[ previous ] [ next ] [ threads ]
 
 From:  Jukka Salmi <jukka dash m0n0wall at 2004 dot salmi dot ch>
 To:  m0n0wall at lists dot m0n0 dot ch
 Subject:  Re: [m0n0wall] net4501/net4801/WRAP IPsec throughput comparison
 Date:  Tue, 15 Jun 2004 15:02:59 +0200 
Manuel Kasper --> m0n0wall (2004-06-13 13:08:11 +0200):
> Peter Curran generously donated a vpn1411 crypto card, which arrived
> yesterday. I decided to do a detailed throughput comparison between a
> net4501, net4801 and a WRAP board. Judging from the results, it would
> appear that the FreeBSD hifn driver needs more work to support the
> Hifn 7955 (as used on the vpn1411) properly. Furthermore, it looks
> like something is preventing the card from working in a useful way on
> either the net4501 or the net4801 under FreeBSD 4.10.

Thanks for the comparison, very interesting!

I am taken aback by the fact that you're using a vpn1411. I have some
net4501 and some Soekris crypto accelerators (vpn1211, vpn1401 and
vpn1411). All vpn cards are detected without problems by m0n0wall (1.0
and 1.1b13) _except_ the vpn1411 card. Kernel output:

hifn0 mem 0xa0008000-0xa000ffff,0xa0002000-0xa0003fff,0xa0000000-0xa0000fff irq 10 at device 16.0 on
pci0
hifn0: proc unit did not reset
hifn0: proc unit did not reset
hifn0: crypto enabling failed
device_probe_and_attach: hifn0 attach returned 6

However, that card works fine with NetBSD 2.0F (actually, I'm not sure
if it really works, but at least it's detected correctly.):

hifn0 at pci0 dev 16 function 0: Hifn 7955, rev. 0
hifn0: 3DES/AES, 32KB dram, interrupting at irq 10

so I think it's not faulty.

The vpn1401 card which uses the same Hifn 7955 chip as the vpn1411 is
detected by m0n0wall just fine. Hmm...


> - the net4501 detected and initialized the vpn1411 properly, but the
> card seemed to lock up after a few hundred KBs (no more traffic
> passed the IPsec tunnel)

Strange. I can't reproduce this with my vpn1401 card. After sending
some 10^2 MB through the IPsec tunnel it still works, no lock up at
all.


> - the net4801 detected and initialized the vpn1411 without errors as
> well, but performance was, well, slightly suboptimal ;)
[...]

LOL, yes! Is this possible? It's better not to use any Soekris crypto
cards with a net4801 because without it's much faster? Or was it just
a typo?


Cheers, Jukka

-- 
bashian roulette:
$ ((RANDOM%6)) || rm -rf ~