Home » Mailing list archives » freebsd-net » 2009 » October » 9

Re: intel 82576 ipsec offload?

Previous thread: Choosing two 10GiGE cards by rihad on Wednesday, October 7, 2009 - 10:23 pm. (5 messages)

Next thread: Unbreak setfib + routing daemon [patch roundup] by Stef Walter on Thursday, October 8, 2009 - 6:35 pm. (1 message)
[view original message]
From: Siquijor Philips
Subject: intel 82576 ipsec offload?
Date: Wednesday, October 7, 2009 - 10:24 pm

Hi,

I got a dual-port Intel Gigabit NIC with 82576 (ET) chipset
http://www.intel.com/Assets/PDF/prodbrief/320116.pdf. It has a feature
on IPsec offloading but it only mentioned Microsoft Windows 2008 and
Vista servers. I wonder if FreeBSD have also support on this feature?

Thanks,
Siquijor
_______________________________________________
freebsd-net@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-net
To unsubscribe, send any mail to "freebsd-net-unsubscribe@freebsd.org"

[ message continues ]
[view original message]
From: Pyun YongHyeon
Subject: Re: intel 82576 ipsec offload?
Date: Thursday, October 8, 2009 - 10:45 am

AFAIK it's not yet, not sure whether Jack has plan to implement the
offloading. I know old Intel i82550 also supported IPSec offloading
but Intel didn't release required information to implement it. 3Com
also supported IPSec offloading in their 3XP hardwares(txp(4)) but
_______________________________________________
freebsd-net@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-net
To unsubscribe, send any mail to "freebsd-net-unsubscribe@freebsd.org"

[ message continues ]
[view original message]
From: Siquijor Philips
Subject: Re: intel 82576 ipsec offload?
Date: Thursday, October 8, 2009 - 9:14 pm

Hi Pyun,

Thanks for your info! By the way, who is Jack? Is he the author of
this driver? I really need to have this feature usable on the driver.
I bought these NICs with 82576 chipset for the purpose of implementing
IPsec in my network and my current FreeBSD servers could benefit it.
Just really thought it has support because FreeBSD was already part of
the supported operating system. I was alerted when I've re-read the
product info document again that it only support Windows 2008 and
Vista platforms. Now, I've confirmed that with the current existing
driver. I hope this guy has the plan of implementing it sooner because
I really need it.

Thanks,
Siquijor
_______________________________________________
freebsd-net@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-net
To unsubscribe, send any mail to "freebsd-net-unsubscribe@freebsd.org"

[ message continues ]
[view original message]
From: Jack Vogel
Subject: Re: intel 82576 ipsec offload?
Date: Friday, October 9, 2009 - 11:17 am

I am Jack, the network engineer at Intel responsible for all FreeBSD wired
lan drivers.
This is the first I've seen about this. Our understanding was that the
infrastructure needed
to do IPSec was not available for either Linux or FreeBSD, can you please
explain things?

If everything is there except the support in the driver then I might be able
to add that to
my queue.

Cheers,

Jack


On Thu, Oct 8, 2009 at 9:14 PM, Siquijor Philips
_______________________________________________
freebsd-net@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-net
To unsubscribe, send any mail to "freebsd-net-unsubscribe@freebsd.org"

[ message continues ]
[view original message]
From: Julian Elischer
Subject: Re: intel 82576 ipsec offload?
Date: Friday, October 9, 2009 - 11:47 am

If we knew what the driver would need then that might help too  :-)


_______________________________________________
freebsd-net@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-net
To unsubscribe, send any mail to "freebsd-net-unsubscribe@freebsd.org"

[ message continues ]
[view original message]
From: Pyun YongHyeon
Subject: Re: intel 82576 ipsec offload?
Date: Friday, October 9, 2009 - 11:48 am

I guess we already have crypto(9) infrastructure to support IPSec
in kernel. CCed to sam who may know what is required to implement
_______________________________________________
freebsd-net@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-net
To unsubscribe, send any mail to "freebsd-net-unsubscribe@freebsd.org"

[ message continues ]
[view original message]
From: Julian Elischer
Subject: Re: intel 82576 ipsec offload?
Date: Friday, October 9, 2009 - 12:03 pm

I guess what is required is dependent on whether it's just crypto
support, or whether the card is expected to track all the security
associations, or whether it expects to track just a subset of them.

I'm guessing that the latter may be the case.

_______________________________________________
freebsd-net@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-net
To unsubscribe, send any mail to "freebsd-net-unsubscribe@freebsd.org"

[ message continues ]
[view original message]
From: Jack Vogel
Subject: Re: intel 82576 ipsec offload?
Date: Friday, October 9, 2009 - 12:13 pm

I am out sick today, but I will see what I can find out early next week.

Jack


_______________________________________________
freebsd-net@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-net
To unsubscribe, send any mail to "freebsd-net-unsubscribe@freebsd.org"

[ message continues ]
[view original message]
From: Siquijor Philips
Subject: Re: intel 82576 ipsec offload?
Date: Saturday, October 10, 2009 - 8:03 am

Yes, basically I am implementing an IPsec infrastructure to our
network. Our network is composed of a main office and 3 branch offices
to be linked over VPN. I'm using both FreeBSD and Windows platforms.
Our FreeBSD (7.1-Release) platforms comprises the 4 firewall/gateways
(which should be also our VPN concentrators) as well as our mail
server (7.1-Release). The Windows platforms comprises the local/remote
clients (FreeBSD/Windows XP/Vista) and the Active Directory server
(Windows Server 2008).

Since our 4 FreeBSD perimeter firewall/gateways are currently
processing big amount of traffic, so I have decided to buy these Intel
NICs with IPsec offloading just to make sure it can carry out the
current traffic processing. Aside from that, our local and remote
FreeBSD clients will also be configured on transport-mode IPsec sooner
because these clients are also network intensive hosts. So, from here
I really wanted to have the IPsec offloading be available to my NICs

Yes, please because I really need to have my IPsec infra working sooner.

Thank you so much!

_______________________________________________
freebsd-net@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-net
To unsubscribe, send any mail to "freebsd-net-unsubscribe@freebsd.org"

[ message continues ]
Previous thread: Choosing two 10GiGE cards by rihad on Wednesday, October 7, 2009 - 10:23 pm. (5 messages)

Next thread: Unbreak setfib + routing daemon [patch roundup] by Stef Walter on Thursday, October 8, 2009 - 6:35 pm. (1 message)