Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Is Intel QuickAssist Technology (QAT) required/wanted for WireGuard

    Scheduled Pinned Locked Moved WireGuard
    19 Posts 8 Posters 5.5k Views 9 Watching
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • S Offline
      spielp @spielp
      last edited by

      @jegr also the system you linked is an 80w vs 35w

      JeGrJ 1 Reply Last reply Reply Quote 0
      • JeGrJ Offline
        JeGr LAYER 8 Moderator @spielp
        last edited by

        @spielp said in Is Intel QuickAssist Technology (QAT) required/wanted for WireGuard:

        @jegr also the system you linked is an 80w vs 35w

        It was just an example though. But heard the 2nd gen boxes run immensly better then the first gens.

        Don't forget to upvote 👍 those who kindly offered their time and brainpower to help you!

        If you're interested, I'm available to discuss details of German-speaking paid support (for companies) if needed.

        S 1 Reply Last reply Reply Quote 1
        • S Offline
          spielp @JeGr
          last edited by

          @jegr will check them out in more detail. Thanks for pointing it out.

          1 Reply Last reply Reply Quote 0
          • stephenw10S Offline
            stephenw10 Netgate Administrator
            last edited by stephenw10

            Also TDP does not indicate the actual running power consumption. It shows the maximum power the cooling system must be able to handle.
            And that's just the CPU.

            Steve

            1 Reply Last reply Reply Quote 1
            • D Offline
              dirtyfreebooter
              last edited by dirtyfreebooter

              @jegr said in Is Intel QuickAssist Technology (QAT) required/wanted for WireGuard:

              5019D-FN8TP

              I had the 5019D-FN8TP and sold it on reddit, it idles at 60w. and frankly is not that fast. My custom build of supermicro X11SCL-iF with SC505-203B chassis and a Pentium Gold G5400 and a X710-DA2 NIC is faster and idles 20w and maxes out at 54w .. vs 60w idle and 110w maxed out.. granted if you have a workload that needs more threads, etc, you could just get a different 1151 Xeon E CPU.

              The newer Xeon D CPU just have a bunch of stuff like AVX-512 that make them power hogs and those instructions are worthless for pfSense/routing. Also having all those NICs, the 10g RJ45 chipset uses like 8w per port.

              To me, it seemed like the X11SDV-8C-TP8F could be a great NAS/TrueNAS board, more so than a pfSense board.. 🤷

              I did some speed testing with pfSense 2.5 and the G5400 and wireguard... and 10g firewall.

              https://forum.netgate.com/topic/160168/what-speeds-can-you-get-with-wg-on-a-sg-3100/2

              S 1 Reply Last reply Reply Quote 0
              • S Offline
                spielp @dirtyfreebooter
                last edited by

                @dirtyfreebooter out of curiosity what kind of heat sink/fan are you using for your cpu?

                D 1 Reply Last reply Reply Quote 0
                • D Offline
                  dirtyfreebooter @spielp
                  last edited by

                  @spielp said in Is Intel QuickAssist Technology (QAT) required/wanted for WireGuard:

                  @dirtyfreebooter out of curiosity what kind of heat sink/fan are you using for your cpu?

                  I started with the Dynatron Copper Heatsink K199, thinking would be nice to have an active cooler. Idled at 30C, which i thought was actually pretty bad for G5400 CPU. I re-applied the thermal grease, still 30C. I swapped it out for the supermicro one, SNK-P0049P and idle temps went down to 21C. I guess the airflow in the tight 1U case was just better with an passive heatsink.

                  1 Reply Last reply Reply Quote 1
                  • E Offline
                    ensnare @stephenw10
                    last edited by

                    @stephenw10 said in Is Intel QuickAssist Technology (QAT) required/wanted for WireGuard:

                    No QAT would not help WireGuard anyway as the cipher it uses, chacha20/poly, is not accelerated by any current implementation.

                    http://patches.dpdk.org/cover/64728/

                    D 1 Reply Last reply Reply Quote 1
                    • D Offline
                      dirtyfreebooter @ensnare
                      last edited by

                      @ensnare said in Is Intel QuickAssist Technology (QAT) required/wanted for WireGuard:

                      http://patches.dpdk.org/cover/64728/

                      😀 💪 any ideas on how much of a speedup QAT offers with chacha-poly?

                      1 Reply Last reply Reply Quote 0
                      • stephenw10S Offline
                        stephenw10 Netgate Administrator
                        last edited by

                        @ensnare said in Is Intel QuickAssist Technology (QAT) required/wanted for WireGuard:

                        http://patches.dpdk.org/cover/64728/

                        Mmm, well that could be interesting. Being in DPDK is quite a way from being in FreeBSD though.

                        Steve

                        1 Reply Last reply Reply Quote 1
                        • A Offline
                          aivxtla
                          last edited by aivxtla

                          I can give my own personal experience with the Xeon D1541/D2141 and EPYC 3251. The Xeon D2141/2121 series based appliances have a pretty high idle power draw at around 40-50 Watts. The AMD EPYC 3251 SuperMicro appliances/boards boards performance wise are close to the Xeon-D2141 (outside of AVX512 which is missing on the EPYC) with much lower real world idle and max power draw and cheaper and also run cooler. The D-1541 SuperMicro appliance (essentially the OEM version of Netgate's XG1541) usually idled a little higher (~32 Watts Idle and Max around 85-90 Watts) than the 3251 (31 Watts Idle and Max around 80-85 Watts) while performing much worse in general. I can run the 3251 in my home office with little noise at low to medium loads (2x 35dBm rated 40mm 8500 RPM Fans @1,600-2,000 RPM) unlike the D-1541/D-2141 which require much higher fan speeds even at idle (3,500-4,000 RPM). SuperMicro seems to have used better heatsinks with heat pipes on the EPYC. Also do note that the Wattage advertised is generally for stock clocks and doesn't take into account boost clocks so it can be misleading. Would be nice to see a Netgate branded appliance with an EPYC 3201/3251.

                          1 Reply Last reply Reply Quote 1
                          • H Offline
                            helloworld21 Banned
                            last edited by helloworld21

                            This post is deleted!
                            1 Reply Last reply Reply Quote 0
                            • SebMS Offline
                              SebM
                              last edited by SebM

                              It's 2023 now, was wondering if the QAT driver in pfSense 23.01 can accelerate WireGuard...

                              Thanks for any pointer!

                              1 Reply Last reply Reply Quote 0
                              • stephenw10S Offline
                                stephenw10 Netgate Administrator
                                last edited by

                                Replied in the other thread.

                                1 Reply Last reply Reply Quote 0
                                • SebMS Offline
                                  SebM
                                  last edited by

                                  Just here to report that enabling IPsec-MB on 23.05 has reduced the CPU usage quite a bit on my 5100 when using Wireguard.

                                  1 Reply Last reply Reply Quote 4
                                  • First post
                                    Last post
                                  Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.