AES-NI and GCM performance

classic Classic list List threaded Threaded
3 messages Options
Reply | Threaded
Open this post in threaded view
|

AES-NI and GCM performance

Doug Clements
I see a number of changes in the 4.8 changelog referencing additions
of AES-NI and AES-GCM. This PDF from Intel extolls the (rather
astounding) virtues for linux:

http://edc.intel.com/Link.aspx?id=3754

Has anyone published any performance numbers for this on OpenBSD
running on fancy new Intel processors? Google searches are coming up
with nothing.

There are a few obvious linux-specific enhancements there, but I'm
hoping the OpenBSD support comes close to the single-thread
performance. Line-rate GigE at 500 byte packets would be pretty
pleasing by itself.

--Doug

Reply | Threaded
Open this post in threaded view
|

Re: AES-NI and GCM performance

LeviaComm Networks NOC
On 10-Nov-10 15:21, Doug Clements wrote:

> I see a number of changes in the 4.8 changelog referencing additions
> of AES-NI and AES-GCM. This PDF from Intel extolls the (rather
> astounding) virtues for linux:
>
> http://edc.intel.com/Link.aspx?id=3754
>
> Has anyone published any performance numbers for this on OpenBSD
> running on fancy new Intel processors? Google searches are coming up
> with nothing.
>
> There are a few obvious linux-specific enhancements there, but I'm
> hoping the OpenBSD support comes close to the single-thread
> performance. Line-rate GigE at 500 byte packets would be pretty
> pleasing by itself.
>
> --Doug


Performance figures are the most useless things around.  Every situation
is different and thus performance can vary wildly.  For me, I can push
almost a Gig, but that is with a high-end system with a tuned kernel,
multiple Gig ports each with TCP offload engines as well as crypto
accelerator cards.

Reply | Threaded
Open this post in threaded view
|

Re: AES-NI and GCM performance

Christian Weisgerber
In reply to this post by Doug Clements
Doug Clements <[hidden email]> wrote:

> I see a number of changes in the 4.8 changelog referencing additions
> of AES-NI and AES-GCM. This PDF from Intel extolls the (rather
> astounding) virtues for linux:
>
> http://edc.intel.com/Link.aspx?id=3754
>
> Has anyone published any performance numbers for this on OpenBSD
> running on fancy new Intel processors?

Mike Belopuhov is working on it, but AES-NI acceleration of AES-GCM
isn't in the tree yet.

I think it is a reasonable assumption that OpenBSD's AES-GCM IPsec
performance will see a similar improvement.  The GHASH part of
AES-GCM is one of those algorithms that are easy to do in hardware,
but are slow when implemented in software with CPU arithmetic
operations.  (The whole raison d'etre of AES-GCM is that it is
accommodating to hardware implementations for line-speed encryption.)

AES-NI support for AES-CBC and AES-CTR is already enabled.  Somebody
might have figures for those.

--
Christian "naddy" Weisgerber                          [hidden email]