sparc64-niagara-ssl-accelerator

Please check the status of this specification in Launchpad before editing it. If it is Approved, contact the Assignee or another knowledgeable person before making changes.

Summary

Niagara and Niagara2 CPU provides a dedicate MAU optimized for SSL operations. Support for this part of the CPU is still lacking from our kernel and userland.

Rationale

SSL operations are quite heavy on general-purpose CPUs. The Niagara CPU has an SSL accelerator which leaves the main CPU to do other work.

Use cases

  • Company foo provides https payment service to tons of customers. They decided for a Niagara solution to kill the SSL bottleneck in their webhosting facility to improve performance, offload the main CPU from these expensive operations and reallocate these cycles to other tasks.

Implementation

  • Add MAU support to the kernel according to specifications. There is no need for a specific driver, but needs to be added as general CPU (Niagara) support code and exported as capability to the system. Basic init code is committed in git (gutsy kernel). See commit dbbe3cb8cff6b494ac2cba6a94dc7aabe7e5b635
  • The MAU exports 3 mathematic operations: Modular multiply, Modular reduction and Modular exponentiation loop. Define how to export them to userland. This will be decide during implementation (copy from kernel to userspace and viceversa can be an expensive operations and access to MAU requires somekind of scheduler/queueing system. At this point in time there are no available data to decide where this code is best implemented).
  • Identify openssl and gnutls code that can be changed to benefit from the MAU and optimize it.

Data preservation and migration

  • SSL testing is not a very simple task and requires a lot of testing to make sure to maintain compatibility with the software implementations. A great level of testing is required for this to happen.

Unresolved issues

  • software that does not SSL via openssl or gnutls will require specific patching. These specific packages might be considered out of scope from this spec.

BoF agenda and discussion

  • Identify packages that are not using openssl or gnutls and evaluate case by case if it is worth their porting to support MAU.
  • Java has been identified as a candidate for direct porting since it has its own SSL implementation.


CategorySpec

sparc64-niagara-ssl-accelerator (last edited 2008-08-06 16:39:31 by localhost)