(Solved) Intel QAT driver with WireGuard support

I was not really knowing where to place this question, either it can be WireGuard and Hardware related looking. So I hope
it is not the false section here in the forum.

crypto/qat: add chacha-poly in ucs spc mode from 2021

So I was thinking why not asking if there is or will be a way
to Intel QAT support for WireGuard perhaps under pfSense (FreeBSD) too?

Will be there a way using the Intel QAT driver and/or the DPDK to realize it?

stephenw10

It's not yet possible with the current QAT driver but potentially it could be.

Steve

@stephenw10 Thanks for clear that up for me!

gabacho4

That was a great question Dobby. I’d gift you some clothing if I could. Looking forward to this possibly being implemented in the future!

@gabacho4

pfSense is using FreeBSD
|---> Intel QAT Driver is supporting ChaCha-Poly
|--->CryptoDev system is using the driver
|---> WireGuard is using the CryptoDev system
|---> DPDK was used to code the WireGuard packet

SebM

I'm writing that in February 2023, and was wondering if the QAT driver in pfSense 23.01 can accelerate WireGuard...

Thanks!

stephenw10

It cannot because the QAT driver there doesn't yet support any of the QAT hardware that supports chacha-poly. Namely Gen3 or above. But obviously even once that driver arrives you would still require Gen3 QAT hardware to actually accelerate it.

Steve

jwt

@stephenw10 we actually have work slated for pfSense Plus 23.05 based on Intel’s IPSec-MBlibrary which uses SSE 4.2, AVX, AVX2, AVX-512 (including AVX-VNNI) to accelerate AES-CBC, AES-GCM, SHA, SHA2 (and variants), SHA3, and ChaCha20/Poly1305.

We have years of experience with this library in TNSR.

We have included working implementations for ARM64, including ARM’s NEON instructions. AES-CBC isn’t currently implemented for ARM64, but we’ll get to it.

The work “takes over” the existing implementations of these transforms in FreeBSD’s OCF, so all applications get accelerated once you load the module.

Remember that OpenVPN DCO and IPsec can both use ChaCha20/Poly1305. Netgate also did this work.

These are both faster than Wireguard when using ChaCha20/poly1305, and much faster when using AES-GCM.

There are papers about our work on IPsec-MB and OpenVPN DCO being presented at AsiaBSDCon 2023.

keyser

@jwt This is really interesting, but one thing eludes me. Is this still QAT gen3 only or are there parts of chacha20/poly1305 that can be accelerated on Gen2 hardware (like in the SG-x100 appliances)? As I read your statement you are not really using QAT for acceleration in the library but rather more advanced processor instructions.

In other words: Will the current Atom appliance boxes see hardware acceleration benefits in wireguard from this work/module in 23.05?

jwt

@keyser no QAT here. Just CPU.

The current atom boxes are what they are. The QAT in them doesn’t have any way to accelerate chacha20/poly1305.

They do, however, support SSE and AES-NI (and the SHA instructions).

A pair of SG-8200s were connected using their primary 10Gbps SFP network port. The iperf3 systems were connected to their secondary 10Gbps port.

OpenVPN AES-256-GCM w/DCO
OCF-async 1.50gbps
IIMB-async 2.50gbps
QAT 3.18gbps

IPsec AES-128-GCM
OCF-async 1.55gbps
IIMB-async 1.64gbps
QAT 1.70gbps

Wireguard (ChaCha20-Poly1305
OCF-async 1.50gbps
IIMB-async 2.05gbps

Newer Atoms (Gracemont) support VAES and AVX2. Using VPP (like tnsr) and a 40|-left aligned paragraphG card in a reference board, Intel has shown 14.99gbps on a single core for IPSec using AES-128-GCM using trex as a load generator.

I mentioned it above, but we also support ARM64.