Please forgive my poor websearching abilities. Is there any benefit to having AVX-512 in the context of OPNsense? Did I get that mixed up with AES-NI?
To the first question: Possibly, but if you are, for instance, bench racing Arrow Lake vs. Zen 5, for roughly cost-equivalent parts you probably wouldn't experience a meaningful difference. Unless you find a piece of software that heavily utilizes AVX512 specifically, in which case it can make a significant difference. I could see using vector instructions for bulk data processing, e.g. an IPS, but it's not something I use.
As to the second, AES-NI is an SSE-era vector extension, so it's in the ballpark. It's been around for a while, with 128b and 256b implementations (no 512b that I've seen) and one or two available execution units (per core), depending on the processor. I have no idea how the FreeBSD kernel driver implements it. One of these days I'll get around to testing it. For the heck of it, as I don't use VPNs either.
Why do you ask?
Quote from: pfry on September 30, 2025, 05:29:42 AMWhy do you ask?
I was just wondering if there were any functions that OPNsense used that benefited from AVX-512? I remember that AES-NI is used, but I could not remember the other.
Quote from: carly on September 30, 2025, 04:13:02 PMI was just wondering if there were any functions that OPNsense used that benefited from AVX-512? I remember that AES-NI is used, but I could not remember the other.
Ya got me. I wouldn't consider AVX512 as a significant input into a purchasing decision for hardware to run OPNsense. It would generally vanish beneath cost, power, I/O options, noise, size, etc. But your choices may differ.
I think the context is askew.
Enabling available extensions (or support for) allows more features to be utilized, but at the same time it also exposes some risk.
AVX512 is a set of 19 unique extensions. A CPU may have it, but will be useless to a binary unless the code was written to utilize the extensions and the compiler includes the extensions. I don't see OPNsense as heavy computational on large data sets. I think the best OPNsense (fw) would get would be performance bump in cyrpto operations, but again, OPNsense (fw) I don't think is on that level of crypto processing.