对于openvpn性能加速的研究结果

对openvpn site to site或者remote access方式的性能加速有三种方法可以进行
1：设置MTU值。对不同的加密算法设置的MTU值也不同。可以起到几倍的速度提升。
具体文章：
http://community.openvpn.net/openvpn/wiki/Gigabit_Networks_Linux
2：使用支持AES-NI加速功能的cpu
http://en.wikipedia.org/wiki/AES_instruction_set
有人测试结果发现。速度有10多倍的提升。但是只是针对于AES的加密
3：采用支持AES-NI加速的CPU，同时采用openssl并搭配OpenSSL的AES-NI补丁可以将AES-128-CBC的速度提升7倍
三者结合起来，可以使得千兆网卡的openvpn传输速度上达到700-800兆的性能
至于购买什么ssl加速卡都是浮云。
目前的sandy bridge、ivy bridge架构的cpu都内置了AES-NI加速功能，即AES算法的加解密功能。
Intel[3]
Intel Westmere based processors, specifically:
Intel Westmere-EP (Xeon 56xx) (a.k.a. Gulftown Xeon 5600-series DP server model) processors.
Intel Clarkdale processors (except Core i3).
Intel Arrandale processors (except Core i3, Core i5-4XXM).
Intel Sandy Bridge processors:
Desktop: all except Pentium, Celeron, Core i3,[4][5]
Mobile: all Core i7 and Core i5. Though the Intel web pages originally listed the 2630QM and 2635QM as not supporting it, those web pages have been updated to indicate that they do.[6][7] Several vendors have shipped BIOS configurations with the extension disabled,[8] requiring a BIOS update to fix.[9]
Intel Ivy Bridge processors
All i5, i7, Xeon and i3-2115C[10] only.
Intel has a list of processors that support AES-NI on their web site[11]
AMD
AMD Bulldozer based processors.[12]
再加上openssl的AES-NI的补丁。性能可以翻10多倍.