[dpdk-dev] [EXT] [PATCH v3] examples/ipsec-secgw: support flow director feature

Anoob Joseph anoobj at marvell.com
Fri Apr 3 12:28:26 CEST 2020

Previous message: [dpdk-dev] [EXT] [PATCH v3] examples/ipsec-secgw: support flow director feature
Next message: [dpdk-dev] [PATCH 0/2] bitmap: add create bitmap with all bits set
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Hi Akhil, Praveen,

Please see inline.

Thanks,
Anoob

> -----Original Message-----
> From: Shetty, Praveen <praveen.shetty at intel.com>
> Sent: Friday, April 3, 2020 3:51 PM
> To: Akhil Goyal <akhil.goyal at nxp.com>; Anoob Joseph <anoobj at marvell.com>;
> dev at dpdk.org; Doherty, Declan <declan.doherty at intel.com>
> Cc: Iremonger, Bernard <bernard.iremonger at intel.com>; Ananyev, Konstantin
> <konstantin.ananyev at intel.com>
> Subject: RE: [EXT] [PATCH v3] examples/ipsec-secgw: support flow director
> feature
> 
> 
> 
> -----Original Message-----
> From: Akhil Goyal <akhil.goyal at nxp.com>
> Sent: Friday, April 3, 2020 11:22 AM
> To: Anoob Joseph <anoobj at marvell.com>; Shetty, Praveen
> <praveen.shetty at intel.com>; dev at dpdk.org; Doherty, Declan
> <declan.doherty at intel.com>
> Cc: Iremonger, Bernard <bernard.iremonger at intel.com>; Ananyev, Konstantin
> <konstantin.ananyev at intel.com>
> Subject: RE: [EXT] [PATCH v3] examples/ipsec-secgw: support flow director
> feature
> 
> > > > diff --git a/examples/ipsec-secgw/ipsec.c
> > > > b/examples/ipsec-secgw/ipsec.c index d40657102..76ee9dbcf 100644
> > > > --- a/examples/ipsec-secgw/ipsec.c
> > > > +++ b/examples/ipsec-secgw/ipsec.c
> > > > @@ -418,6 +418,73 @@ create_inline_session(struct socket_ctx
> > > > *skt_ctx, struct ipsec_sa *sa,
> > > >  	return 0;
> > > >  }
> > > >
> > > > +int
> > > > +create_ipsec_esp_flow(struct ipsec_sa *sa) {
> > > > +	int ret = 0;
> > > > +	struct rte_flow_error err;
> > > > +	if (sa->direction == RTE_SECURITY_IPSEC_SA_DIR_EGRESS)
> > > > +		return 0; /* No Flow director rules for Egress traffic */
> > >
> > > [Anoob] Any reason why this is not relevant for Egress.
> > >
> > > [Praveen] we don't see an use case for load distribution across
> > > ingress queues for outbound IPsec traffic therefore we have limited
> > > this configuration to inbound IPsec processing, as this is the only use case we
> can verify.
> >
> > [Anoob] Why do you say load distribution for ingress queues is not
> > required but is required for egress? I would say the use case is the same in
> either direction.
> >
> > Said that, adding just egress should be fine. I leave this to Akhil's judgement.
> >
> 
> I believe it does not matter for EGRESS in most hardwares, INGRESS flows
> should have distribution. I think your comments are just reverse but The code is
> inline with my understanding.
> 
> [Praveen]
> Current implementation is only for ingress traffic load distribution therefore it is
> applicable only for inbound IPsec traffic.
> 

[Anoob] Yes. I got it reverse. Meant egress instead of ingress and the other way round as well.

I was asking for the rationale behind limiting the scope. Anyway, that can be taken up separately.

Previous message: [dpdk-dev] [EXT] [PATCH v3] examples/ipsec-secgw: support flow director feature
Next message: [dpdk-dev] [PATCH 0/2] bitmap: add create bitmap with all bits set
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

More information about the dev mailing list