Jump to content
Not connected, Your IP: 3.17.183.187
user37

AES-NI Performance Analyzed

Recommended Posts

This is interesting, I did not know about built in proccesor encryption.   I am only running an older A series AMD A-6 apu without aes. Is this built in encryption something that would be benificial to our airvpn encryption and connection speed as well? I am researching new computers and that's how I came accross this article.

 

http://www.tomshardware.com/reviews/clarkdale-aes-ni-encryption,2538.html

 

 

 

Share this post


Link to post

The AES instruction set is an extension of Intel CPUs with the goal to speed up encryption and decryption (E/D) performance.

 

OpenSSL, the SSL library used with OpenVPN, is compatible with those instructions. I assume this does have a notable effect on connection speeds as the new instructions increase the throughput. But to "feel" the change you'd need a very fast connection, one which could really challenge your CPU with E/D.

For example, I have 3500 kbits down, 450 up.. I won't notice any interesting change using AES-NI. With simultaneous download and upload my CPU is using barely 4% of CPU time. I have a Core2Quad with sufficient speeds not capable of AES-NI.

 

So: If you have a really fast internet connection, maybe more than 16 or even 32 mbits download, you could consider buying a CPU capable of AES-NI. Look here for reference on which CPUs does support them, here for a detailed list with search.


NOT AN AIRVPN TEAM MEMBER. USE TICKETS FOR PROFESSIONAL SUPPORT.

LZ1's New User Guide to AirVPN « Plenty of stuff for advanced users, too!

Want to contact me directly? All relevant methods are on my About me page.

Share this post


Link to post

I purchased a refurbished computer with nothing but windows 7 premium on it (don't want windows 8 just yet). It has the Intel i5-3340 with AES-NI.

I added a nice AMD graphics card which complements the i5 much better then it's included graphics did. It does seem to handle general encryption tasks faster then my older apu. I can't say if the new cpu does or does not affect the speed of an encrypted vpn tunnel, but,

pages sure load up faster, video and music stream better, and while running other tasks, even when connection speed falls. I upgraded to the i5/AMD combo for my photo and video editing software mainly.  But with the demand for personal privacy increasing, and the use of encryption becoming common place, a cpu with AES-NI makes sense.  Besides, the i5 will smoke your socks off

Share this post


Link to post

The AES instruction set is an extension of Intel CPUs with the goal to speed up encryption and decryption (E/D) performance.

 

OpenSSL, the SSL library used with OpenVPN, is compatible with those instructions. I assume this does have a notable effect on connection speeds as the new instructions increase the throughput. But to "feel" the change you'd need a very fast connection, one which could really challenge your CPU with E/D.

For example, I have 3500 kbits down, 450 up.. I won't notice any interesting change using AES-NI. With simultaneous download and upload my CPU is using barely 4% of CPU time. I have a Core2Quad with sufficient speeds not capable of AES-NI.

 

So: If you have a really fast internet connection, maybe more than 16 or even 32 mbits download, you could consider buying a CPU capable of AES-NI. Look here for reference on which CPUs does support them, here for a detailed list with search.

 

I have a 152Mbps connection and find this interesting. Can anyone please confirm whether the instruction 'AES' in AMD CPUs is the same (or at least, has the same function) as the AES-NI in Intel chips? In other words, can I buy an AMD chip to do this job or is it Intel only? Many thanks in advance.

Share this post


Link to post

 

The AES instruction set is an extension of Intel CPUs with the goal to speed up encryption and decryption (E/D) performance.

 

OpenSSL, the SSL library used with OpenVPN, is compatible with those instructions. I assume this does have a notable effect on connection speeds as the new instructions increase the throughput. But to "feel" the change you'd need a very fast connection, one which could really challenge your CPU with E/D.

For example, I have 3500 kbits down, 450 up.. I won't notice any interesting change using AES-NI. With simultaneous download and upload my CPU is using barely 4% of CPU time. I have a Core2Quad with sufficient speeds not capable of AES-NI.

 

So: If you have a really fast internet connection, maybe more than 16 or even 32 mbits download, you could consider buying a CPU capable of AES-NI. Look here for reference on which CPUs does support them, here for a detailed list with search.

 

I have a 152Mbps connection and find this interesting. Can anyone please confirm whether the instruction 'AES' in AMD CPUs is the same (or at least, has the same function) as the AES-NI in Intel chips? In other words, can I buy an AMD chip to do this job or is it Intel only? Many thanks in advance.

 

 

Wikipedia - Supporting CPU's

 

Also, if it has "AES" instructions, it is the same thing.

 

EDIT: ...and then I saw that the post you quoted had the same link I provided. None the less, using an AES enabled chip helps tremendously. This has been discussed in depth amongst those of us using pfSense to connect. For you to get the most of your connection you will want to use an AES chip.


Have my guides helped you? Help me keep helping you, use my referral: userbar.png

How to set up pfSense 2.3 for AirVPN

Friends don't let friends use consumer networking equipment!

Share this post


Link to post

 

 

 

The AES instruction set is an extension of Intel CPUs with the goal to speed up encryption and decryption (E/D) performance.

 

OpenSSL, the SSL library used with OpenVPN, is compatible with those instructions. I assume this does have a notable effect on connection speeds as the new instructions increase the throughput. But to "feel" the change you'd need a very fast connection, one which could really challenge your CPU with E/D.

For example, I have 3500 kbits down, 450 up.. I won't notice any interesting change using AES-NI. With simultaneous download and upload my CPU is using barely 4% of CPU time. I have a Core2Quad with sufficient speeds not capable of AES-NI.

 

So: If you have a really fast internet connection, maybe more than 16 or even 32 mbits download, you could consider buying a CPU capable of AES-NI. Look here for reference on which CPUs does support them, here for a detailed list with search.

I have a 152Mbps connection and find this interesting. Can anyone please confirm whether the instruction 'AES' in AMD CPUs is the same (or at least, has the same function) as the AES-NI in Intel chips? In other words, can I buy an AMD chip to do this job or is it Intel only? Many thanks in advance.

 

Wikipedia - Supporting CPU's

 

Also, if it has "AES" instructions, it is the same thing.

 

EDIT: ...and then I saw that the post you quoted had the same link I provided. None the less, using an AES enabled chip helps tremendously. This has been discussed in depth amongst those of us using pfSense to connect. For you to get the most of your connection you will want to use an AES chip.

 

My apologies. I hadn't slept a whole day/night/day when I replied and completely missed that. I appreciate you taking time to reply and confirming I'm OK to buy AMD. I run IPFire myself, rather than pfSense, but I'm considering moving over as although IPFire is decent it's a little glitchy recently. I'm wanting to build a Jaguar (AM1 SoC) router to replace my old IPFire box, and now I know it supports AES also, my mind is made up. Thanks again for the reply.

Share this post


Link to post

 

 

 

The AES instruction set is an extension of Intel CPUs with the goal to speed up encryption and decryption (E/D) performance.

 

OpenSSL, the SSL library used with OpenVPN, is compatible with those instructions. I assume this does have a notable effect on connection speeds as the new instructions increase the throughput. But to "feel" the change you'd need a very fast connection, one which could really challenge your CPU with E/D.

For example, I have 3500 kbits down, 450 up.. I won't notice any interesting change using AES-NI. With simultaneous download and upload my CPU is using barely 4% of CPU time. I have a Core2Quad with sufficient speeds not capable of AES-NI.

 

So: If you have a really fast internet connection, maybe more than 16 or even 32 mbits download, you could consider buying a CPU capable of AES-NI. Look here for reference on which CPUs does support them, here for a detailed list with search.

I have a 152Mbps connection and find this interesting. Can anyone please confirm whether the instruction 'AES' in AMD CPUs is the same (or at least, has the same function) as the AES-NI in Intel chips? In other words, can I buy an AMD chip to do this job or is it Intel only? Many thanks in advance.

 

Wikipedia - Supporting CPU's

 

Also, if it has "AES" instructions, it is the same thing.

 

EDIT: ...and then I saw that the post you quoted had the same link I provided. None the less, using an AES enabled chip helps tremendously. This has been discussed in depth amongst those of us using pfSense to connect. For you to get the most of your connection you will want to use an AES chip.

 

My apologies. I hadn't slept a whole day/night/day when I replied and completely missed that. I appreciate you taking time to reply and confirming I'm OK to buy AMD. I run IPFire myself, rather than pfSense, but I'm considering moving over as although IPFire is decent it's a little glitchy recently. I'm wanting to build a Jaguar (AM1 SoC) router to replace my old IPFire box, and now I know it supports AES also, my mind is made up. Thanks again for the reply.

 

If you are going to be starting from scratch buying a new board, I don't recommend AMD. Not because the processor is bad, but because most motherboards don't have network cards compatible with pfSense. The current ideal platform is the C2558 or c2578 based Supermicro Intel Atom boards (Rangely). They have quad Intel Server class network interfaces. For AMD you would need to purchase a separate network card, and the ones you need can be expensive. You'll find the price difference for an AMD build to be similar, but you will be getting much higher end equipment for the same price with a Rangely board. Just my thoughts!


Have my guides helped you? Help me keep helping you, use my referral: userbar.png

How to set up pfSense 2.3 for AirVPN

Friends don't let friends use consumer networking equipment!

Share this post


Link to post

 

If you are going to be starting from scratch buying a new board, I don't recommend AMD. Not because the processor is bad, but because most motherboards don't have network cards compatible with pfSense. The current ideal platform is the C2558 or c2578 based Supermicro Intel Atom boards (Rangely). They have quad Intel Server class network interfaces. For AMD you would need to purchase a separate network card, and the ones you need can be expensive. You'll find the price difference for an AMD build to be similar, but you will be getting much higher end equipment for the same price with a Rangely board. Just my thoughts!

 

Unfortunately I can't seem to find those in the UK? The C2558 only resolves to a car part rather than computer equipment on a cursory Google search and none of my usual suppliers stock anything of the sort. I currently have half a dozen Intel server NICs (Intel Pro 1000PT dual port varieties mostly) so I assume I'd be safe to reuse those regardless of platform chosen rather than rely on onboard equipment?

Share this post


Link to post

Unfortunately I can't seem to find those in the UK? The C2558 only resolves to a car part rather than computer equipment on a cursory Google search and none of my usual suppliers stock anything of the sort. I currently have half a dozen Intel server NICs (Intel Pro 1000PT dual port varieties mostly) so I assume I'd be safe to reuse those regardless of platform chosen rather than rely on onboard equipment?

 

http://www.supermicro.com/wheretobuy/europe.cfm?rgn=132

http://www.supermicro.com/products/motherboard/ATOM/

 

It is harder to find the 2558 based boards, you have to look at places that sell servers etc. The standard consumer circles don't carry these.

 

You certainly could use those cards provided you have pci slots for them, however they do not support the same offloading features as the i354 nic's onboard those Atoms. If you have a 150Mb connection, it might be a consideration seeing you will be using a VPN.


Have my guides helped you? Help me keep helping you, use my referral: userbar.png

How to set up pfSense 2.3 for AirVPN

Friends don't let friends use consumer networking equipment!

Share this post


Link to post

 

Unfortunately I can't seem to find those in the UK? The C2558 only resolves to a car part rather than computer equipment on a cursory Google search and none of my usual suppliers stock anything of the sort. I currently have half a dozen Intel server NICs (Intel Pro 1000PT dual port varieties mostly) so I assume I'd be safe to reuse those regardless of platform chosen rather than rely on onboard equipment?

 

http://www.supermicro.com/wheretobuy/europe.cfm?rgn=132

http://www.supermicro.com/products/motherboard/ATOM/

 

It is harder to find the 2558 based boards, you have to look at places that sell servers etc. The standard consumer circles don't carry these.

 

You certainly could use those cards provided you have pci slots for them, however they do not support the same offloading features as the i354 nic's onboard those Atoms. If you have a 150Mb connection, it might be a consideration seeing you will be using a VPN.

 

OK from what I've found so far it's going to cost in the region of five times more for the Rangeley setup than it would for Kabini/Jaguar re-using my existing Intel Pro NICs. Unfortunately I'm going to have to rule out Rangelely at least for now. Although I appreciate the improved quality and flexibility, C2558 boards would cost me about $450 to $500 equivalent whereas the same in Kabini/Jaguar would be $75 to $80 at most. Looks like I'm going to have to 'make do'.

Share this post


Link to post

 

 

Unfortunately I can't seem to find those in the UK? The C2558 only resolves to a car part rather than computer equipment on a cursory Google search and none of my usual suppliers stock anything of the sort. I currently have half a dozen Intel server NICs (Intel Pro 1000PT dual port varieties mostly) so I assume I'd be safe to reuse those regardless of platform chosen rather than rely on onboard equipment?

 

http://www.supermicro.com/wheretobuy/europe.cfm?rgn=132

http://www.supermicro.com/products/motherboard/ATOM/

 

It is harder to find the 2558 based boards, you have to look at places that sell servers etc. The standard consumer circles don't carry these.

 

You certainly could use those cards provided you have pci slots for them, however they do not support the same offloading features as the i354 nic's onboard those Atoms. If you have a 150Mb connection, it might be a consideration seeing you will be using a VPN.

 

OK from what I've found so far it's going to cost in the region of five times more for the Rangeley setup than it would for Kabini/Jaguar re-using my existing Intel Pro NICs. Unfortunately I'm going to have to rule out Rangelely at least for now. Although I appreciate the improved quality and flexibility, C2558 boards would cost me about $450 to $500 equivalent whereas the same in Kabini/Jaguar would be $75 to $80 at most. Looks like I'm going to have to 'make do'.

 

 

Our prices must differ greatly being accross the pond. Can you link me to some of these AMD boards you speak of? I've been piecing info together for my guide as far as hardware and I can find no such hardware as you speak of. The motherboards I find for amd are ~$100+ (For one worth it's salt for running 24 hours a day), the processors ~$150, they don't have compatible NIC's ( I know you have some spare) and they all are half the Mhz and take double the Electricity of the Rangely. Meanwhile, I can find a rangely 2558 for ~$220.


Have my guides helped you? Help me keep helping you, use my referral: userbar.png

How to set up pfSense 2.3 for AirVPN

Friends don't let friends use consumer networking equipment!

Share this post


Link to post

Our prices must differ greatly being accross the pond. Can you link me to some of these AMD boards you speak of? I've been piecing info together for my guide as far as hardware and I can find no such hardware as you speak of. The motherboards I find for amd are ~$100+ (For one worth it's salt for running 24 hours a day), the processors ~$150, they don't have compatible NIC's ( I know you have some spare) and they all are half the Mhz and take double the Electricity of the Rangely. Meanwhile, I can find a rangely 2558 for ~$220.

 

~£25 AM1 Kabini motherboards

~£25 AM1 Kabini dual and quad core CPUs

 

As I said, not earth shattering high end server stuff; but with DDR3, SATA3 and AES support (not to mention integrated DirectX 11 and OGL gfx) they don't seem to be bad budget builds at the price whether for a low end desktop or cheap but flexible router. They have a TDP of 25W and are 28nm process. I know the Atoms can beat that but again, availability and price make the AMD an attractive alternative.

 

Stock is apparently due in soon.

Share this post


Link to post

The AES block cipher - Coursera

 

From 9:34 he explains these new instructions.

Anyway, if you want to inform yourself on how AES works you can watch the whole segment.


NOT AN AIRVPN TEAM MEMBER. USE TICKETS FOR PROFESSIONAL SUPPORT.

LZ1's New User Guide to AirVPN « Plenty of stuff for advanced users, too!

Want to contact me directly? All relevant methods are on my About me page.

Share this post


Link to post

please be aware that the AES-NI is compromised and you should not use it without an additional randomization layer. pfsense 2.1 appears to have the yarrow service i only know that 2.2 will use it.

 

for now DO NOT use aes-ni unless you have taken steps to protect yourself from its weak randomization.

Share this post


Link to post

please be aware that the AES-NI is compromised

 

If you can prove it, post it here. Because the internet is full of "I think"s and "I believe"s.

But yes, the NSA's role here should be considered, see the PRISM slides.


NOT AN AIRVPN TEAM MEMBER. USE TICKETS FOR PROFESSIONAL SUPPORT.

LZ1's New User Guide to AirVPN « Plenty of stuff for advanced users, too!

Want to contact me directly? All relevant methods are on my About me page.

Share this post


Link to post

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...
  • Security Check
    Play CAPTCHA Audio
    Refresh Image

×
×
  • Create New...