Does ET8 Have AES Hardware Acceleration? How To Check Other Models?

HarryMuscle

Regular Contributor
I'm doing research to figure out which router to get to replace my current one that's proving under powered and one of the things I care about is whether the router has AES hardware acceleration for VPN. Currently I'm looking at the ET8 model which has a Broadcom 6755 CPU apparently. Does anyone know if it has AES hardware acceleration?

Also, is there a database or any other resource that would tell me which Broadcom CPUs have AES hardware acceleration? It's fairly easy to find which router has which CPU but I haven't found any source yet for whether that CPU has AES acceleration. If such a resource exists it would save me from posting here and asking about this as I look at various possible routers.

Thanks,
Harry
 

L&LD

Part of the Furniture
With only a quad-core 1.5GHz CPU, I would guess no AES (conservatively).

Also keep in mind that even if a certain CPU does have AES, it still needs to be enabled/supported on the device you're looking at too.
 

sfx2000

Part of the Furniture
Also keep in mind that even if a certain CPU does have AES, it still needs to be enabled/supported on the device you're looking at too.

Per @RMerlin - HND devices have kernel mode support for the AES extensions...
 

tgl

Senior Member
I'm doing research to figure out which router to get to replace my current one that's proving under powered and one of the things I care about is whether the router has AES hardware acceleration for VPN.
Do you have actual, concrete reasons to believe that that matters?

I don't pretend to know the answer to that, but I did some googling about it, and almost immediately found this discussion on the OpenWRT forums. That says that it's not at all clear that hardware support for AES actually matters for routers, basically because (IIUC) the overhead of getting the data into and out of a crypto coprocessor swamps the benefit until you get to block sizes significantly larger than a TCP packet. Maybe those guys don't know what they're talking about, or maybe the discussion doesn't apply to ASUS hardware, but I'm a little suspicious of treating this point as a high priority for buying decisions.
 

sfx2000

Part of the Furniture
Well - OpenVPN will always have issues with memory and context thrashing, as it is a userland application, and with ARMv8a, there's also the EL0 to EL1 context shifts as well.

That being said - OpenVPN will perform better in UDP transport, as there you can use larger frame sizes...

The HND based platforms do perform well, compared to the earlier broadcom hardware/SDK's.

The OpenWRT threads are interesting, but do not apply here - as they don't use the vendor API's generally, they also do not benefit from the network flow tricks that the vendors implement in their SDK's.
 

tgl

Senior Member
Anyway, to answer the question directly: I have an ET8 at hand, and it shows

# cat /proc/cpuinfo
processor : 0
model name : ARMv7 Processor rev 5 (v7l)
BogoMIPS : 100.00
Features : half thumb fastmult vfp edsp neon vfpv3 tls vfpv4 idiva idivt vfpd32 lpae
CPU implementer : 0x41
CPU architecture: 7
CPU variant : 0x0
CPU part : 0xc07
CPU revision : 5

(plus three more cores just like that one). So confirmed, there's no in-CPU AES support. I don't know how to tell if they've got any sort of outboard crypto engine, though.
 

tgl

Senior Member
That just says that busybox is running in Armv7A...

/proc is direct from the kernel, though, and the kernel also reports being built for armv7l. Are you claiming they run their userland inside a full-blown VM that's emulating different hardware than the real iron? It's hard to imagine that anyone would expend the resources to do that on a consumer router.

By the by, this surely is not a Broadcom 6755, though it may be a related SoC: a quick google search says the 6755 is integrated ARM CPU plus WiFi hardware, and it only does 2.4 + 5GHz bands. Broadcom has other chips that support 6GHz, so I'm okay with the assumption that it is a Broadcom chip ... just not a 6755. (Perhaps the XT8 uses a 6755? Dunno.)
 

tgl

Senior Member
Both have almost 1:1 hardware - BCM6755 for 2x2 2.4GHz + 2x2 5GHz and BCM43684 for 4x4 5GHz (XT8) and 6GHz (ET8).
Oh, 6755 for the 2.4GHz and 5GHz-1 radios and then a different chip for the backhaul radio? Got it, that does seem to make sense.
 

Tech9

Part of the Furniture
Yes, some RF components around second radio may be different. ET8 is basically XT8 copy/paste + some edit work.
 

RMerlin

Asuswrt-Merlin dev
@RMerlin - I've gone on record as HND supporting thing - am I wrong here?
What do you mean by "support"? No particular support should be needed since OpenVPN is just your average encapsulated TLS connection.
 

RMerlin

Asuswrt-Merlin dev
What matters are the CPU Features returned by /proc/cpuinfo, not the kernel architecture. On BCM49xx, Asuswrt compiles the kernel as 64-bit ARMv8, but runs all the userspace code (like OpenVPN and it's OpenSSL crypto backend) as 32-bit ARMv7.

BCM4912 returns this for Features:

Code:
Features    : fp asimd evtstrm aes pmull sha1 sha2 crc32 cpuid
 

sfx2000

Part of the Furniture
What do you mean by "support"? No particular support should be needed since OpenVPN is just your average encapsulated TLS connection.

Thx. You answered it in the post above, much appreciated
 

RMerlin

Asuswrt-Merlin dev
Thx. You answered it in the post above, much appreciated
One interesting thing tho is I have seen in a recent SDK changelog that Broadcom specifically fine tuned CPU interrupts to improve OpenVPN throughput - it was explicitly mentionned. So at least that does tell us that Broadcom cares about OpenVPN.
 

Latest threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top