Friday Mar 30, 2007

Neptune and IPsec

That new NIC of ours rocks. Its best feature: incoming packet classification offload. "What?" you ask? Neptune can route incoming packets the CPUs most closely associated with the packet flows to which those incoming packets belong -- and this means lower latency because of hotter caches. Compris?

This classification works on 5-tuples (or hashes thereof), of course: source and destination addresses, next protocol (e.g., TCP, UDP, SCTP), source and destination port numbers.

Curiously absent from the data sheet: IPsec. So I asked and I found out: Neptune can classify just as well by IPsec SA SPI as by plaintext 5-tuples. Of course, so can Solaris, therefore Neptune, Niagara and Solaris fit together well, IPsec or no IPsec.

Excellent.

About

I'm an engineer at Oracle (erstwhile Sun), where I've been since 2002, working on Sun_SSH, Solaris Kerberos, Active Directory interoperability, Lustre, and misc. other things.

Search

Archives
« April 2014
SunMonTueWedThuFriSat
  
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
   
       
Today