Fast MAC algorithms?
james hughes
hughejp at mac.com
Thu Jul 23 19:33:58 EDT 2009
Note for Moderator. This is not crypto but TOE being the solution to
networking performance problems is a perception that is dangerous to
leave in the crypto community.
On Jul 23, 2009, at 11:45 PM, Nicolas Williams wrote:
> On Thu, Jul 23, 2009 at 05:34:13PM +1200, Peter Gutmann wrote:
>> "mheyman at gmail.com" <mheyman at gmail.com> writes:
>>> 2) If you throw TCP processing in there, unless you are
>>> consistantly going to
>>> have packets on the order of at least 1000 bytes, your crypto
>>> algorithm is
>>> almost _irrelevant_.
>>> [...]
>>> for a Linux 2.2.14 kernel, remember, this was 10 years ago.
>>
>> Could the lack of support for TCP offload in Linux have skewed
>> these figures
>> somewhat? It could be that the caveat for the results isn't so
>> much "this was
>> done ten years ago" as "this was done with a TCP stack that ignores
>> the
>> hardware's advanced capabilities".
>
> How much NIC hardware does both, ESP/AH and TCP offload? My guess:
> not
> much. A shame, that.
>
> Once you've gotten a packet off the NIC to do ESP/AH processing,
> you've
> lost the opportunity to use TOE.
IPSEC offload can have value. TOE are far more controversial.
TOEs that are implemented in a slow processor in a NIC card have been
shown many times to be ineffective compared to keeping TCP in the
fastest CPU (where it is now). For vendors that can't optimize their
TCP implementation (because it is just too complicated for then?) TOE
is a siren call that detracts them from their real problem. Look at
Van Jacobson post of May 2000 entitled "TCP in 30 instructions".
http://www.pdl.cmu.edu/mailinglists/ips/mail/msg00133.html
There was a paper about this, but I am at a loss to find it. One can
go even farther back to "An Analysis of TCP Processing Overhead",
Clark, Jacobson, Romkey and Salwen in 1989 which states "The protocol
itself is a small fraction of the problem".
http://citeseerx.ist.psu.edu/viewdoc/summary?doi=10.1.1.75.5741
Back to crypto please.
> Nico
> --
>
> ---------------------------------------------------------------------
> The Cryptography Mailing List
> Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com
More information about the cryptography
mailing list