-
I know the most current release of PFsense+ now works on other hardware, so I took time to grab a license. I am curious if there is any listing of what QAT cards work?
I ask as I see the 8950 and 8960 cards are about the same price now days, but looking at the specs the 8960 draws less power, makes less heat, and seems to be easily twice as fast. The 8950 is Coleto Creek, and the 8960 I suspect is newer and uses the Lewisburg chip.
.
.
Is the newer 8960 board supported in PFsense?
If so any reason not to use the 8960 in a server if it's the same cost as an 8960 card?
-
It supports these PCI devices:
#define PCI_VENDOR_INTEL 0x8086 #define PCI_PRODUCT_INTEL_C2000_IQIA_PHYS 0x1f18 #define PCI_PRODUCT_INTEL_C3K_QAT 0x19e2 #define PCI_PRODUCT_INTEL_C3K_QAT_VF 0x19e3 #define PCI_PRODUCT_INTEL_C620_QAT 0x37c8 #define PCI_PRODUCT_INTEL_C620_QAT_VF 0x37c9 #define PCI_PRODUCT_INTEL_XEOND_QAT 0x6f54 #define PCI_PRODUCT_INTEL_XEOND_QAT_VF 0x6f55 #define PCI_PRODUCT_INTEL_DH895XCC_QAT 0x0435 #define PCI_PRODUCT_INTEL_DH895XCC_QAT_VF 0x0443So maybe since 8960 appears to be a subset of C620, which is Lewisburg.
https://pci-ids.ucw.cz/read/PC/8086/37c8
Impossible to know for sure without testing though.Steve
-
S stephenw10 moved this topic from General pfSense Questions on
-
@stephenw10 Many thanks, and that PCI ID listing site is nice as well.
I meant to say any reason to use the 8950 vs the 8960, but it does look like the 8960 should be supported, and a far better option. I may take a gamble and pick one up..
-
@stephenw10 Just FYI, the 8960 worked like a champ, I installed it and it just worked.
From dmesg:
[code]
qat0: <Intel C620/Xeon D-2100 QuickAssist PF> mem 0x93100000-0x9313ffff,0x93140000-0x9317ffff at device 0.0 numa-domain 0 on pci7
qat1: <Intel C620/Xeon D-2100 QuickAssist PF> mem 0x93000000-0x9303ffff,0x93040000-0x9307ffff at device 0.0 numa-domain 0 on pci8
qat2: <Intel C620/Xeon D-2100 QuickAssist PF> mem 0x92f00000-0x92f3ffff,0x92f40000-0x92f7ffff at device 0.0 numa-domain 0 on pci9
[/code]I do notice that after setting QAT in Advanced, it shows the QAT is enabled and active, and and I see additional hardware ciphers are supported which is great. The on thing that surprised me was the AES-NI also remains active, I know on appliances like the 5100 when I enabled QAT, that AES-NI went inactive. Wondering how it knows which to use, as guessing the QAT is much faster.
If I can provide any info that helps from installing this card, let me know..
-
It doesn't unload the aes-ni module at runtime when you select QAT. After a reboot though it should only load the QAT module.
Steve
-
@stephenw10 Bingo!
I rebooted just to see, and you are correct, it now shows AES-NI as available but inactive.
Thanks..
Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.