cache and the FSB.
better advised to use one box, with hardware FreeS/Wan acceleration
instead.
Yep. You need to buy [1] and apply the patches [2] and here goes your
30Mbit/s decryption.
There was some rumours of Intel doing drivers for the secure versions of
the eepro100 chips (which I think some PowerEdges support), but they
certainly never released it. Checkout the FreeS/WAN website for more
details on what hardware is supported.
You mean that Israelian guy working for Intel? Yeah, he's still working
on the driver and some bureaucratic issues. I think he will release some
code soon. Another thing I remember is the RavLin card at [3] and [4].
And [5] is something to read for Julian Anastasov just in case he wants
to build in some caching into the routing code for ESP :)
[1] http://www.hifn.com/products/7901.html
[2] http://sources.colubris.com/en/projects/FreeSWAN/
[3] http://www.midwestlinux.com/products/redcreek/ipsecpci.html
[4] http://www.ipvpn.ca/RavlinNIC.htm
[5] http://jukie.net/~bart/linux-ipsec/freeswan-hardware-\
acceleration-draft-2.txt
Best regards,
Roberto Nibali, ratz
| 