[dpdk-dev] [EXT] [PATCH] doc: deprecate legacy code path in ipsec-secgw

[Akhil Goyal]

> > >
> > > 30/07/2019 10:48, Akhil Goyal:
> > > > > 30/07/2019 09:20, Akhil Goyal:
> > > > > > > 30/07/2019 07:55, Akhil Goyal:
> > > > > > > > > > > > All the functionality of the legacy code path in now available
> > > > > > > > > > > > in the librte_ipsec library.
> > > > > > > > > > > > It is planned to deprecate the legacy code path in the 19.11
> > > > > > > > > > > > release and remove the legacy code path in the 20.02
> release.
> > > > > > > > > > > >
> > > > > > > > > > > > Signed-off-by: Bernard Iremonger
> > > <bernard.iremonger at intel.com>
> > > > > > > > > > > > Acked-by: Konstantin Ananyev
> <konstantin.ananyev at intel.com>
> > > > > > > > > > > > Acked-by: Fan Zhang <roy.fan.zhang at intel.com>
> > > > > > > > > > > > Acked-by: Akhil Goyal <akhil.goyal at nxp.com>
> > > > > > > > > > > > ---
> > > > > > > > > > > >  doc/guides/rel_notes/deprecation.rst | 5 +++++
> > > > > > > > > > > >  1 file changed, 5 insertions(+)
> > > > > > > > > > > >
> > > > > > > > > > > Acked-by: Anoob Joseph <anoobj at marvell.com>
> > > > > > > > > >
> > > > > > > > > > Applied to dpdk-next-crypto
> > > > > > > > >
> > > > > > > > > Why do we have a deprecation notice for some code path in an
> > > example?
> > > > > > > > > The deprecation notices are for the API.
> > > > > > > > >
> > > > > > > > > I think you can drop the legacy code in 19.11,
> > > > > > > > > and I don't merge this patch in master.
> > > > > > > >
> > > > > > > > We are planning to remove the original code and replace it with
> IPSec
> > > > > > > > library APIs which are still experimental.
> > > > > > > > With this change there won't be any example of the legacy ipsec
> code
> > > path.
> > > > >
> > > > > That's good to drop old code.
> > > > > If someone still wants to look at it, it is in old releases.
> > > > >
> > > > > > > > Applications over DPDK take ipsec-secgw as an example and IPSec
> > > > > > > > is a major use case for customers. There may also be performance
> > > > > > > > differences in the two code paths. Atleast on NXP platforms I saw
> > > > > > > > 5-7% drop when the patches were originally submitted.
> > > > > > > > Not sure what is the current state.
> > > > >
> > > > > That's a different issue you need to solve in the library.
> > > > >
> > > > > > > > I feel it is worth notifying the users that the original codepath is
> > > > > > > > getting deprecated, so that they can plan to move to new IPSec
> APIs.
> > > > >
> > > > > I hope they already planned to move when they saw the new library.
> > > > >
> > > > > > > The deprecation notice is not the right place for a change in an
> example.
> > > > > > > What change is there in IPsec API? In which release?
> > > > > >
> > > > > > IPSec lib was introduced in 1902 release and a few enhancements
> > > > > > are done thereafter.
> > > > > > Previously all IPSec related stuff was done in the application,
> > > > > > now we have IPSec Lib which perform similar work.
> > > > > > There are changes both in datapath as well as control path.
> > > > > > User need to adapt to the recent changes, as we may no longer
> > > > > > support/maintain the datapath/control path which was done previously
> > > > > > and there may be some conflict.
> > > > >
> > > > > So the real DPDK change is to have a new library in 19.02.
> > > > >
> > > > > > If deprecation notice is not the right place,
> > > > > > then where should it be notified before actually making the change.
> > > > >
> > > > > It has already been notified in "New Features" of 19.02
> > > > > that there is an IPsec library. What do you want to notify more?
> > > > > Again, the example is not supposed to be a real application.
> > > > > If you want to maintain an IPsec application with better quality rules,
> > > > > I suggest to start a new git repository for it.
> > > >
> > > > OK got your point, but in that case, I would say, legacy code shall not be
> > > removed
> > > > Until we have the ipsec lib as experimental.
> > > > User should have both the code paths as long as we have ipsec library
> > > experimental.
> 
> Not sure why it is needed?
There is some performance gap. Original Idea for ipsec lib was to have
better performing APIs. How much gain is observed using these APIs on intel?
Do we have data? Atleast on NXP devices, these are not performing better.

> Why DPDK sample app can't use DPDK experimental API as it is,
> without some alternate code-path?

Sample app can use experimental APIs as is. There is no issue with that.
The intent is just to notify the users that it will be removed so that they
can be ready for change in their code. 

> 
> > >
> > > That's your take.
> > > When do you plan to remove experimental status of IPsec library?
> > >
> > There have been addition of some functionality in this release cycle. I would
> say we
> > can wait for 1 release cycle for some fixes or changes which may be required.
> > If it looks stable in next release cycle, we can make formal in DPDK 2002.
> 
> If we'll leave legacy code in 19.11, does it mean we'll have to
> support it for next 2 years (LTS cycle)?

The original intent of this patch was also to remove the legacy code in 2002 release and
not in 1911. Moreover, it is the application code that we need to remove. We can get that patch
backported to the 19.11.1 release as well. Then it would be same.

> Konstantin