Koofiyadda Cas ayaa daabacday natiijooyinka qiimeynta waxqabadka kanaalada isgaarsiineed ee qarsoodiga ah ee habaysan iyadoo la adeegsanayo nidaamka IPsec ee qalabka casriga ah, iyo sidoo kale isbarbardhigga IPsec ee ku salaysan algorithms sirta ah ee la xaqiijiyay AES-GCM iyo AES-SHA1.
Tijaabada waxaa lagu sameeyay qaybinta RHEL 9.4 ee server leh laba jiil afraad Intel Xeon Scalable processors (28 cores iyo 56 cores macquul ah ee CPU kasta), oo ku xidhan shabakada iyada oo loo sii marayo 100-gigabit Intel E810 adabtarada shabakadda. Dardargelinta IPsec-ku-saleysan ee hardware-ka oo leh hawl-gallada kaarka shabakadda ama Intel QAT waa naafo si loo helo fikradda waxqabadka xirmada software-ka. Hababka nidaamka waxaa loo dejiyay si waafaqsan astaanta "waxqabadka waxqabadka", dab-damiska dab-damiska waa la curyaamiyay, iyo habka iperf3 ee abuuraya taraafikada iyo kaarka shabakada kala gooyay gacan hayaha ayaa lagu xiray xudunta CPU ee ugu horreysa (si looga fogaado hoos u dhaca waxqabadka sababtoo ah socdaalka. ee gacan qabadayaasha NUMA ee aan ku xidhnayn kaarka shabakada).
Imtixaanka hal-xadhkaha leh ee IPsec ee IPV4 iyo IPv6, iyadoo la adeegsanayo hal xudunta CPU ee habka iperf3, waxqabadka 6 Gbit/s ee AES-GCM iyo 3.75 Gbit/s ee AES-SHA1 ayaa la duubay, i.e. AES-SHA1 waxay isu rogtay inay ka gaabiso AES-GCM ilaa 40%.
Markii la tijaabinayay durdurro badan oo isbarbar socda (tusaale kasta oo iperf3 ah waxaa lagu dhejiyay xudunta CPU-ga gaarka ah), wax-soo-saarka ugu sarreeya ee isticmaalaya AES-GCM wuxuu gaaray 50 Gbit/s oo loogu talagalay IPv4 iyo IPv6, taasoo muujinaysa awoodda si buuxda loogu isticmaali karo bandwidth-ka la heli karo ee caadiga ah. server oo leh laba kanaal oo isgaarsiineed oo 25-Gigabit ah ama hal kanaal oo 40-Gigabit ah oo aan lahayn dardargelinta qalabka (ama kala bar wax soo saarka isku xirka 100-Gigabit ee loo isticmaalay tijaabinta).
Source: opennet.ru
