<div dir="ltr">Might be tricky to actually get wire speed throughput (both in and out at the same time). A lot will depend on things such as the NUMA architecture, where is the encryption process(es) running, where are interrupts going to service the network cards, etc. There are some NICs that will support IPSec offload onto the NIC. Something like a Mellanox ConnectX-3 Pro VPI might do the trick (though the NICs are over $1000 each) and you might have to code your own encryption software, not sure.<div><br></div><div>Probably doable but you burn 2U of rack space for that Dell vs a half a slot in an MLX. If you are doing a lot of these sorts of connections, it probably pays to just buy the card for the MLX. If you have someone sitting around with a lot of cycles to spare and they have the expertise to duplicate the performance, sure, I guess the hardware cost might be less, but you are probably paying that person more than the card costs.</div><div><br></div></div><div class="gmail_extra"><br><div class="gmail_quote">On Mon, Aug 15, 2016 at 9:34 AM, Sarpreet Basi <span dir="ltr"><<a href="mailto:sar@knowledgecomputers.net" target="_blank">sar@knowledgecomputers.net</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<div lang="EN-US" link="blue" vlink="purple">
<div>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1f497d">How about a
<u></u><u></u></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1f497d"><u></u> <u></u></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1f497d">Dell R730 w/ 4x 10GB bonded
<u></u><u></u></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1f497d"><u></u> <u></u></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1f497d">And something like pfsence,
<u></u><u></u></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1f497d"><a href="https://forum.pfsense.org/index.php?topic=87071.15" target="_blank">https://forum.pfsense.org/<wbr>index.php?topic=87071.15</a><u></u><u></u></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1f497d"><u></u> <u></u></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1f497d">should be able to get that for under $3k-4k.
<u></u><u></u></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1f497d"><u></u> <u></u></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1f497d">Not 100% sure, haven’t looked into it, but at quick glance the hardware seems to support, 7x PCIe 3.0
<u></u><u></u></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1f497d"><u></u> <u></u></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1f497d">Sarpreet<u></u><u></u></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1f497d"><u></u> <u></u></span></p>
<p class="MsoNormal"><b><span style="font-size:11.0pt;font-family:"Calibri",sans-serif">From:</span></b><span style="font-size:11.0pt;font-family:"Calibri",sans-serif"> foundry-nsp [mailto:<a href="mailto:foundry-nsp-bounces@puck.nether.net" target="_blank">foundry-nsp-bounces@<wbr>puck.nether.net</a>]
<b>On Behalf Of </b>George B<br>
<b>Sent:</b> Monday, August 15, 2016 8:00 AM<br>
<b>To:</b> Eldon Koyle <<a href="mailto:ekoyle%2Bpuck.nether.net@gmail.com" target="_blank">ekoyle+puck.nether.net@gmail.<wbr>com</a>><br>
<b>Cc:</b> foundry-nsp <<a href="mailto:foundry-nsp@puck.nether.net" target="_blank">foundry-nsp@puck.nether.net</a>><br>
<b>Subject:</b> Re: [f-nsp] Brocade IPSEC modules<u></u><u></u></span></p><div><div class="h5">
<p class="MsoNormal"><u></u> <u></u></p>
<div>
<p class="MsoNormal">Well, how much would a firewall that can do over 40G of wire speed IPSec cost you? A PA-7050 does 48G of IPSec throughput and starts at around $300K<u></u><u></u></p>
<div>
<p class="MsoNormal"><u></u> <u></u></p>
</div>
<div>
<p class="MsoNormal"><u></u> <u></u></p>
</div>
</div>
<div>
<p class="MsoNormal"><u></u> <u></u></p>
<div>
<p class="MsoNormal">On Mon, Aug 15, 2016 at 7:32 AM, Eldon Koyle <<a href="mailto:ekoyle+puck.nether.net@gmail.com" target="_blank">ekoyle+puck.nether.net@gmail.<wbr>com</a>> wrote:<u></u><u></u></p>
<blockquote style="border:none;border-left:solid #cccccc 1.0pt;padding:0in 0in 0in 6.0pt;margin-left:4.8pt;margin-right:0in">
<p>I'm still trying to recover from the sticker shock. They only have one option for ipsec, a 4-port 10g card that lists for $120k in the US.<u></u><u></u></p>
<p><span style="color:#888888">-- <br>
Eldon<u></u><u></u></span></p>
<div>
<p class="MsoNormal"><u></u> <u></u></p>
<div>
<div>
<div>
<p class="MsoNormal">On Aug 14, 2016 22:21, "Michael Gehrmann" <<a href="mailto:mgehrmann@atlassian.com" target="_blank">mgehrmann@atlassian.com</a>> wrote:<u></u><u></u></p>
</div>
</div>
<blockquote style="border:none;border-left:solid #cccccc 1.0pt;padding:0in 0in 0in 6.0pt;margin-left:4.8pt;margin-right:0in">
<div>
<div>
<div>
<p class="MsoNormal">Has anyone experienced/used the IPSEC modules for MLX or the like?<u></u><u></u></p>
<div>
<p class="MsoNormal"><u></u> <u></u></p>
</div>
<div>
<p class="MsoNormal">Good/Bad/Ugly?<u></u><u></u></p>
</div>
<div>
<div>
<p class="MsoNormal"><u></u> <u></u></p>
</div>
<p class="MsoNormal">-- <u></u><u></u></p>
<div>
<div>
<div>
<div>
<p class="MsoNormal">Michael Gehrmann<u></u><u></u></p>
<div>
<p class="MsoNormal"><u></u> <u></u></p>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
<p class="MsoNormal"><u></u> <u></u></p>
</div>
</div>
<p class="MsoNormal">______________________________<wbr>_________________<br>
foundry-nsp mailing list<br>
<a href="mailto:foundry-nsp@puck.nether.net" target="_blank">foundry-nsp@puck.nether.net</a><br>
<a href="http://puck.nether.net/mailman/listinfo/foundry-nsp" target="_blank">http://puck.nether.net/<wbr>mailman/listinfo/foundry-nsp</a><u></u><u></u></p>
</blockquote>
</div>
</div>
<p class="MsoNormal"><br>
______________________________<wbr>_________________<br>
foundry-nsp mailing list<br>
<a href="mailto:foundry-nsp@puck.nether.net" target="_blank">foundry-nsp@puck.nether.net</a><br>
<a href="http://puck.nether.net/mailman/listinfo/foundry-nsp" target="_blank">http://puck.nether.net/<wbr>mailman/listinfo/foundry-nsp</a><u></u><u></u></p>
</blockquote>
</div>
<p class="MsoNormal"><u></u> <u></u></p>
</div>
</div></div></div>
</div>
</blockquote></div><br></div>