White Papers
9
|
QAT Whitepaper
© 2019 Dell Inc. or its subsidiaries.
Packet Size
(Bytes)
Data Rate
(With IPSec
OpenSSL) -
Gbps
Data Rate
(With IPSec
AESNI) -
Gbps
Data Rate
(With IPSec
Intel
®
QAT) -
Gbps
100
0.242
1.43
2.46
300
0.39
2.39
4.97
500
0.569
2.86
6.82
700
0.615
5.39
10.25
900
0.706
3.2
10.79
1100
0.735
4.34
14.81
1300
0.768
4.34
15.91
1400
0.745
3.78
17.24
4. Example 2 – IPsec
In this experiment, the performance benefit of offloading encryption to the Intel QAT device in a simulated VPN tunnel is
demonstrated. The tunneling machine, running VPP,
6
was exercised with a traffic generator running TRex. To perform the
IPsec encryption, three methods were compared, employed by VPP at the tunnel: 1) openssl library without offload
2) Intel
®
AES-NI, and 3) Intel
®
QAT offload.
4.1 Lab Setup
Figure 10 shows the lab setup. The MX740c machines were configured as
follows:
• Tunneling Server: Intel
®
Xeon
®
Gold 5117 CPUs @ 2GHz, 30GB memory,
Intel
®
Ethernet 25G 2P XXV710 Mezzanine card, RHEL 7.6
• Traffic Generator: Intel
®
Xeon
®
Gold 6146 CPUs @ 3.2GHz, 376GB memory,
Intel
®
Ethernet 25G 2P XXV710 Mezzanine card, RHEL 7.6
The p1p1 and p1p2 are attached to Fabric A1 and A2 switches respectively in
the MX7000 chassis.
The configuration files and procedures for this experiment are detailed in
the Appendices, and additional reference material and links are listed in the
References section.
Figure 9 – Test setup for the IPsec
performance measurement
4.2 IPSec Performance Results
This section provides summary of results observed. The graph in Figure 9 shows that the benefit of offload, measured by
the data throughput per second, increased with packet size. This is intuitive because the overhead of the offload operation
is incurred more times per unit of data with the smaller packets. The figures measured by TRex are reported in Table 3.
Figure 10 – IPsec tunnel performance for encryption options
Table 3 – Resulting data throughput for various
encryption calculation methods