[dpdk-users] IPSEC-SECGW sample application

Avi Cohen (A) avi.cohen at huawei.com
Mon Jan 8 17:34:54 CET 2018

Previous message: [dpdk-users] IPSEC-SECGW sample application
Next message: [dpdk-users] IPSEC-SECGW sample application
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

 
 Hi  Sandesh  [I added one more question]
 Thank you - I already understood that.
1.  I see in the documentation that this app. Supports only **complete offload**.
 But Intel NICS x540 and 82599 which supports ipsec offload requires that the
 SW will  add/remove the ESP headers How can I run this app with x540 nic ?

 2. I added support for ESP header and trailer insertion for inline-protocol-offload for intel x540
Can you tell me the exact command line to run the application for this mode ?   is vdev required ?
 Best Regards
 Avi
> 
> 
> 
> > -----Original Message-----
> > From: Gowda, Sandesh [mailto:sandesh.gowda at intel.com]
> > Sent: Monday, 08 January, 2018 10:47 AM
> > To: Avi Cohen (A); users at dpdk.org
> > Subject: RE: IPSEC-SECGW sample application
> >
> >
> > Hi Avi,
> >
> >  The application classifies the ports as Protected and Unprotected. Thus,
> traffic
> > received on an Unprotected or Protected port is consider Inbound or
> Outbound
> > respectively.
> > ( Refer : http://dpdk.org/doc/guides/sample_app_ug/ipsec_secgw.html  )
> >
> >  The Packets sent on a  Unprotected network requires Encryption whereas
> > packets on Protected Network can be plain text.
> >  This is the expected behavior.
> >
> >  Regards,
> >  Sandesh
> >
> >
> >
> >
> > -----Original Message-----
> > From: users [mailto:users-bounces at dpdk.org] On Behalf Of Avi Cohen (A)
> > Sent: Sunday, January 07, 2018 9:12 PM
> > To: users at dpdk.org
> > Subject: [dpdk-users] IPSEC-SECGW sample application
> >
> >
> > Hello
> > I'm using the DPDK17.11 and running the sample app. Ipsec_secgw.
> > I have 2 ports port 0 is protected and port 1 is unprotected Traffic is received
> in
> > the unprotected and should be sent to the protected  port  for encryption But
> > the traffic processing for the traffic received in the unprotected port is going
> > through the **process_pkts_inbound ** .
> > I expect that the traffic should be directed to the
> **process_pkts_outbound**
> > [where ESP headers are added etc.] Can someone help ?
> >
> >
> > This is the config file:
> >
> > #SP rules
> > sp ipv4 in esp protect 5 src 1.1.1.2/32 dst 1.1.2.10/32 #SA rules sa in 5
> > cipher_algo aes-128-cbc cipher_key 0:0:0:0:0:0:0:0:0:0:0:0:0:0:0:0 \ auth_algo
> > sha1-hmac auth_key 0:0:0:0:0:0:0:0:0:0:0:0:0:0:0:0:0:0:0:0 \ mode ipv4-tunnel
> > src 172.16.1.5 dst 172.16.2.5 \ type inline-protocol-offload port_id 0 #Routing
> > rules rt ipv4 dst 172.16.2.5/32 port 0 rt ipv4 dst 1.1.2.0/24 port 0 rt ipv4 dst
> > 1.1.1.0/24 port 0
> >
> >
> > and this is the command line to run the applic:
> >
> > ./ipsec-secgw -l 1 -n 2 -- -p 0x3 -P -u 0x2 --config="(0,0,1),(1,0,1)" -f ../ep1.cfg
> >
> >
> > Best Regards
> > Avi

Previous message: [dpdk-users] IPSEC-SECGW sample application
Next message: [dpdk-users] IPSEC-SECGW sample application
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

More information about the users mailing list