Neptune and IPsec
That new NIC of ours rocks. Its best feature: incoming packet classification offload. “What?” you ask? Neptune can route incoming packets the CPUs most closely associated with the packet flows to which those incoming packets belong — and this means lower latency because of hotter caches. Compris?
This classification works on 5-tuples (or hashes thereof), of course: source and destination addresses, next protocol (e.g., TCP, UDP, SCTP), source and destination port numbers.
Curiously absent from the data sheet: IPsec. So I asked and I found out: Neptune can classify just as well by IPsec SA SPI as by plaintext 5-tuples. Of course, so can Solaris, therefore Neptune, Niagara and Solaris fit together well, IPsec or no IPsec.
Excellent.