[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: Slightly OT: where to get Crypto HW (long, detailed, ends w/questions...)

To: or-talk@xxxxxxxxxxxxx
Subject: Re: Slightly OT: where to get Crypto HW (long, detailed, ends w/questions...)
From: Wyllys Ingersoll <Wyllys.Ingersoll@xxxxxxx>
Date: Tue, 13 Oct 2009 13:57:20 -0400
Delivered-to: archiver@xxxxxxxx
Delivered-to: or-talk-outgoing@xxxxxxxx
Delivered-to: or-talk@xxxxxxxx
Delivery-date: Tue, 13 Oct 2009 13:57:29 -0400
In-reply-to: <Pine.NEB.4.64.0910131553530.12911@xxxxxxxxxxxxxxxxxxx>
References: <200910122031.n9CKVvaO014686@xxxxxxxxxxxxx> <Pine.NEB.4.64.0910130232300.21032@xxxxxxxxxxxxxxxxxxx> <4AD3FE81.4000308@xxxxxxx> <200910131224.52380.Thomas.Hluchnik@xxxxxxxxxxxxx> <4AD48E47.4010905@xxxxxxx> <Pine.NEB.4.64.0910131553530.12911@xxxxxxxxxxxxxxxxxxx>
Reply-to: or-talk@xxxxxxxxxxxxx
Sender: owner-or-talk@xxxxxxxxxxxxx
User-agent: Thunderbird 2.0.0.23 (X11/20090929)

> 
> SCA6000 is pci-e, so it will not work in a e450.  The e450 does,
> however, have 64bit pci slots, so the old SCA-1000 would work there.
> 
> However, the SCA-1000 does not do AES at all, even with the v2.0
> firmware, so my previous discussion (and ebay link) should be ignored.
> 
> The (also discontinued, like the SCA-1000) SCA-4000 does AES, but does
> not appear to do AES-CTR.
> 
> Finally, this page:
> 
> http://www.opensolaris.org/os/project/crypto/Accelerators/
> 
> shows that the BCM5825 will work in Solaris.  I think this is the best
> option provided that the AES-CTR support it provides can be accessed in
> the same painless way that it can be in the T2 chips.  Wyllys ?


Yes, the BCM5825 is supported by the crypto framework and would meet 
the requirement for AES-CTR.

> 
> The BCM5825 board, off the shelf, costs less than half of what the
> SCA6000 does ( $462.50 at www.abstractelec.com (see "pxs2510) vs. $1350
> ).  A cursory review of the specs shows that they both run bulk AES @
> 1gbps and 12,000 RSA tps for the broadcom vs. 13,000 RSA tps for the
> sca-6000 ... smells like the same part, actually, but I can't confirm that.

I don't know if it is the same part or not,  probably not if the price
diff is that great.

> But that begs two questions:
> 
> 
> - Do the crypto framework APIs (PKCS#11) efficiently use multiple
> compute sources, such as a dual-processor T2 system with four SCA-6000
> plugged in ?  Wyllys ?   :)

The dual-processor support would be provided by the kernel itself, not
anything in userland or the crypto framework.  If there were multiple 
accelerators, each would be registered in the framework as a unique 
instance and each would then be treated as a single accelerator by
the crypto framework.  This means that there is no multi-tasking/threading 
amongst crypto processors for a given session.

You may get better answers to these questions from the crypto-discuss@xxxxxxxxxxxxxxx
mailing list:

http://www.opensolaris.org/jive/forum.jspa?forumID=179


> 
> - Is any of this useful for any conceivable Tor traffic loads ?  The
> fastest Tor node I have ever seen on the status page is (roughly)
> 100mbps, which is a lot, but ... more than a pair of modern quad-core
> CPUs can handle ?  It's conceivable that even at 200 or 400 mbps you
> wouldn't need any kind of crypto hardware to supplant a pair of modern
> CPUs...

The benefit I see is that individual packets are processed much faster. 
Which translates to the node being able to handle many more transactions
for a given period of time.  I think this should lead to greater
bandwidth utilization, but I don't know if it would approach 100mbps or
not, there may be other limiting factors that get in the way.

-Wyllys


***********************************************************************
To unsubscribe, send an e-mail to majordomo@xxxxxxxxxxxxxx with
unsubscribe or-talk    in the body. http://archives.seul.org/or/talk/

Follow-Ups:
- Less OT: Here's a Solaris crypto acceleration branch to try.
  - From: Nick Mathewson

References:
- Re: hardware acceleration available for Tor ? On FreeBSD ?
  - From: Scott Bennett
- Re: hardware acceleration available for Tor ? On FreeBSD ?
  - From: John Case
- Re: hardware acceleration available for Tor ? On FreeBSD ?
  - From: Wyllys Ingersoll
- Slightly OT: where to get Crypto HW stuff for Sparc/Solaris?
  - From: Thomas . Hluchnik
- Re: Slightly OT: where to get Crypto HW stuff for Sparc/Solaris?
  - From: Wyllys Ingersoll
- Re: Slightly OT: where to get Crypto HW (long, detailed, ends w/questions...)
  - From: John Case

Prev by Author: Re: Slightly OT: where to get Crypto HW stuff for Sparc/Solaris?
Next by Author: Re: Less OT: Here's a Solaris crypto acceleration branch to try.
Previous by thread: Re: Slightly OT: where to get Crypto HW (long, detailed, ends w/questions...)
Next by thread: Less OT: Here's a Solaris crypto acceleration branch to try.
Index(es):
- Author
- Thread