%201.png?width=302&name=Netgate%20Logo%20PMS%20(horizontal)%201.png "NetgateColorLogoRegisteredRGB.png")
Kristof Provost will be presenting a paper by Netgate engineer Leon Dang titled "Boosting IPsec and VPN Performance in pfSense Software with IIMB" at AsiaBSDCon 2023. The presentation is scheduled for April 1 at 15:30, in Room B. AsiaBSDCon 2023 runs from March 30 to April 2 at the Tokyo University of Science in Tokyo, Japan.
Leon is a software engineer at Netgate with more than 20 years of FreeBSD kernel and systems experience. He has been a systems developer for companies creating virtualization and networking technologies, including work as a platform engineer at VMware. His contributions to FreeBSD include being an early co-developer for bhyve. He joined Netgate because the company has tangible customer impact and is a major contributor to open source.
Kristof is an embedded software engineer specializing in networking and video applications. He is a board member of the EuroBSDCon Foundation and he has been working with BSD for more than 13 years.
This paper and presentation describe work at Netgate which extends FreeBSD's Open Crypto Framework (OCF), to reduce CPU overhead and significantly improve VPN performance and scalability, by integrating the Intel® Multi-Buffer Crypto for IPsec Library (IIMB) for key cryptographic transforms.
Intel developed IIMB, a library of cipher implementations used in IPsec VPNs and written in assembly, to encourage use of the extended (vector) instructions in Intel processors. Netgate has used these IIMB functions to implement ciphers AES-GCM, AES-CBC and ChaCha20-Poly1305, improving performance by taking advantage of the streaming SIMD Extensions (SSE) available in Intel processors. Netgate has also enabled use of SIMD extensions on arm64, integrating support for AES-GCM from ISA-L and ChaCha20-Poly1305 from OpenSSL.
While use of these extended processor instructions does not outperform the best hardware accelerators, it does deliver significant and measurable performance improvements in pfSense software.
This presentation is scheduled for April 1 at 15:30, in Room B, on Day 3 of the conference. AsiaBSDCon 2023 runs from March 30 to April 2, 2023, at the Tokyo University of Science in Tokyo, Japan. Netgate will be offering two additional presentations at AsiaBSDCon on April 1: Brad Davis will be speaking about pfSense direction and Kristof will be giving a second talk on the FreeBSD implementation of OpenVPN Data Channel Offload (DCO). We hope to see you at AsiaBSDCon 2023 in Tokyo.