[f-nsp] Brocade IPSEC modules
George B
georgeb at gmail.com
Mon Aug 15 22:41:00 EDT 2016
Might be tricky to actually get wire speed throughput (both in and out at
the same time). A lot will depend on things such as the NUMA architecture,
where is the encryption process(es) running, where are interrupts going to
service the network cards, etc. There are some NICs that will support
IPSec offload onto the NIC. Something like a Mellanox ConnectX-3 Pro VPI
might do the trick (though the NICs are over $1000 each) and you might have
to code your own encryption software, not sure.
Probably doable but you burn 2U of rack space for that Dell vs a half a
slot in an MLX. If you are doing a lot of these sorts of connections, it
probably pays to just buy the card for the MLX. If you have someone
sitting around with a lot of cycles to spare and they have the expertise to
duplicate the performance, sure, I guess the hardware cost might be less,
but you are probably paying that person more than the card costs.
On Mon, Aug 15, 2016 at 9:34 AM, Sarpreet Basi <sar at knowledgecomputers.net>
wrote:
> How about a
>
>
>
> Dell R730 w/ 4x 10GB bonded
>
>
>
> And something like pfsence,
>
> https://forum.pfsense.org/index.php?topic=87071.15
>
>
>
> should be able to get that for under $3k-4k.
>
>
>
> Not 100% sure, haven’t looked into it, but at quick glance the hardware
> seems to support, 7x PCIe 3.0
>
>
>
> Sarpreet
>
>
>
> *From:* foundry-nsp [mailto:foundry-nsp-bounces at puck.nether.net] *On
> Behalf Of *George B
> *Sent:* Monday, August 15, 2016 8:00 AM
> *To:* Eldon Koyle <ekoyle+puck.nether.net at gmail.com>
> *Cc:* foundry-nsp <foundry-nsp at puck.nether.net>
> *Subject:* Re: [f-nsp] Brocade IPSEC modules
>
>
>
> Well, how much would a firewall that can do over 40G of wire speed IPSec
> cost you? A PA-7050 does 48G of IPSec throughput and starts at around
> $300K
>
>
>
>
>
>
>
> On Mon, Aug 15, 2016 at 7:32 AM, Eldon Koyle <
> ekoyle+puck.nether.net at gmail.com> wrote:
>
> I'm still trying to recover from the sticker shock. They only have one
> option for ipsec, a 4-port 10g card that lists for $120k in the US.
>
> --
> Eldon
>
>
>
> On Aug 14, 2016 22:21, "Michael Gehrmann" <mgehrmann at atlassian.com> wrote:
>
> Has anyone experienced/used the IPSEC modules for MLX or the like?
>
>
>
> Good/Bad/Ugly?
>
>
>
> --
>
> Michael Gehrmann
>
>
>
>
>
> _______________________________________________
> foundry-nsp mailing list
> foundry-nsp at puck.nether.net
> http://puck.nether.net/mailman/listinfo/foundry-nsp
>
>
> _______________________________________________
> foundry-nsp mailing list
> foundry-nsp at puck.nether.net
> http://puck.nether.net/mailman/listinfo/foundry-nsp
>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://puck.nether.net/pipermail/foundry-nsp/attachments/20160815/324a6a72/attachment-0001.html>
More information about the foundry-nsp
mailing list