383
Configuring crypto engines
Overview
Crypto engines encrypt and decrypt data for service modules. Crypto engines include the following
types:
•
Hardware crypto engines
—A hardware crypto engine is a coprocessor integrated on a CPU or
hardware crypto card. Hardware crypto engines can accelerate encryption/decryption speed,
which improves device processing efficiency. You can enable or disable hardware crypto engines
globally as needed.
•
Software crypto engines
—A software crypto engine is a set of software encryption algorithms. The
device uses software crypto engines to encrypt and decrypt data for service modules. They are
always enabled. You cannot enable or disable software crypto engines.
The switch only supports software crypto engines in the current software version.
Crypto engines provide encryption/decryption services for service modules, for example, the IPsec
module. When a service module requires data encryption/decryption, it sends the desired data to a
crypto engine. After the crypto engine completes data encryption/decryption, it sends the data back to
the service module.
Displaying and maintaining crypto engines
Execute
display
commands in any view and
reset
commands in user view.
Task Command
Display information about crypto engines.
display crypto-engine
Display statistics for crypto engines.
display crypto-engine statistics
[
engine-id
engine
-
id
slot
slot-number
]
Clear statistics for crypto engines.
reset crypto-engine statistics
[
engine-id
engine
-
id
slot
slot-number
]