Desktop Nics with Cryptography offloading
Sandy Harris
sandy at storm.ca
Sun Jul 22 11:50:45 EDT 2001
Justin Funke wrote:
>
> I have specifically asked Intel if these "S" series NICs would offload the
> encryption/decryption for standard "public" VPN's vs "LAN" encrypted
> communications.
>
> They claim that it is not possible but I don't see how this is true. If it
> is offloading IPSEC traffic how does the nic know what is public vs. private
> traffic.
>
> http://www.intel.com/network/connectivity/resources/doc_library/data_sheets/
> pro100s.pdf
>
> And if it does have a way of detecting it - couldn't the traffic be
> encapsulated to trick the Nic into thinking it was a local connection.
An Intel staff member has recently turned up on the design discussion list
for the FreeS/WAN implementation of IPSEC for Linux. He says he has patches
to make FreeS/WAN work with some Intel accelerated cards.
Check list archives for details:
http://lists.freeswan.org/mailman/listinfo/design
Description of the current state of hardware acceleration for FreeS/WAN
is at:
http://www.freeswan.org/freeswan_trees/freeswan-1.91/doc/compat.html#hardware
More expensive alternatives might be
www.redcreek.com
an IPSEC gateway on a card, with its own CPU plus crypto chips
www.merilus.com
Merilus Firecard, a Linux firewall including IPSEC on a PCI card.
VPN is sponsored by SecurityFocus.com
More information about the VPN
mailing list