[strongSwan] Enabling AES-NI in strongswan
Kapil Adhikesavalu
kapil20084 at gmail.com
Mon Jun 20 08:36:35 CEST 2016
Hi,
i am looking for ways to improve the throughput while using the strongswan
IPSEC.
I read that AES-GCM provides excellent throughput over default AES-CBC-128 when
used with AES-NI support in intel processors.
i want to enable AES-GCM128 cipher in my xeon E5 processor, and from
looking at the Intel white paper, it mentioned about using "Linux
AES-NI-GCM Crypto Plug-in" to enable this support.
It described about a patch to existing AES-NI driver file, called
aesni-intel_glue.c and aesni-intel_asm.s.
Paper:
http://www.intel.com/content/www/us/en/intelligent-systems/wireless-infrastructure/aes-ipsec-performance-linux-paper.html
1. There is strongswan plugin for intel AES-NI, Can somebody confirm/tell
me a way to find if this is the same plugin as the one mentioned in intel
Doc ? To me it looks like that, but i wanted to check with someone who
might be already using this.
2. Is there some other way to get higher throughput ?
pcrypt module is available, will it work with AES-GCM ?
*libstrongswan plugin : *
aesni - Intel AES-NI crypto plugin (since 5.3.1
<https://wiki.strongswan.org/versions/56>)
The new *aesni* plugin provides CBC, CTR, XCBC, CMAC, CCM and GCM
crypto primitives
for AES-128/192/256.
The plugin requires AES-NI and PCLMULQDQ instructions and works on both x86
and x64 architectures. It provides superior crypto performance in userland
without any external libraries.
Thanks
kapil.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.strongswan.org/pipermail/users/attachments/20160620/dbc05f67/attachment.html>
More information about the Users
mailing list