IETF Logo Mail Archive

Re: [IPsec] Discussion of draft-pwouters-ipsecme-multi-sa-performance

Valery Smyslov <smyslov.ietf@gmail.com> Fri, 28 October 2022 14:49 UTC

Return-Path: <smyslov.ietf@gmail.com>
X-Original-To: ipsec@ietfa.amsl.com
Delivered-To: ipsec@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D8162C14EB1C for <ipsec@ietfa.amsl.com>; Fri, 28 Oct 2022 07:49:51 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.108
X-Spam-Level:
X-Spam-Status: No, score=-2.108 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id OXDTNsEtr5RY for <ipsec@ietfa.amsl.com>; Fri, 28 Oct 2022 07:49:51 -0700 (PDT)
Received: from mail-ej1-x630.google.com (mail-ej1-x630.google.com [IPv6:2a00:1450:4864:20::630]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 15446C14E514 for <ipsec@ietf.org>; Fri, 28 Oct 2022 07:49:43 -0700 (PDT)
Received: by mail-ej1-x630.google.com with SMTP id ud5so13514086ejc.4 for <ipsec@ietf.org>; Fri, 28 Oct 2022 07:49:42 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=content-language:thread-index:content-transfer-encoding :mime-version:message-id:date:subject:in-reply-to:references:cc:to :from:from:to:cc:subject:date:message-id:reply-to; bh=n9bIK6WHT5UXz5jXvvk8CJSCOel/rgyV3d837NjzGX0=; b=GVhhv5k0oRa4xq0eGjhjkirb1/KcmAB/bGUqoetWzy7PE+f7oCJ6NpPfTVpkNSzC5d Gx3ez20teauoPrQJCGTB9N5Ql4YiQDzDdM7km8I9B4Fj98X/hQEo83zFfJkChTLXbGg0 e7Qtuvrw7eB0eF0B5W4DryUjtf6wH2JCcqrve/QiGKcReikZt2D+kswmofZz/F6OZTvS sg4I/vTMlUMRl8ASU6KjrXNiApptBbuDm2KN06nUPvdNuz97u2tGegIQP/ZrM47YojbM mPmliKvOsI+LqUjBIJGX/Bt+jn+BT379uzWxAL0LglE1n2hODQAnkTy551sRYApVxSP4 LZYw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=content-language:thread-index:content-transfer-encoding :mime-version:message-id:date:subject:in-reply-to:references:cc:to :from:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=n9bIK6WHT5UXz5jXvvk8CJSCOel/rgyV3d837NjzGX0=; b=boBuwx90TmLeEVfwgkzRK0vY3uSu1F1W7oK/kLYFpXxyHDsdFePQ9UFPro08Na0eds 6FntlgtvouHTwyGonFR4XgnUG0siUYug6QCAGtClxl9EHBN00LkjL4i90R06LNqIgY8A KJzC/jWIYJ/VEkklU+Tfc1Vsmq45WieHCZMmi1cAeWWJK1E26wBC4Z4z9ZFAfbqAbHwv UY7mYSuLA8YLKuZfHER8aqvNJLNeuEFQCO6D2IeBGJ5I+KY46yz+pmZKg+lb1ja3XbUa i8K1ZbTVWEvQ2mus4PqJV5yasLIPr2qWfg5dak2HPdPIFpL9L8vol6SMUqswM98ylSE8 x/2w==
X-Gm-Message-State: ACrzQf1XPtn6m8xjIf70OXLAER11LdCD9yEbwtqe3Dwk0+g7rxc+Rt3i Tl+TjcV38+7HQUYPgERfer2LG17tDEc=
X-Google-Smtp-Source: AMsMyM4SwsEK+RS2AtP+1Df8w0zKWFJ60DwCfXP2kqFzPqOqqrP671JjEdCmrJJ2qrztApygqx9W4A==
X-Received: by 2002:a17:906:3197:b0:73d:5e1a:44ac with SMTP id 23-20020a170906319700b0073d5e1a44acmr47060592ejy.512.1666968581256; Fri, 28 Oct 2022 07:49:41 -0700 (PDT)
Received: from buildpc ([93.188.44.204]) by smtp.gmail.com with ESMTPSA id t4-20020a508d44000000b0044e01e2533asm2914330edt.43.2022.10.28.07.49.40 (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128); Fri, 28 Oct 2022 07:49:40 -0700 (PDT)
From: Valery Smyslov <smyslov.ietf@gmail.com>
To: 'Tero Kivinen' <kivinen@iki.fi>
Cc: 'Paul Wouters' <paul@nohats.ca>, 'Steffen Klassert' <steffen.klassert@secunet.com>, 'Michael Richardson' <mcr+ietf@sandelman.ca>, 'IPsecME WG' <ipsec@ietf.org>
References: <20221021073714.GP3294086@gauss3.secunet.de> <F84D65B2-9A68-420D-BC55-2A6BD2542246@nohats.ca> <25433.44569.44812.537584@fireball.acr.fi> <0f1f01d8ea94$a7aecda0$f70c68e0$@gmail.com> <25435.58789.173613.113922@fireball.acr.fi>
In-Reply-To: <25435.58789.173613.113922@fireball.acr.fi>
Date: Fri, 28 Oct 2022 17:49:42 +0300
Message-ID: <0f8101d8eadc$841a9930$8c4fcb90$@gmail.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
X-Mailer: Microsoft Outlook 14.0
Thread-Index: AQLVvgOgavp9C7z+m4rVxUb5wgPy1QICEc6XAYCQ4PQCEOuKKgJobyTmq+pbPvA=
Content-Language: ru
Archived-At: <https://mailarchive.ietf.org/arch/msg/ipsec/CSGkXvqqQ14aCI7CHd5ODUNdMKM>
Subject: Re: [IPsec] Discussion of draft-pwouters-ipsecme-multi-sa-performance
X-BeenThere: ipsec@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: Discussion of IPsec protocols <ipsec.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ipsec>, <mailto:ipsec-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ipsec/>
List-Post: <mailto:ipsec@ietf.org>
List-Help: <mailto:ipsec-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ipsec>, <mailto:ipsec-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 28 Oct 2022 14:49:51 -0000

Hi Tero,

> Question is how many CPUs do you need to saturate 100 Gbit/s network
> link compared to how many HSM CPUs you need? is there more than 10
> times bigger number between them.

I think it depends on both CPUs and HSMs :-) And on algorithm too.
For example, AES has implemented in most modern CPUs and 
it's difficult for any HSM to have advantage here. On the other hand,
if an algorithm has only software implementation on a general purpose CPUs,
then specifically designed HSM even clocked with much lower
frequency will have better performance.

> Do you have any real world values for those? I.e., how fast can one
> modern cpu do crypto (just plain crypto, no ipsec etc), and how fast
> can some modern crypto hardware do the same?

No, these are only speculations.

Regards,
Valery.

> --
> kivinen@iki.fi

v2.23.0 | Report a Bug | By Email