Is Cavium Octeon Hardware acceleration in the Linux kernel?

Hi,

Seeing a lot of Ubiquiti USG-3P appearing on eBay etc for cheap and as it's quite a simple Openwrt conversion I was wondering if the proprietary Cavium Octeon hardware acceleration has been open sourced as of yet.

Would anyone know?

Mainline kernel supports octeon crypto acceleration, should be along lines of openssl engine, probably after installing kernel mode crypto support packages.

https://forum.openwrt.org/t/is-it-possible-to-add-block-ciphers-for-cavium-octeon
Openwrt doesn’t have hardware crypto acceleration implemented because the whole octon family is held back for the most weakest chip in the family.

Not even sure we have multicore implemented either.

That's a fun read, going to grab coffee, thank you for linking it.

first i implemented hw crypto acceleration for the kernel which can be found in the linked thread. second. multicore was always implemented and never missing

3 Likes

Openwrt 24.10-SNAPSHOT installed.

Questions, the wiki looks out of date so I'll update it as it's currently recommending installing SNAPSHOT.

Why does the port configuration differ to the Edgerouter lite, as they're pretty identical hardware?

What are you comparing with?

Port configuration absolutely differs between devices. In modern DSA switch at least br-lan.VL4N and wifi access point (not radio) configs can be copied as sections.

The Unifi Security Gateway(USG-3P) or Edgerouter Lite (ERL) have near identical hardware:
https://openwrt.org/toh/ubiquiti/unifi_security_gateway_3p
https://openwrt.org/toh/ubiquiti/edgerouter_lite

Both are the same chipsets, with 3 independent ethernet ports, no switch is on the printed circuit board. So br-lan of eth1 and eth2 actually harms throughput performance of the USG in the default configuration.

@flygarn12

https://www.insidegadgets.com/wp-content/uploads/2015/06/CN5020.pdf
This SoC have only two network connections and need a switch chip for the 3 ethernet ports. And that switch is named ‘Atheros AR8035 Gigabit PHY x3‘ for booth these two devices.

1 Like

AR8035 is not a switch. its a single port qhy

2 Likes

Thank you for confirming, so is the BR-LAN wrong on the default USG configuration, as if the ports are separate, would this not cause a decrease in performance?

Hardware acceleration works on the USG-3P and ERLite, both max out my PPPoE FTTP connection.

And how much is that?

And what ssl engine does it say you have?

Do you have any measurements or more specific case to proof this?

I have run iperf3 on my ER4 with bridge and it run flat out on about 950Mbps on the ports.

I doubt there will be 1interface/port default setup in OpenWrt and connect them in lan fw zone even though ER4 have the hardware to have a unique mac per port already as is.

And OpenWrt as of now only support in source code to define ports to lan and wan interface.

But already in oem firmware it was supported to have single ports or connected/bridged ports.

The ER4 has a switch though, the USG and ERL just have three independent AR8035 single port phy.
Default in the Stock Debian 7/9 VyOS derived EdgeOS was independent WAN, LAN1 and LAN2 one WAN port, one DHCP server for LAN1 and another for LAN2 for USG/ERL

As far as I see er4 have a single 8-port phy where only 4 is used but no switch.

Is there any advantage to hardware crypto outside of VPN usage?

No, ssh doesn’t really run on any meaningful speed anyway.

1 Like

Does Hardware Offloading work for you?