MiniPCIe Crypto Accelerator

Guest

I see that Netgear sells a MiniPCI solution.
http://store.netgate.com/Soekris-VPN1411-Crypto-accelerator-P319.aspx
What happened to this market?
I would think someone would make a solution without the binary blob aspect of the cavium stuff…
Did Intels adoption of the AES-NI instructions kill this market? I think an external processor is an excellent approach.

tirsojrp

AES-NI/QuickAssist and performance increase in low power CPUs is definitively killing the market for such device.

With QuickAssist there's no need for additional hardware and less compatibility issues.

Guest

I see that Netgear sells a MiniPCI solution.

It is Netgate not Netgear please!  ;)

http://store.netgate.com/Soekris-VPN1411-Crypto-accelerator-P319.aspx

If someone is owning a miniPCI or PCI slot he could get better VPN performance with his
pfSense. under pfSense 2.1.5 here we got:
IPSec AES-128 ~42 MBit/s instead of ~13 MBit/s (nearly 3 times)
IPSec AES-256 ~30 MBit/s instead of ~12 MBit/s (nearly double)

So if your pfSense firewall is up and running and for the rest of your tasks are liquid enough
but not the VPN, it could be a really gain for those peoples! And not only the pfSense users
have a closer look at this cards! the Soekris vpn1411 & vpn1401 are also supported under;

• ClearOS
• OpenWRT
• ZeroShell
• OPNSense (mOnOwall)

What happened to this market?

Still alive, but in the most cases crypto cards are prohibited to export from the USA and also to import
in many countries!!! And so this small card are really able to get for the end users and home users.
They are on sell and this for also a longer time as I see it right!
Both Soekris VPN adapters (different throughput!)
Exar
Comtech AHA
Cavium

If the amount of the VPN users, connections, throughput or anything else related to the VPn stuff is going to
big, mostly VPN servers would be bring the best effort to offload the entire Firewall from this tasks and gain
more throughput on all "machines".

I would think someone would make a solution without the binary blob aspect of the cavium stuff…

Cavium crypto accelerators are often more to find inside of Routers and Firewall soldered on the boards.

Did Intels adoption of the AES-NI instructions kill this market? I think an external processor is an excellent approach.

If you can get your hands on a C27xx SoC based machine it would be better to go with Intels AES-NI
and yes I think we will see in the future time also perhaps a better support of AES-NI with counting
higher numbers. The AES-NI is only integrated in smaller or lightweight CPUs or SoCs to push them
up really. In greater installments Intels QuickAssist adapters will be needed!

AES-NI/QuickAssist and performance increase in low power CPUs is definitively killing the market for such device.

Where crypto accelerators are prohibited it would be a really win for all users for sure, because "they"
can´t cut of the main CPU!

With QuickAssist there's no need for additional hardware and less compatibility issues.

Absolutely not in my eyes. It would be more the the need for Intel Quick Assist Server Adapters

For sure you will not need to install one crypto accelerator card and one de/compression card
you only need to install one card. But this cards should be not able to buy for all home & SOHO
users and not able to pay for those clients also! the other both cards are able to pay for, but then
they must be also supported by the entire OS likes FreeBSD or pfSense!

We where placing in each branch office a smaller VPN Server and at the central office a bigger VPN server
to gain the throughput and now we are waiting for the Comtech VPN and Compression cards to do some
testing together with CentOS and ClearOS. And the compression cards we where installing on several Linux
and Windows based servers to get more throughput and speed in the entire corporate LAN with great success.