[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

hifn cards



After much time waited and money spent I have a pretty sweet performance
lab type thingy!  I bought a couple of hifn cards from powercrypt.com.  Here
is my set up:

mix (celeron 400 w/ fxp ethernet)
10.4.4.3
|
switch (100 Mbit)
|
10.4.4.1
one (celeron 400 w/ fxp ethernet x2)
192.168.5.81
|
switch (100 Mbit)
|
192.168.5.82
two (celeron 400 w/ fxp ethernet x2)
10.3.3.1
|
switch (100 Mbit)
|
10.3.3.3
mux (celeron 400 w/ fxp ethernet)

I am running 2.6 release on mix and mux.  I am running a 2.7 snapshot on one
and two (OpenBSD one 2.7 GENERIC#35 i386).  I have an isakmpd negotiated VPN
between one and two.  This comes up and works fine if I don't put the crypto
cards in one and two.

netperf tcp stream without the VPN:

        mux     two     one     mix     
mux     (skip)  93.13   76.83   74.62   
two     93.64   (skip)  93.60   65.72   
one     75.92   92.72   (skip)  91.16   
mix     75.76   80.17   91.31   (skip)  

I left the crypto cards in the boxes, and I am at work now, so unfortunately
I can't get the numbers for with the VPN up.  However, they were what I
expected for doing Triple DES on a celeron (about 8 Mbps from mix to mux and
vice versa, not much change in the other numbers).

Inserting the crypto cards has had varied effects, depending on which PCI
slots I use for the ethernet and crypto cards.  Most of the time what happens
is that the boxes function fine as routers without doing ipsec, but they can't
route IPSec packets (probably because the hifn isn't functioning properly).
In at least one IRQ configuration, with a hifn card in only one of the two
boxes, the VPN came up and worked properly for pings and traceroutes, but when
I tried to do a netperf, it hung (IPSec stopped functioning, that is -- the
box still worked otherwise).

Moving the cards around changes the IRQ they get assigned.  I thought that
my problems might be related to the fact that the hifn card was sharing an IRQ
with the onboard sound crap that my motherboard has, so I changed things around
until the two ethernet interfaces shared IRQ 9, and the hifn card had it's own.
Here is the dmesg for the first (hifn and sound on IRQ 11) config, which
didn't work:

OpenBSD 2.7-beta (GENERIC) #35: Thu Apr 13 14:14:03 MDT 2000
    deraadt_(_at_)_i386_(_dot_)_openbsd_(_dot_)_org:/usr/src/sys/arch/i386/compile/GENERIC
cpu0: Intel Pentium II (Celeron) ("GenuineIntel" 686-class, 128KB L2 cache) 432 MHz
cpu0: FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,SYS,MTRR,PGE,MCA,CMOV,PAT,PSE36,MMX,FXSR
real mem  = 31830016 (31084K)
avail mem = 24940544 (24356K)
using 414 buffers containing 1695744 bytes (1656K) of memory
mainbus0 (root)
bios0 at mainbus0: AT/286+(00) BIOS, date 06/16/99
apm0 at bios0: Power Management spec V1.2
apm0: AC on, battery charge unknown
pci0 at mainbus0 bus 0: configuration mode 1 (no bios)
pchb0 at pci0 dev 0 function 0 "Intel 82810 Memory Hub" rev 0x02
"Intel 82810 Graphics" rev 0x02 at pci0 dev 1 function 0 not configured
ppb0 at pci0 dev 30 function 0 "Intel 82801AA Hub-to-PCI" rev 0x01
pci1 at ppb0 bus 1
fxp0 at pci1 dev 1 function 0 "Intel 82557" rev 0x08: irq 9, address 00:90:27:b4:1a:b0
inphy0 at fxp0 phy 1: i82555 10/100 media interface, rev. 4
eap0 at pci1 dev 7 function 0 "Ensoniq AudioPCI97" rev 0x06: irq 11
ac97: codec id 0x43525903
ac97: codec features headphone, 18 bit DAC, 18 bit ADC, No 3D Stereo
audio0 at eap0
fxp1 at pci1 dev 9 function 0 "Intel 82559" rev 0x08: irq 10, address 00:d0:b7:5d:50:ec
inphy1 at fxp1 phy 1: i82555 10/100 media interface, rev. 4
hifn0 at pci1 dev 10 function 0 "Hi/Fn 7751" rev 0x01: fully enabled, 1MB sram, irq 11
pcib0 at pci0 dev 31 function 0 "Intel 82801AA LPC Interface" rev 0x01
pciide0 at pci0 dev 31 function 1 "Intel 82801AA IDE" rev 0x01: DMA, channel 0 wired to compatibility, channel 1 w>
wd0 at pciide0 channel 0 drive 0: <ST38410A>
wd0: can use 32-bit, PIO mode 4, DMA mode 2, Ultra-DMA mode 4
wd0: 32-sector PIO, LBA, 8223MB, 16383 cyl, 16 head, 63 sec, 16841664 sectors
pciide0: channel 0 interrupting at irq 14
wd0(pciide0:0:0): using PIO mode 4, Ultra-DMA mode 2 (using DMA data transfers)
"Intel 82801AA USB" rev 0x01 at pci0 dev 31 function 2 not configured
"Intel 82801AA SMBus" rev 0x01 at pci0 dev 31 function 3 not configured
isa0 at pcib0
isadma0 at isa0
pcppi0 at isa0 port 0x61
midi0 at pcppi0: <PC speaker>
sysbeep0 at pcppi0
lpt0 at isa0 port 0x378/4 irq 7
npx0 at isa0 port 0xf0/16: using exception 16
pccom0 at isa0 port 0x3f8/8 irq 4: ns16550a, 16 byte fifo
pccom1 at isa0 port 0x2f8/8 irq 3: ns16550a, 16 byte fifo
vt0 at isa0 port 0x60/16 irq 1: vga 80 col, color, 8 scr, mf2-kbd
pms0 at vt0 irq 12
fdc0 at isa0 port 0x3f0/6 irq 6 drq 2
fd0 at fdc0 drive 0: 1.44MB 80 cyl, 2 head, 18 sec
biomask 4040 netmask 4e40 ttymask 5ec2
pctr: 686-class user-level performance counters enabled
mtrr: Pentium Pro MTRR support
fxp0: supplying EUI64: 00:90:27:ff:fe:b4:1a:b0
dkcsum: wd0 matched BIOS disk 80
root on wd0a
rootdev=0x0 rrootdev=0x300 rawdev=0x302
IP Filter: already initialized

Here is the dmesg for the second config (two fxps on IRQ 9) -- both ethernet
cards worked at full speed, but the hifn did not (IPSec hang up):

OpenBSD 2.7-beta (GENERIC) #35: Thu Apr 13 14:14:03 MDT 2000
    deraadt_(_at_)_i386_(_dot_)_openbsd_(_dot_)_org:/usr/src/sys/arch/i386/compile/GENERIC
cpu0: Intel Pentium II (Celeron) ("GenuineIntel" 686-class, 128KB L2 cache) 432 MHz
cpu0: FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,SYS,MTRR,PGE,MCA,CMOV,PAT,PSE36,MMX,FXSR
real mem  = 31830016 (31084K)
avail mem = 24940544 (24356K)
using 414 buffers containing 1695744 bytes (1656K) of memory
mainbus0 (root)
bios0 at mainbus0: AT/286+(00) BIOS, date 06/16/99
apm0 at bios0: Power Management spec V1.2
apm0: AC on, battery charge unknown
pci0 at mainbus0 bus 0: configuration mode 1 (no bios)
pchb0 at pci0 dev 0 function 0 "Intel 82810 Memory Hub" rev 0x02
"Intel 82810 Graphics" rev 0x02 at pci0 dev 1 function 0 not configured
ppb0 at pci0 dev 30 function 0 "Intel 82801AA Hub-to-PCI" rev 0x01
pci1 at ppb0 bus 1
fxp0 at pci1 dev 1 function 0 "Intel 82557" rev 0x08: irq 9, address 00:90:27:b4:1a:b0
inphy0 at fxp0 phy 1: i82555 10/100 media interface, rev. 4
eap0 at pci1 dev 7 function 0 "Ensoniq AudioPCI97" rev 0x06: irq 11
ac97: codec id 0x43525903
ac97: codec features headphone, 18 bit DAC, 18 bit ADC, No 3D Stereo
audio0 at eap0
hifn0 at pci1 dev 9 function 0 "Hi/Fn 7751" rev 0x01: fully enabled, 1MB sram, irq 10
fxp1 at pci1 dev 11 function 0 "Intel 82559" rev 0x08: irq 9, address 00:d0:b7:5d:50:ec
inphy1 at fxp1 phy 1: i82555 10/100 media interface, rev. 4
pcib0 at pci0 dev 31 function 0 "Intel 82801AA LPC Interface" rev 0x01
pciide0 at pci0 dev 31 function 1 "Intel 82801AA IDE" rev 0x01: DMA, channel 0 wired to compatibility, channel 1 w>
wd0 at pciide0 channel 0 drive 0: <ST38410A>
wd0: can use 32-bit, PIO mode 4, DMA mode 2, Ultra-DMA mode 4
wd0: 32-sector PIO, LBA, 8223MB, 16383 cyl, 16 head, 63 sec, 16841664 sectors
pciide0: channel 0 interrupting at irq 14
wd0(pciide0:0:0): using PIO mode 4, Ultra-DMA mode 2 (using DMA data transfers)
"Intel 82801AA USB" rev 0x01 at pci0 dev 31 function 2 not configured
"Intel 82801AA SMBus" rev 0x01 at pci0 dev 31 function 3 not configured
isa0 at pcib0
isadma0 at isa0
pcppi0 at isa0 port 0x61
midi0 at pcppi0: <PC speaker>
sysbeep0 at pcppi0
lpt0 at isa0 port 0x378/4 irq 7
npx0 at isa0 port 0xf0/16: using exception 16
pccom0 at isa0 port 0x3f8/8 irq 4: ns16550a, 16 byte fifo
pccom1 at isa0 port 0x2f8/8 irq 3: ns16550a, 16 byte fifo
vt0 at isa0 port 0x60/16 irq 1: vga 80 col, color, 8 scr, mf2-kbd
pms0 at vt0 irq 12
fdc0 at isa0 port 0x3f0/6 irq 6 drq 2
fd0 at fdc0 drive 0: 1.44MB 80 cyl, 2 head, 18 sec
biomask 4040 netmask 4640 ttymask 56c2
pctr: 686-class user-level performance counters enabled
mtrr: Pentium Pro MTRR support
fxp0: supplying EUI64: 00:90:27:ff:fe:b4:1a:b0
dkcsum: wd0 matched BIOS disk 80
root on wd0a
rootdev=0x0 rrootdev=0x300 rawdev=0x302
IP Filter: already initialized

I downloaded the latest snapshot kernel last night and played with that for
a while, but one and two's enet interfaces that face each other (192.168.5.81
and 192.168.5.82) kept getting inet6 addresses assigned to them that were the
same, and this was causing problems for inet4 connectivity.  Shouldn't the
inet6 address just get created from the inet4 address so that they are always
different if your inet4 addresses are?  Any tips from those who already have
their crypto cards working would be greatly appreciated.

thanks,
Jack




Visit your host, monkey.org