[dpdk-dev] [PATCH] example/ipsec-secgw: ipsec security gateway

Jerin Jacob jerin.jacob at caviumnetworks.com
Thu Mar 10 04:41:41 CET 2016


On Wed, Mar 09, 2016 at 11:54:50PM +0000, Sergio Gonzalez Monroy wrote:
> On 01/02/2016 11:26, Jerin Jacob wrote:
> >On Mon, Feb 01, 2016 at 11:09:16AM +0000, Sergio Gonzalez Monroy wrote:
> >>On 31/01/2016 14:39, Jerin Jacob wrote:
> >>>On Fri, Jan 29, 2016 at 08:29:12PM +0000, Sergio Gonzalez Monroy wrote:
> >>>
> 
> >>>IMO, an option for single SA based outbound processing would be useful
> >>>measuring performance bottlenecks with SA lookup.
> >>>
> >>Hi Jerin,
> >>
> >>Are you suggesting to have an option so we basically encrypt all traffic
> >>using
> >>a single SA bypassing the SP/ACL ?
> >Yes. Basicaly an option to bypass  "rte_acl_classify" if its for single
> >SA use case.
> >
> >
> 
> Hi Jerin,
> 
> After re-reading your comment regarding the single SA I just want to double
> check
> that I understood correctly what you were suggesting.
> 
> Basically an option that we can provide a single SA to use for outbound,
> skipping rte_acl_classify in outbound path.
> That same option would also skip rte_acl_classify in inbound path without
> checking
> that we accept specific traffic for an SA.
> 
> Is that correct?

Yes

> 
> Sergio


More information about the dev mailing list