Project

General

Profile

Actions

New Content #8773

closed

Add VPN Throughput Tuning info

Added by Jim Pingle over 5 years ago. Updated over 3 years ago.

Status:
Closed
Priority:
Normal
Assignee:
Category:
VPN
Target version:
-
Start date:
08/09/2018
Due date:
% Done:

0%

Estimated time:

Description

Need to add a page to the docs about VPN throughput tuning

Example info that needs to go on the page:
  • Use AES-NI capable hardware, load the AES-NI module
  • Use AES-GCM (explain its efficiency and about not using a hash and so on)
  • Impact of Kernel PTI on/off
  • For IPsec, set async crypto, net.inet.ipsec.async_crypto=1 ( See #8772 and https://reviews.freebsd.org/D10680 )
  • For OpenVPN, suggest UDP fast i/o, 512k buffer, or switch to IPsec due to slowness of context switching inherent to OpenVPN
  • For extreme performance requirements, mention/link to TNSR since FreeBSD kernel IPsec can't reach near those speeds

Add in some performance data as we get it as well.

Actions #1

Updated by Jim Pingle about 4 years ago

  • Status changed from New to Feedback
Actions #2

Updated by Jim Pingle over 3 years ago

  • Status changed from Feedback to Closed
Actions

Also available in: Atom PDF