[Info-vax] Still no IPSEC for TCP/IP services?
Paul Sture
paul at sture.ch
Wed May 23 11:29:12 EDT 2012
On Wed, 23 May 2012 10:24:50 +0200, Dirk Munk wrote:
> The CPU cycles argument is an interesting point. IPsec works directly on
> IP, so it is situated between IP and the higher layers like TCP and UDP.
> All high end NICs have a TCP offload engine, and that would mean that
> the NIC should do the IPsec work as well. Sending the received data from
> IP to the IPsec layer in software and then back to the NIC for the TCP
> offload engine is rather silly. The alternative is that TCP and iSCSI
> are not handled by the NIC but instead by the TCP/IP stack of the
> system.
The approach that the XFS file system folks have taken is of interest
here. XFS explicitly makes no attempt to do either encryption or
compression. They state that these should be done by a combination of
apps and hardware, and it makes the job of the file system much simpler.
--
Paul Sture
More information about the Info-vax
mailing list