[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: ipsec NICs?

To: "'Henry Spencer'" <henry@spsystems.net>, Michael Helm <helm@fionn.es.net>
Subject: RE: ipsec NICs?
From: "Strahm, Bill" <bill.strahm@intel.com>
Date: Mon, 6 Mar 2000 09:49:02 -0800
Cc: ipsec@lists.tislabs.com
Sender: owner-ipsec@lists.tislabs.com

The problem is that a few Mbits/sec are not fast enough for intranet cases.
While crypto acceleration isn't really necessary for WAN cases where people
are connecting through modems, DSL, T1 speeds, within intranets people are
wanting to talk at 100Mbit/Sec, soon to be 1Gbit/Sec for servers.

In these cases it makes a LOT of sense to throw a cheap crypto accelerator
at the problem rather than multiple General Purpose CPUs 

Bill

______________________________________________
Bill Strahm        Programming today is a race between
bill.strahm@      software engineers striving to build
intel.com           bigger and better idiot-proof programs,
(503) 264-4632   and the Universe trying to produce
            bigger and better idiots.  So far, the
                        Universe is winning.--Rich Cook
I am not speaking for Intel.  And Intel rarely speaks for me


> -----Original Message-----
> From: Henry Spencer [mailto:henry@spsystems.net]
> Sent: Monday, March 06, 2000 5:05 AM
> To: Michael Helm
> Cc: ipsec@lists.tislabs.com
> Subject: Re: ipsec NICs?
> 
> 
> On Sun, 5 Mar 2000, Michael Helm wrote:
> > Is there anyone keeping track of vendors' ipsec-friendly
> > NICs & other networking cards? ... think it's necessary to put
> > at least some crypto support for this set of standards
> > on the hardware in order for it to be practical on a wide
> > scale.
> 
> Why?  The commodity processors (200MHz Pentiums and the like) 
> currently
> being *thrown out* in favor of newer ones will do IPSEC using 
> 3DES -- a
> software-unfriendly algorithm if there ever was one -- and 
> MD5 at several
> megabits per second.  (I'm talking about measured end-to-end 
> data rates
> with real protocols, mind you, not theoretical calculations.) 
>  High-end
> consumer-market processors with software-optimized algorithms 
> should take 
> this up into the T3 range.
> 
> These standards are practical on cheap, commodity computers right now.
> Only people with very fat pipes have a real need for crypto hardware.
> 
>                                                           
> Henry Spencer
>                                                        
> henry@spsystems.net
> 
>

Follow-Ups:

RE: ipsec NICs?

From: Henry Spencer <henry@spsystems.net>

Prev by Date: Virtual adapters
Next by Date: Re: Q: Why IPSEC to be used only in CBC mode & not other like CFB or OFB ?
Prev by thread: Re: ipsec NICs?
Next by thread: RE: ipsec NICs?
Index(es):
- Main
- Thread