2

Dear serverfault, I need to decide between deploying Opteron 6100 and Xeon Westmere EP, so I regard this a platform question. If not, it may be moved to stackoverflow and I hereby declare that I am very sorry.

Do any (F)OSS or proprietory IPSEC stacks already use the AES-NI functions of the Westmere-EP?

Thanks a bundle!

ps. If anyone would like to create the tag AES-NI, You're welcome. I couldn't due to lack of rep.

Richard West
  • 2,978
  • 12
  • 44
  • 49

1 Answers1

3

Yes, definitely - the Linux kernel cryptoapi (which is used by the kernel IPSEC functionality, and therefore most/all of the OSS IPSEC tools on Linux - strong/openswan, racoon/ipsec-tools) has supported Intel AES instructions since ~2.6.30.

CONFIG_CRYPTO_AES_NI_INTEL is the kernel config option to look for.

James
  • 7,643
  • 2
  • 24
  • 33
  • Thank You very much, James. This really helps, because my specs have been expanded to include multiple encrypted tunnels. Thank You also for the necessary kernel option. Do You have an idea if it also works from inside a virtualised guest os? (ps. I can't upvote right now, because I still have too little rep myself, but I'll upvote Your answer as soon as I can!) Oh and Richard, thanks for tagging! – deploymonkey May 17 '10 at 00:20
  • Not sure if it works inside a VM - never tried that myself. I would assume so as long as the VM passes through the CPU feature flags/instructions to the guest. If my answer helped, please mark the answer as accepted rather than just upvoting - thanks :) – James May 17 '10 at 11:25