Several days ago my staff bought some network cards for our stock. Today I took a look, and to my surprise, it’s a model from 3Com with a chip titled “Crypto”. Could it be….?
Nowadays we use SSL a lot, most of the time without us even realizing it. ssh, scp, rsync – these are just a few example of software based on SSL. Then we have their derivatives — sshfs for example, a filesystem based on ssh.
SSL is not just about browsing to ecommerce website anymore. It’s pretty much integrated into our daily activities.
However, as you may have noticed, the encryption process kills performance. It’s very processor-intensive, and thus decrease the transfer rate, significantly. For huge file transfers, I had to use FTP or HTTP, since the speed is just too slow using scp.
So an SSL accelerator can make overall system performance better. That’s what I was hoping when I saw these 3Com 3CR990 (also known as “Typhoon”) cards.
Alas, no such luck.
The crypto chip was only for DES, which is a very weak encryption, for use on IPSEC. OpenBSD developers also noted that the chip is pretty buggy. And no driver for the crypto chip on Linux (and in OpenBSD), so we can only utilize its 3XP chip to offload several TCP processing (checksum, etc). It doesn’t bring much increase in system performance though.
I didn’t want to give up, so I look around for another mass-produced SSL accelerators.
I found SSL offloaders instead. Basically, these are expensive products (some costing US$ 20.000 or more) which would receive all SSL communications, and then relay the plaintext (deciphered) packets to the servers “behind” it.
This brings security risk though, since we no longer have end-to-end encryption (which may in turn bring liability issues, if we have promised our customers that we do).
I failed to find any other consumer-level SSL accelerators, except for (surprise) — VIA C3 CPUs.
These C3 chips with Nehemiah core are able to process AES-128 for OpenSSL at rate of 780 MBps (that’s 6.2 Gbps). Mighty awesome !
It’s already supported in Linux since 2006, and patch for OpenSSL existed, giving instant performance-boost to SSL-related applications. Michal claimed that he actually able to reach speed of 1.8 GBps / 14.4 Gbps.
You can fully saturate a 100 Mbps (or even 1 Gbps) ethernet link with full, and very strong, encryption. So if you want / need accelerated SSL performance, now you know which CPU to use.
Now if only someone would slap these cheap chips (about US$ 33 each) onto NICs and selling them as SSL accelerators, I would be buying. It would be way cheaper that current SSL-accelerator NICs currently selling at > US$ 1000, and probably much faster too. And then we are free to choose other CPU for the server.
Any takers ? 🙂
If anyone’s interested to buy those Typhoon / 3CR990 3Com cards, at the moment they’re for sale at Queen-tech.com for only Rp 25,000 (about US$ 2.50)
Putting C3 at NIC is look like putting a PC at NIC, Remember C3 basicaly is an x86 compatible processor with crypto accelerator inside.
Using crypto accelerator outside processor has another disadvantage. Data transfer between processor and accelerator become bottleneck for the whole performance.
Ass…Pa kabar Pak Hary..Mudah-mudahan ingat dengan saya ex mahasiswa ITP yang masang jaringan Inherent.
Pak saya mau nanya nich..ada tahu alamat nya web yang nyediain SSL yang free buat certificate nya.
Trus ada ngak script php untuk cnvert pdf to xml.
tq
@sueng – PCI’s bandwidth is 133 MBps / 1064 Mbps. When a C3 chip is put on a NIC (network interface card), it would still be able to fully saturate a 100 Mbps connection.
.
Also, other SSL accelerators (with price tag around US$ 1000) are all PCI cards as well.
.
CMIIW.
.
@Rizal – Wsww, silakan bisa ditemukan disini
.
Konverter PDF ke XML bisa ditemukan disini.
Nice post, I’m very interesting
“If anyone’s interested to buy those Typhoon / 3CR990 3Com cards, at the moment they’re for sale at Queen-tech.com for only Rp 25,000 (about US$ 2.50)”
NICE POST! THANKS!
Scott
Vevery interesting, I may be getting a couple of those.
Its really amazing…. 🙂 Nice contents
If you want to know something about forex
–> http://foreign-exchange-ideas.blogspot.com visit here..
3com gear generally does cost more but i find its worth it you can always pick up second hand gear if price is a problem.
Forex trading robot 95% win ratio! Moneyback guarantee
Heard of forex trading?
Proof of live accounts going from $370 to $7,300 in 2 months.
95% win ratio over past 9 years.
60 day Money back guarantee!
I agree with idea. And hope that it will be useful in the days ahead.
Great post… thank for your share…
Hanya saja karena ada stigma yang lebih negatif soal perjodohan, maka saya membuat posting ini, yang memberikan contoh sebaliknya
PDF Creator can creat PDF document files from Microsoft Office 2003/2007/2010 (Word, Excel, PowerPoint), image (JPEG, GIF, TIFF, PNG, BMP), Text, RTF, CHM, DjVu and more printable files.
PDF Creator
JPEG to PDF
GIF to PDF
PNG to PDF
SSL is not just about browsing to ecommerce website anymore. It’s pretty much integrated into our daily activities.