IPsec

Before the Solaris IPsec module can use the T2 cryptographic hardware it is necessary to obtain an n2cp activation file, n2cp.esa, as discussed here. This activation file can be obtained here. You can ensure you have the version of n2cp.esa that corresponds to the version of n2cp being used by using elfsign:

elfsign verify -e /platform/sun4v/kernel/drv/sparcv9/n2cp

For offloads to the hardware from kernel consumers, there is a notion of an offload threshold i.e. objects smaller than the threshold will be processed in software rather than hardware. This can be important for of-chip accelerator cards, where the offload costs can be sufficiently large to make it inefficient to process small objects using the hardware. By default, this threshold is set to 512-bytes. It can be modified by adding the following to /etc/system (reboot required):

set kcf:kcf_aes_threshold = 150

Similar thresholds exist for the other ciphers and can be adjusted in the same manner. 

 Useful info on how to maximize the performance of your 10GbE can be found here.

Enter labels to add to this page:
Please wait 
Looking for a label? Just start typing.

Sign up or Log in to add a comment or watch this page.


The individuals who post here are part of the extended Sun Microsystems community and they might not be employed or in any way formally affiliated with Sun Microsystems. The opinions expressed here are their own, are not necessarily reviewed in advance by anyone but the individual authors, and neither Sun nor any other party necessarily agrees with them.

Copyright 1994-2009 Sun Microsystems, Inc.
Powered by Atlassian Confluence Sun Guidelines on Public Discourse Privacy Policy Terms of Use Trademarks Site Map Employment Investor Relations Contact