Intel Multi-Buffer Cryptography Libraries on Red Hat Enterprise Linux

Resolution

Installing the Intel multi-buffer libraries requires adding an additional repository from the CentOS ISA SIG and installing the packages.

To add the repository centos-release-isa-override:

dnf -y install https://mirror.stream.centos.org/SIGs/9-stream/extras/x86_64/extras-common/Packages/c/centos-release-isa-override-9-2.el9s.noarch.rpm

Then install the Intel multi-buffer libraries:

dnf -y install intel-ipsec-mb intel-ipp-crypto-mb

Once installed, these libraries can be used directly or indirectly by other software, e.g. DPDK or Intel qatengine.

Software Acceleration With openssl (qatengine)

The Intel multi-buffer libraries may be used to software accelerate applications that utilize openssl. Systems with Intel QAT hardware can also benefit from the flexibility provided by having the software path available.

Note: You do not need Intel QuickAssist Technology (QAT) hardware to leverage the libraries for software acceleration. When hardware acceleration is available, it can be utilized with the qatengine package that is included in RHEL.

This example focuses on HAProxy.

Install the version of qatengine which supports the Intel multi-buffer libraries:

dnf -y install intel-qatengine

Lastly, update HAProxy's configuration to use the TLS/SSL engine.

# cat /etc/haproxy.cfg
global
  ...
  ssl-engine qatengine algo ALL
  ssl-mode-async
  ...

After adding the above configuration, HAProxy can be restarted and TLS/SSL termination will be accelerated.

References

• CentOS ISA SIG documentation
• Intel® QuickAssist Technology (Intel® QAT)