AES-NI, is it supported yet?
-
I've only been able to find old threads on this topic. I'm looking into building a 1U with an E3-1230v3 in the hopes of utilizing aes-ni to push openvpn aes-256 traffic to at least 300Mbit/s. Is anyone successfully using aes-ni in pfsense? Even better, anyone using it in a VM with esxi or KVM (proxmox)?
Thanks!
-
Yes, in ESXi 5.1u1 on an E3-1265L v2.
-
It can help, somewhat, for OpenVPN 2.1 if you do not load the AES-NI kernel module. Counter-intuitive, but that's what the data shows so far. OpenSSL's AES-NI support seems to be better than FreeBSD's cryptodev support for AES-NI at this time. That will hopefully improve when it comes to FreeBSD 10. From what I hear there is work planned for it.
See the recent thread on the pfSense mailing list about it. There was a lengthy discussion about the status.
-
It can help, somewhat, for OpenVPN 2.1 if you do not load the AES-NI kernel module.
Thanks for that info, jimp.
Is that achieved simply by leaving the Crypto Hardware Acceleration set to "none" under System>Advanced Misc?
-
That is correct. And if it was selected before, you will most likely need to reboot to make sure the module is unloaded properly.