Intel Xeon D-1736NT QAT on pfSense Plus 23.05.1
-
Yeah, I found that post after posting here and have been using to to try to figure out my problem.
Almost all of my output is the same as that poster's except for my QAT is 200xx and their's is c3xxx. But their problem is on a dev version but works on production.
QAT is not showing in vmstat -i
-
Ok, it looks like this isn't showing because that QAT device is not in the list of recognised devices:
https://github.com/pfsense/pfsense/blob/master/src/usr/local/www/includes/functions.inc.php#L237It probably needs to be updated against the supported devices: https://github.com/pfsense/FreeBSD-src/tree/devel-main/sys/dev/qat/qat_hw
-
@eracerxrs said in Intel Xeon D-1736NT QAT on pfSense Plus 23.05.1:
Yeah, I found that post after posting here and have been using to to try to figure out my problem.
Almost all of my output is the same as that poster's except for my QAT is 200xx and their's is c3xxx. But their problem is on a dev version but works on production.
Guess who has a D-1736NT on order. I'm just born lucky with all things QAT.
pfSense does include some code for the 200xx QAT, including the firmware package:
/boot/kernel/qat_200xx_fw.ko
️ -
Should be an easy enough patch. https://redmine.pfsense.org/issues/14844
-
Thanks Steve
Any chance of pfSense taking on the full-range of QAT capabilities or did I hear that door firmly closed?
️ -
@stephenw10 Good catch going straight to the source(code), thanks for your help!
@RobbieTT Yeah, that is unfortunate luck, but on the bright-side at least you have a c3xxx up and running on the stable release, if not the dev. version yet. And as stephenw10 points out it should be relatively easy to fix given the driver infrastructure is already included.
-
@RobbieTT said in Intel Xeon D-1736NT QAT on pfSense Plus 23.05.1:
Any chance of pfSense taking on the full-range of QAT capabilities
Which capabilities are you referring to?
-
@stephenw10 said in Intel Xeon D-1736NT QAT on pfSense Plus 23.05.1:
Which capabilities are you referring to?
SSH, nginx, curl, TLS/SSL, openSSL etc - basically all the features listed in the Intel guide for Linux/FreeBSD, either as part of a pre-built Intel framework or via the API. Currently we seem to only have the kernel space active.
️ -
Ah, you mean user mode stuff. That would have been via cryptodev as an engine for OpenSSL as I understand it. I'm not sure if/when that might be coming back.
-
@stephenw10 Basically just looking for pfSense to use QAT for anything it is running itself. I did thought it did just that on 23.05 but apparently that could be false increments on the QAT IRQs. They previously increased with things like TLS originating from the router itself.
It would seem a shame that a QAT equipped device would not QAT for its own activity. Performance on the table and all that.
️ -
Ah that might be something else then, cryptodev stopped working some time ago.
-
You may have caught this thread:
https://forum.netgate.com/topic/183123/23-09d-is-qat-broken/42?_=1696239799286
️ -
L Lurick referenced this topic on
