Intel cpu 8505 with onboard QuickAssistTechnology (qat) support?

[Magician1981]

Greetings,

I have a 2Gb symmetrical fiber connection not being utilized to its fullest due to my current network infrastructure. The plan is to do an upgrade of my j5040 machine to a mini pc that has i226-v nics in it. I came across the intel gold 8505 cpu that has more or less the same cpu horsepower as a n305 with the benefit of a onboard qat and dual channel memory alongside more pci-e lanes.

My question is if qat in the 8505 functions on opnsense with accelerating wireguard vpn traffic?  I will be running additional security like zenarmor, unbound/adguard and perhaps crowdsec.

Thank you.

[pfop]

My question is if qat in the 8505 functions on opnsense with accelerating wireguard vpn traffic?
Thank you.

Hello, no, it will not.
Only pfSense+ will utilize Crypto Offloading for Wireguard as of today.

BR

[franco]

pfop, I'm officially and kindly asking you to quit name-dropping other projects as a first response as it always comes across as advertising more than casual obsession.

To put this in numbers: out of 10 responses 9 are using "pfSense" and 5 are using "pfSense+".


Cheers,
Franco

[Magician1981]

Directing this to the opnsense devs, will this be implemented any time soon?

The dropdown menu under System: Settings: Miscellaneous, shows the option for intel quickassist technology. I'm guessing this only applies for expansion cards?

[meyergru]

The FreeBSD wireguard implementation is somewhat strange - it does not even use the presumably faster original code from the wireguard project.

AFAIR, the FreeBSD code does not make use of existing QAT "hooks" either, so normally, even hardware acceleration would probably not make it any faster.

The other project has substantially modified the implementation (but only in their business product) to use a plugin module (iimb.ko) which leverages a library provided by Intel, which does not even need QAT, but leverages  advanced instruction sets that are available on AMD CPUs as well.

That aside, you can accelerate wireguard right now by a factor of two by using the FreeBSD 14.0 kernel underneath OpnSense.

This has been discussed here before.

[cookiemonster]

meyergru . I noticed you asked how to load a different version of the kernel under OPN and later you seemed to have been able to do it. Can you please point me in the direction of the instructions to achieve it? I'd like to make some tests of my own. Apologies for the hijack of thread.

[Magician1981]

meyergru . I noticed you asked how to load a different version of the kernel under OPN and later you seemed to have been able to do it. Can you please point me in the direction of the instructions to achieve it? I'd like to make some tests of my own. Apologies for the hijack of thread.

I was about to ask the same question.

[meyergru]

# opnsense-update -zkr 14-STABLE -a FreeBSD:14:amd64

[lewald]

Are the others already on BSD 14 ?

[meyergru]

Yes. That is the reason why even the community edition is twice as fast with Wireguard. You can have the same by applying the patch.

[lewald]

Thanks for the answer.
I don't need it myself at the moment because the machines I manage have enough computing power.
But it's good to know that something is coming in the future.