<!DOCTYPE html>
<html>
  <head>

    <meta http-equiv="content-type" content="text/html; charset=UTF-8">
  </head>
  <body>
    <p>Hello,</p>
    <p>    In would kindly ask you if anynone can share theis experience
      with HW acceleration/offloading of TLS operations.  In 1.8.0,
      experimental QAT support was announced. Is anyone using it?  We
      have a lot of TLS sessions due to DoT. When running it on bare
      metal HW (Xeon 5217/EPYC 7313) we are struggling with CPU load. I
      am considering a HW upgrade and going for Xeon 5520 or 6538 with
      build-in accelerators - if they can be used of course. Preferably
      on Debian Linux.</p>
    <p _d-id="70877"><span _d-id="83841"
class=" --l alignedSentenceHighlight-module--alignedSentenceHighlight--e599c alignedSentenceHighlight-module--partialHighlightAnimationWeb--324f1 bg-[#E1F0F5] text-[#25282D] sentence_highlight"><span
          _d-id="83844"
          class="--l --r hover:bg-[#B4DAE8] hover:dark:bg-blue-600">I</span>
        <span _d-id="83848"
          class="--l --r hover:bg-[#B4DAE8] hover:dark:bg-blue-600">have</span>
        <span _d-id="83852"
          class="--l --r hover:bg-[#B4DAE8] hover:dark:bg-blue-600">a</span>
        <span _d-id="83856"
          class="--l --r hover:bg-[#B4DAE8] hover:dark:bg-blue-600">few</span>
        <span _d-id="83860"
          class="--l --r hover:bg-[#B4DAE8] hover:dark:bg-blue-600">questions</span>
        <span _d-id="83864"
          class="--l --r hover:bg-[#B4DAE8] hover:dark:bg-blue-600">-</span>
        <span _d-id="83868"
          class="--l --r hover:bg-[#B4DAE8] hover:dark:bg-blue-600">maybe</span>
        <span _d-id="83872"
          class="--l --r hover:bg-[#B4DAE8] hover:dark:bg-blue-600">someone</span>
        <span _d-id="83876"
          class="--l --r hover:bg-[#B4DAE8] hover:dark:bg-blue-600">here</span>
        <span _d-id="83880"
          class="--l --r hover:bg-[#B4DAE8] hover:dark:bg-blue-600">can</span>
        <span _d-id="83884"
          class="--l --r hover:bg-[#B4DAE8] hover:dark:bg-blue-600">advise</span>
        <span _d-id="83888"
          class="--l --r hover:bg-[#B4DAE8] hover:dark:bg-blue-600">me</span><span
          _d-id="83891"
          class="--l --r hover:bg-[#B4DAE8] hover:dark:bg-blue-600">:</span></span></p>
    <p>    1. What do I need to do to enable acceleration? My
      understanding is QAT device must be initialized (QAT lib, qatmgr),
      dnsdist has to call loadTLSProvider(). Does OpenSSL have do be
      compiled also with QAT support and configured to use QAT
      providers?<br>
          2. Some Xeon CPUs have two QAT units. Is it somehow
      transparent to the applications? Does it simply mean that it is
      more powerful or does it have to be taken info account in
      configuration?<br>
    </p>
    <p>My AMD EPYC 7313  CPUs have hw support for AES-NI. From my
      understanding OpenSSL and dnsdist benefit from that and it is
      completely transparent, am I right? <br>
    </p>
    <p>Many thanks</p>
    <p>Aleš<br>
    </p>
    <br>
  </body>
</html>