Differences

This shows you the differences between two versions of the page.

--- documentation:examples:ipsec_performance_of_a_superserver_5018a-ftn4 [2020/09/22 11:51] – [DUT] olivier
+++ documentation:examples:ipsec_performance_of_a_superserver_5018a-ftn4 [2020/09/22 11:52] – [DUT] olivier
@@ Line 57: / Line 57: @@
 /boot/loader.conf:
 <code>
+# Loading AES-NI module sooner to be sure it is loaded before IPsec keys
 aesni_load="YES"
 </code>
@@ Line 104: / Line 105: @@
 ==== Reference Endpoint ====
+/boot/loader.conf:
+<code>
+# Loading AES-NI module sooner to be sure it is loaded before IPsec keys
+aesni_load="YES"
+</code>
 Configure IP address, routes and static IPSec:
 <code>
-# IPv4 router
 gateway_enable="YES"
 ifconfig_cxl0="inet 198.18.1.210/24 -tso4 -tso6 -lro -vlanhwtso"
 ifconfig_cxl1="inet 198.19.0.210/24 -tso4 -tso6 -lro -vlanhwtso"
 static_routes="generator receiver"
-route_generator="-net 198.18.0.0/16 198.18.1.208"
+route_generator="-net 198.18.0.0/16 198.18.2.208"
 route_receiver="-net 198.19.0.0/16 198.19.0.2"
 static_arp_pairs="generator receiver"
 static_arp_generator="198.18.1.208 00:07:43:2e:e5:98"
-static_arp_receiver="198.19.0.2 00:07:43:2f:fe:ba"
+static_arp_receiver="198.19.0.2 00:07:43:2f:fe:b9"
 # IPv6 router
@@ Line 124: / Line 130: @@
 ifconfig_cxl1_ipv6="inet6 2001:2:0:8000::210 prefixlen 64"
 ipv6_static_routes="generator receiver"
-ipv6_route_generator="2001:2:: -prefixlen 49 2001:1::208"
+ipv6_route_generator="2001:2:: -prefixlen 49 2001:2:0:2::208"
 ipv6_route_receiver="2001:2:0:8000:: -prefixlen 49 2001:2:0:8000::2"
 static_ndp_pairs="generator receiver"
 static_ndp_generator="2001:2:0:1::208 00:07:43:2e:e5:98"
-static_ndp_receiver="2001:2:0:8000::2 00:07:43:2f:fe:ba"
+static_ndp_receiver="2001:2:0:8000::2 00:07:43:2f:fe:b9"
+cloned_interfaces="ipsec0"
+create_args_ipsec0="reqid 200"
+ifconfig_ipsec0="inet 198.18.2.210/24 198.18.2.208 tunnel 198.18.1.210 198.18.1.208"
+ifconfig_ipsec0_ipv6="inet6 2001:2:0:2::210 prefixlen 64"
-# Enabling IPSec
+# Enabling IPsec
-kld_list="aesni"
 ipsec_enable="YES"
 </code>
@@ Line 140: / Line 149: @@
 flush;
 spdflush;
-spdadd 198.18.0.0/16 198.19.0.0/16 any -P in ipsec esp/tunnel/198.18.1.208-198.18.1.210/require;
+add 198.18.1.208 198.18.1.210 esp 10000 -m tunnel -u 200 -E aes-gcm-16 "12345678901234567890";
-spdadd 198.19.0.0/16 198.18.0.0/16 any -P out ipsec esp/tunnel/198.18.1.210-198.18.1.208/require;
+add 198.18.1.210 198.18.1.208 esp 10001 -m tunnel -u 200 -E aes-gcm-16 "12345678901234567890";
-add 198.18.1.208 198.18.1.210 esp 0x1000 -E aes-gcm-16 "12345678901234567890";
-add 198.18.1.210 198.18.1.208 esp 0x1001 -E aes-gcm-16 "12345678901234567890";
-spdadd 2001:2::/49 2001:2:0:8000::/49 any -P in ipsec esp/tunnel/2001:2:0:1::208-2001:2:0:1::210/require;
-spdadd 2001:2:0:8000::/49 2001:2::/49 any -P out ipsec esp/tunnel/2001:2:0:1::210-2001:2:0:1::208/require;
-add 2001:2:0:1::208 2001:2:0:1::210 esp 0x1002 -E aes-gcm-16 "12345678901234567890";
-add 2001:2:0:1::210 2001:2:0:1::208 esp 0x1003 -E aes-gcm-16 "12345678901234567890";
 </code>