PfSense and Sandybridge: Power consumption and AES-NI

  • Hi all,

    I'd like to know a few details about pfSense support for the AES-NI instructions on a 2720QM (i.e is this instruction used to accelerate AES encryption, or is it done in software).

    I'd also like to know about pfSense support for deep sleep states in the sandybridge microarchitechture. I am running Xen + Fedora 16 Dom0, with pfSense as a DomU. If I run Linux bare-metal, I need to put a parameter in the kernel command line to get max power efficiency from the CPU (14W idle)


    If I run Xen + Linux in Dom0, this goes up to 17-18W. If I pass Xen a kernel parameter


    I go back down to 14W. When I installed pfSense as a HVM DomU, I went back up to 17-18W. I suspect that pfSense is not allowing deep CPU sleep modes, and was wondering if there is a way to allow this. I suspect it is probably not possible, because pfSense is downstream of FreeBSD, and this probably requires FreeBSD 9 for support, but I haven't found much searching on google, and its always worth asking.



  • An extra finding I've had since then, related to additional hardware. I installed a third NIC. While under control of the linux Dom0, power consumption only increased by about 0.6W. When I gave pfSense exclusive control of the NIC, idle power usage increased by 2.6W, and perhaps a further 1W when under load.

    Does anyone know if FreeBSD9 will have better power management for devices?

  • Rebel Alliance Developer Netgate

    Not sure about those CPU bits, but initial AES-NI support was added into 2.1 a few weeks ago.

  • 2.1 is not yet stable release, correct?

    Any idea when it is intended for release? How easy/hard will it be to upgrade an existing 2.0.1 to 2.1?



  • Rebel Alliance Developer Netgate

    2.1 is still beta. No ETA, probably 1-2 months, could be more.

    As always, upgrades will be supported and will be as smooth/seamless as possible.

Log in to reply