[tor-relays] Does Tor work with Intel QAT acceleration

Tue Apr 12 06:12:56 UTC 2022

Hello Alex

Thank you for your nice hint ot QAT_Engine.

Yes, in theory it really seems to be possible. Looking at the Github repo of the QAT_Engine, it looks like there are still some issues with OpenSSL 3.0:
Support for QAT HW ECX, QAT SW ECX, QAT HW PRF and QAT HW HKDF is disabled when built
against OpenSSL 3.0 due to known issues instead it uses non-accelerated implementation
from OpenSSL.I'm on Ubuntu 20.04, so I should be still using OpenSSL 1.x. There are plans for switching to OpenSSL 3.0 in Ubuntu 22.04. We'll see...

So, one really has to test and I need to think about it. Wouldn't be a cheep test, but if this platform can give me a medium power system (~50W) and great speed, then it's definitively what I'm looking for. Otherwise I would prefer a Ryzen like the 5750GE.

Andreas

On Tuesday, April 12, 2022 03:42 CEST, Alex Xu <alex at alxu.ca> wrote:
 Excerpts from Andreas Bollhalder's message of April 10, 2022 3:32 pm:
>
> Hi all
>
> I have my first Tor relay up und running. It's currently installed on a little desktop computer with an Intel i5 9500T CPU. My Internet connection is 10Gb/s symetric. From this bandwidth, I would be able to spend a good part for supporting the Tor network.
>
> With that little machine, it seems that it would max out at somewhere at ~30 MBytes/s. For my definitive Tor relay hardware, I'm currently researching some options, which would be capable of handling Tor traffic at the rate of 200 to 300MBytes. Even it would be used nowadays, but who knows whats coming in the future and I hope this relay would last 5 years ore so.
>
> It looks to me, that with a normal CPU, it's impossible to reach my goal. But then I encountered, that Intel has the Quick Assist Technoloy (QAT) integrated in some of their products (ie. Atom C3xx8). This QAT can be used with OpenSSL as a hardware accelerator for encryption. There also exist dedicated PCIe cards with QAT (ie. Netgate CPIC-8955).
>
> Searching the Internet, I couldn't find any information if QAT would be helpful with Tor. But Tor uses the OpenSSL library and this can use the QAT acceleration. Is there anyone who has tried this und can share his expirience?
>
> Thanks in advance
> Andreas
> _______________________________________________
> tor-relays mailing list
> tor-relays at lists.torproject.org
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
>

In theory, you should be able to enable QAT with "HardwareAccel 1" on
OpenSSL 1.x after installing https://github.com/intel/QAT_Engine. I'm
not sure about the process for OpenSSL 3.0; I believe it involves
editing OPENSSLDIR/openssl.cnf.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.torproject.org/pipermail/tor-relays/attachments/20220412/b9623613/attachment-0001.htm>