Re: [m0n0wall] Hardware encryption accelerator for generic pc + Serial Console

From:	Kristian Kielhofner <kris at krisk dot org>
To:	Mattias Bergander <mattias dot bergander at gmail dot com>
Cc:	m0n0wall at lists dot m0n0 dot ch
Subject:	Re: [m0n0wall] Hardware encryption accelerator for generic pc + Serial Console
Date:	Fri, 23 Sep 2005 13:00:27 -0400

Mattias Bergander wrote:
> I'm currently looking into building a m0n0wall firewall around a VIA EPIA
> system completely fanless and no moving parts (CF instead of HD) for mainly
> noise reasons and high performance.
>  These (all?) have separate encryption and random number generator chips on
> them that are supported on newer Linux kernels at least, What about freebsd,
> anyone who knows? SSL for example is then hardware accelerated.
>  Not sure that this applies to the fanless Eden CPUs though, maybe only the
> EPIAs with the C3 cpu?
>  Currently considering a PD6000E VIA epia board (dual RJ45 ports) ) (600MHz
> eden cpu).
> Tests with a M6000E shows that simple 10mbit throughput with http and ftp is
> no problem (of course). I'll someday test 100mbit throughput with and
> without vpn. But I have no idea if it is possible to take advantage of the
> encryption chip when using freebsd/m0n0wall?
> 
> --
> Mattias Bergander
>  Hello, i'm looking for a SSL or Crypto accelerator card to accelerate
> the HTTPS-server so that the encryption calculation is done by the card
> instead of the host CPU.
> 
> Anyone already done this?
> 
> I'm also looking on what I need to change in the source to let the
> console also be visible on the serial port.
> 
> J.
> 

Nia C3 Nehemiah's have "Padlock" support that can do AES encryption in 
three processor cycles.  When properly enabled, it can do AES-256 IPSEC 
with ALMOST NO REDUCTION IN TRANSFER SPEEDS!  See this page for some 
benchmarks under Linux:

http://www.logix.cz/michal/devel/padlock/bench.xp

	Really, it's like getting great crypto for free :).

-- 
Kristian Kielhofner