PfSense branded hardware not showing ipsec performance with aes-ni???



  • The pfSense store shows ipsec performance without using AES-NI but not with it.  I would think that pfsense would have already tested this.  Curious as to why this has yet to be provided.



  • No response yet :-(


  • Netgate Administrator

    Do you have link to the specific page you're referring to?
    It's probably because at one point the IPSec performance with AES-NI was improving on an almost daily basis with the work going into it.

    Steve



  • Here is the page:  https://store.pfsense.org/c2758

    I understand that improvements may be happening regularly with AES-NI but the version that is included in 2.2.2 is probably not changing daily.  I would expect that if they could provide results from using without AES-NI that they could also provide results with AES-NI since the unit supports it.  All it takes is taking to units and performing an actual test across a gigabit switch…

    Unless the results are not that much of an improvement possibly due to it only recently being included in freebsd......

    I find it odd that they would not include this since it is mentioned as being available.



  • I would expect that if they could provide results from using without AES-NI that they could also provide results with AES-NI since the unit supports it.

    For sure it would be nice to see those numbers.

    All it takes is taking to units and performing an actual test across a gigabit switch…

    This way I don´t love to see, because this is then not really interesting. Better to go by a 1 GB line
    and see what between two boxes would be able to handle is a right way in my eyes.



  • @BlueKobold:

    All it takes is taking to units and performing an actual test across a gigabit switch…

    This way I don´t love to see, because this is then not really interesting. Better to go by a 1 GB line
    and see what between two boxes would be able to handle is a right way in my eyes.

    Performance numbers on data sheets are almost always in "ideal scenario" environments. If they're measured the same way as the non-AES-NI numbers, they are a good comparison.

    So… since 2.2.4 is released in the mean time: any update when these numbers can be expected?