Hello forum,
(1) As stated in the subject, how to achieve IPSec throughput above 2 Gbit/s?
(2) Has anyone run IPSec and successfully hit IPSec throughput above 2 Gbit/s?
(3) Which FreeBSD version would be recommended for this scenario?
(4) What should be tune in /boot/loader.conf ?
(Our current configuration in /boot/loader.conf )
(5) What should be tune in /etc/sysctl.conf ?
(Our current configuration in /etc/sysctl.conf )
The topology would just simple like this:
Svr-Test1 10G----10G Svr-FreeBSD1 10G----IPSec----10G Svr-FreeBSD2 10G----10G Svr-Test2
There are 4 servers available for me to test this scenario, all are the same:
- 2x NIC 10G
- Xeon E5-2630L 2.4GHz (24 logical processors)
- RAM 64GB
- SSD 128GB
But when I test with iperf3 (iperf3 -c x.y.w.z -b 2000000000), the throughput was stuck at 120Mbit/s, with encryption AES128 authentication SHA1. But if we turn-off the IPSec both sides, we can get throughput around 7 Gbit/s.
What can we do with FreeBSD to achieve high throughput of IPSec? Or, do we need to buy a PCI card for high throughput IPSec? Which one is that?
(apologies for my bad English, as I'm not a native English)
Big Thanks!
ssoorruu
==
(1) As stated in the subject, how to achieve IPSec throughput above 2 Gbit/s?
(2) Has anyone run IPSec and successfully hit IPSec throughput above 2 Gbit/s?
(3) Which FreeBSD version would be recommended for this scenario?
(4) What should be tune in /boot/loader.conf ?
(Our current configuration in /boot/loader.conf )
(5) What should be tune in /etc/sysctl.conf ?
(Our current configuration in /etc/sysctl.conf )
The topology would just simple like this:
Svr-Test1 10G----10G Svr-FreeBSD1 10G----IPSec----10G Svr-FreeBSD2 10G----10G Svr-Test2
There are 4 servers available for me to test this scenario, all are the same:
- 2x NIC 10G
- Xeon E5-2630L 2.4GHz (24 logical processors)
- RAM 64GB
- SSD 128GB
But when I test with iperf3 (iperf3 -c x.y.w.z -b 2000000000), the throughput was stuck at 120Mbit/s, with encryption AES128 authentication SHA1. But if we turn-off the IPSec both sides, we can get throughput around 7 Gbit/s.
What can we do with FreeBSD to achieve high throughput of IPSec? Or, do we need to buy a PCI card for high throughput IPSec? Which one is that?
(apologies for my bad English, as I'm not a native English)
Big Thanks!
ssoorruu
==
