[dpdk-users] DPDK-19.11 : IPSEC-SECGW tests not successful
Joshi, Venkatesh
venkatesh.joshi at hpe.com
Wed Jul 22 18:05:13 CEST 2020
Hi Fiona,
Here are the command-lines:
For the Intel Board 1:
-------------------------
./build/ipsec-secgw -l 1 -n 4 -w b3:00.0 -w b3:00.1 -w 67:01.0 -- -P -p 0x3 -u 1 --config="(0,0,1),(1,0,1)" -f ./ep0-intel-board1.cfg
ep0-intel-board1.cfg:
-------------------------
#SP IPv4 rule - for outgoing (to crb-3)
sp ipv4 out esp protect 1000 pri 5 dst 40.1.1.0/24 sport 0:65535 dport 0:65535
#SA rules
sa out 1000 cipher_algo aes-128-cbc cipher_key a0:a0:a0:a0:a0:a0:a0:a0:a0:a0:a0:a0:\
a0:a0:a0:a0 auth_algo sha1-hmac auth_key a0:a0:a0:a0:a0:a0:a0:a0:a0:a0:a0:a0:\
a0:a0:a0:a0:a0:a0:a0:a0 mode ipv4-tunnel src 20.1.1.50 dst 20.1.1.20
#SP IPv4 rule - for incoming (to IXIA)
sp ipv4 in esp protect 1010 pri 5 dst 20.1.1.50/32 src 20.1.1.20/32 sport 0:65535 dport 0:65535
#SA rules
sa in 1010 cipher_algo aes-128-cbc cipher_key a0:a0:a0:a0:a0:a0:a0:a0:a0:a0:a0:a0:\
a0:a0:a0:a0 auth_algo sha1-hmac auth_key a0:a0:a0:a0:a0:a0:a0:a0:a0:a0:a0:a0:\
a0:a0:a0:a0:a0:a0:a0:a0 mode ipv4-tunnel src 20.1.1.20 dst 20.1.1.50
#Routing rules
rt ipv4 dst 20.1.1.20/32 port 1
rt ipv4 dst 30.1.1.10/32 port 0
For the Intel Board 2:
-------------------------
./build/ipsec-secgw -l 1 -n 4 -w 17:00.0 -w 17:00.1 -w 67:01.0 -- -P -p 0x3 -u 1 --config="(0,0,1),(1,0,1)" -f ./ep1-intel-board2.cfg
ep1-intel-board2.cfg:
----------------------
#SP IPv4 rule - for outgoing (from IXIA)
sp ipv4 out esp protect 1010 pri 1 dst 30.1.1.0/24 sport 0:65535 dport 0:65535
#SA rules
sa out 1010 cipher_algo aes-128-cbc cipher_key a0:a0:a0:a0:a0:a0:a0:a0:a0:a0:a0:a0:\
a0:a0:a0:a0 auth_algo sha1-hmac auth_key a0:a0:a0:a0:a0:a0:a0:a0:a0:a0:a0:a0:\
a0:a0:a0:a0:a0:a0:a0:a0 mode ipv4-tunnel src 20.1.1.20 dst 20.1.1.50
#Routing rules
rt ipv4 dst 20.1.1.50/32 port 1
Regards,
Venkatesh
-----Original Message-----
From: Trahe, Fiona [mailto:fiona.trahe at intel.com]
Sent: Wednesday, July 22, 2020 5:15 PM
To: Joshi, Venkatesh <venkatesh.joshi at hpe.com>; users at dpdk.org
Cc: Trahe, Fiona <fiona.trahe at intel.com>
Subject: RE: DPDK-19.11 : IPSEC-SECGW tests not successful
Have you tried using --log-level=8 (or ="qat,8") on your process commandline?
In conjunction with rebuilding with
CONFIG_RTE_LOG_DP_LEVEL=RTE_LOG_DEBUG
this should show if any cryptodev ops are being sent to QAT PMD.
Something else to try would be - can you run either
dpdk-test-crypto-perf or the unit test application - just to validate that the process can run crypto on QAT PMD ok.
Your setup for QAT looks ok.
Also could you share the command-line you're using for each process please.
> -----Original Message-----
> From: users <users-bounces at dpdk.org> On Behalf Of Joshi, Venkatesh
> Sent: Wednesday, July 22, 2020 8:51 AM
> To: users at dpdk.org
> Subject: [dpdk-users] DPDK-19.11 : IPSEC-SECGW tests not successful
>
> Hi,
>
> I'm not able to successfully run the IPSEC-SECGW tests with DPDK-19.11. I have followed the guide
> published at doc.dpdk.org but still not able to get things right.
>
> Please help me figure out what could be wrong.
>
> Here are the setup details:
>
> Network Diagram:
> ------------------
> XL710 XL 710
> |---------------------|Port 1 IPSEC Tunnel Port 1|----------------------|
> | Intel board 1 |<-------------------------------------->| Intel board 2 |
> |---------------------| |----------------------|
> Port 0 ^ ^ Port 0 (XL710)
> (XL710) | |
> | |--------------------------------| |
> -------->|7 IXIA 4|<-------------------
> |--------------------------------|
>
> * Linux kernel: 4.14
> * DPDK version: 19.11
> * All ports are 40G ports (XL710 NICs)
> * The intel board is: Intel(R) Xeon(R) Gold 5220 CPU
> - has a single socket, 18 cores, 2 threads per core
> * The QAT card: C62x
>
>
> Issue:
> --------
> * Traffic is sent from IXIA Port 4 to IXIA port 7:
> - This is IP/UDP traffic of size 1024 bytes
> - The dst mac is set to the MAC of port 0 of the XL710 NIC of Intel board 2
> - The src ip: 40.1.1.10, dst ip: 30.1.1.10
> - No packets are received on IXIA Port 7
> - On further debugging: Packets are not getting forwarded out of the IPSEC tunnel from Intel board 2.
>
> On Intel board 1:
> -------------------
> XL710 Port 0: b3:00.0 - bound to vfio-pci
> XL710 Port 1: b3:00.1 - bound to vfio-pci
> QAT VF: 0000:67:01.0 'Device 37c9' drv=vfio-pci
>
> Endpoint 0 config file: attached
> Command-line and output file: attached
>
> On Intel board 2:
> -------------------
> XL710 Port 0: 17:00.0 - bound to vfio-pci
> XL710 Port 1: 17:00.1 - bound to vfio-pci
> QAT VF: 0000:68:01.0 'Device 37c9' drv=vfio-pci
>
> Endpoint 1 config file: attached
> Command-line and output file: attached
>
>
> DPDK:
> -------
> - config has the following set:
> CONFIG_RTE_LIBRTE_PMD_QAT=y
> CONFIG_RTE_LIBRTE_PMD_QAT_SYM=y
>
> QAT driver version: qat1.7.l.4.9.0-00008
> -------------------------------------------
> Makefile has: ICP_SRIOV_AM=1
> ./configure --enable-icp-sriov=host
>
>
> Please let me know if any additional information is required.
>
>
> Regards,
> Venkatesh
>
>
> -------------- next part --------------
> An embedded and charset-unspecified text was scrubbed...
> Name: intel-board1-cmdline-and-output.txt
> URL: <http://mails.dpdk.org/archives/users/attachments/20200722/3050bab3/attachment.txt >
> -------------- next part --------------
> An embedded and charset-unspecified text was scrubbed...
> Name: intel-board2-cmdline-and-output.txt
> URL: <http://mails.dpdk.org/archives/users/attachments/20200722/3050bab3/attachment-0001.txt >
More information about the users
mailing list