TLS aint cheap on the CPU. The trend on Internet traffic is indicating that the majority of internet traffic is being encrypted with TLS. In other words the most common packets are using TLS! For this reason, we need to pay more attention to TLS performance. At 0x14 we have a small TLS festival. And its all about improving performance.

In the first talk, Pawel Szymanski and Manasi Deval that assert the claim that you can achive good performance by letting the CPU do its thing. Use modern CPU instructions like X86 AESNI. They run experiments that compare user-mode TLS, Kernel TLS write and kernel TLS Sendfile to contrast various bottlenecks in each one with regards to encryption and authentication, cost of system calls and the memory bandwidth. They will present their results during the talk. The talk will also provide some insight on which of the three approaches is best suited for different type of application scenarios.

More info: https://netdevconf.info/0x14/session.html?talk-TLS-performance-characterizat...

And in the second TLS talk, Tariq Toukan, Bar Tuaf and Tal Gilboa discuss offloading of TLS to the NIC. They start by reviewing the life cycle of a HW offloaded kTLS connection and the driver-HW interaction in order to support it.

They will then present their experiments where NginX TLS activity is offloaded to the Mellanox ConnectX-6Dx NIC (using mlx5e driver). And finally, they present their experimental results which show significant performance speed-up gained by offloading kTLS operations to the HW.

More info: https://netdevconf.info/0x14/session.html?talk-kTLS-HW-offload-implementatio...

In the third talk, Alexander Krizhanovsky and Ivan Koveshnikov continue their quest(see netdev 0x12 talk) to investigate and improve TLS handshake by moving it into the kernel (currently user space handled).

In continuation from 0x12, Alexander and Ivan have been experimenting with new kernel approaches to reduce some perf culprits involved in completing a TLS handshake, namely dynamic memory allocation and big integer initialization. They will present their results which quantify the new approach. The talk will cover many other perf topics related to TLS handshake.

More info: https://netdevconf.info/0x14/session.html?talk-performance-study-of-kernel-T...

Reminder, registration is now open and early bird is still in effect. https://netdevconf.info/0x14/registration.html

cheers, jamal