Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    PfSense branded hardware not showing ipsec performance with aes-ni???

    Scheduled Pinned Locked Moved Hardware
    6 Posts 4 Posters 1.4k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • K
      kapara
      last edited by

      The pfSense store shows ipsec performance without using AES-NI but not with it.  I would think that pfsense would have already tested this.  Curious as to why this has yet to be provided.

      Skype ID:  Marinhd

      1 Reply Last reply Reply Quote 0
      • K
        kapara
        last edited by

        No response yet :-(

        Skype ID:  Marinhd

        1 Reply Last reply Reply Quote 0
        • stephenw10S
          stephenw10 Netgate Administrator
          last edited by

          Do you have link to the specific page you're referring to?
          It's probably because at one point the IPSec performance with AES-NI was improving on an almost daily basis with the work going into it.

          Steve

          1 Reply Last reply Reply Quote 0
          • K
            kapara
            last edited by

            Here is the page:  https://store.pfsense.org/c2758

            I understand that improvements may be happening regularly with AES-NI but the version that is included in 2.2.2 is probably not changing daily.  I would expect that if they could provide results from using without AES-NI that they could also provide results with AES-NI since the unit supports it.  All it takes is taking to units and performing an actual test across a gigabit switch…

            Unless the results are not that much of an improvement possibly due to it only recently being included in freebsd......

            I find it odd that they would not include this since it is mentioned as being available.

            Skype ID:  Marinhd

            1 Reply Last reply Reply Quote 0
            • ?
              Guest
              last edited by

              I would expect that if they could provide results from using without AES-NI that they could also provide results with AES-NI since the unit supports it.

              For sure it would be nice to see those numbers.

              All it takes is taking to units and performing an actual test across a gigabit switch…

              This way I don´t love to see, because this is then not really interesting. Better to go by a 1 GB line
              and see what between two boxes would be able to handle is a right way in my eyes.

              1 Reply Last reply Reply Quote 0
              • P
                PowerToTheUsers
                last edited by

                @BlueKobold:

                All it takes is taking to units and performing an actual test across a gigabit switch…

                This way I don´t love to see, because this is then not really interesting. Better to go by a 1 GB line
                and see what between two boxes would be able to handle is a right way in my eyes.

                Performance numbers on data sheets are almost always in "ideal scenario" environments. If they're measured the same way as the non-AES-NI numbers, they are a good comparison.

                So… since 2.2.4 is released in the mean time: any update when these numbers can be expected?

                1 Reply Last reply Reply Quote 0
                • First post
                  Last post
                Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.