[dpdk-dev] Ipsec-secgw packet processing

satyavalli rama satyavalli.rama at gmail.com
Fri Aug 28 20:06:00 CEST 2020

Previous message: [dpdk-dev] [EXT] Re: Ipsec-secgw packet processing
Next message: [dpdk-dev] [PATCH v2] mempool: enhance dump function to print ops name
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

> Hi
>
 Please give us some inputs to proceed.


> We are using the following hardware details,
> HOST: x722 (i40e) intel.
> VM: e1000 (82540) intel.
>
> We have launched Virtual machine on host , and executing ipsec-secgw
> application on VM.
>
> Please find below the CLI and configuration for TRANSPORT MODE.
>
> CLI:
>
> ./build/ipsec-secgw -l 0 -n 4 --socket-mem 1024,0 --vdev "crypto_null" --
> -p 0x3 -P -u 0x1 --config="(0,0,0),(1,0,0)" -f ep0.cfg
>
> #TRANSPORT:
>
> #SP IPv4 rules
> sp ipv4 out esp protect 10 pri 1 dst 192.168.122.0/24 sport 0:65535 dport
> 0:65535
>
> #SA rules
> sa out 10 cipher_algo aes-128-cbc cipher_key
> a1:a1:a1:a1:a1:a1:a1:a1:a1:a1:a1:\
> a1:a1:a1:a1:a1 auth_algo sha1-hmac auth_key
> a1:a1:a1:a1:a1:a1:a1:a1:a1:a1:a1:\
> a1:a1:a1:a1:a1:a1:a1:a1:a1 mode transport
>
> #Routing rules
> rt ipv4 dst 192.168.122.0/24 port 1
>
>
> Please find below the CLI and configuration for TUNNEL MODE.
>
> CLI:
>
> ./build/ipsec-secgw -l 0 -n 4 --socket-mem 1024,0 --vdev "crypto_null" --
> -p 0x3 -P -u 0x1 --config="(0,0,0),(1,0,0)" -f ep0.cfg
>
> #TUNNEL End Point-0:
>
> #SP IPv4 rules
> sp ipv4 out esp protect 5 pri 1 dst 192.168.122.0/24 sport 0:65535 dport
> 0:65535
>
> #SA rules
> sa out 5 cipher_algo aes-128-cbc cipher_key
> 0:0:0:0:0:0:0:0:0:0:0:0:0:0:0:0 \
> auth_algo sha1-hmac auth_key 0:0:0:0:0:0:0:0:0:0:0:0:0:0:0:0:0:0:0:0 \
> mode ipv4-tunnel src 192.168.122.96 dst 192.168.122.213
>
> #Routing rules
> rt ipv4 dst 192.168.122.0/24 port 1
>
> On Tue, 18 Aug, 2020, 4:29 pm Anoob Joseph, <anoobj at marvell.com> wrote:
>
>> Hi Satya,
>>
>> Are you attempting to enable inline protocol (IPsec) functionality? If
>> yes, which PMD (& h/w) are you using for the same?
>>
>> Thanks,
>> Anoob
>>
>> > -----Original Message-----
>> > From: dev <dev-bounces at dpdk.org> On Behalf Of satyavalli rama
>> > Sent: Tuesday, August 18, 2020 4:08 PM
>> > To: dev at dpdk.org; users at dpdk.org
>> > Subject: Re: [dpdk-dev] Ipsec-secgw packet processing
>> >
>> > We further debugged and we observed that while running ipsec-secgw
>> > application in transport-mode dpdk-19.02/11, we found that inline packet
>> > processing is not happening.
>> > We observed that ol_flags is not setting from driver level. We are
>> expecting
>> > that , because of ol_flags not set , inline packet processing is not
>> > happening.Any idea What could be the reason for this, I think ol_flags
>> will be
>> > configured from driver level Or else do we need to provide any external
>> > configuration for setting ol_flags.
>> > And also we are not observing encrypt/decrypt packets on pdump before
>> > sending packets out from tx-port(rte_eth_tx_burst()).
>> > Please help us on this...to proceed further.
>> >
>> > Thanks & Regards
>> > Satya
>> >
>> >
>> >
>> > On Mon, 17 Aug, 2020, 4:11 pm satyavalli rama, <
>> satyavalli.rama at gmail.com>
>> > wrote:
>> >
>> > >
>> > > Hello,
>> > >
>> > > While we are running ipsec-secgw application in transport-mode on
>> > > dpdk-19.02, we found that inline packet processing is not happening.
>> > >
>> > > And also we are not observing any encrypt/decrypt packets on pdump
>> > > before sending packets out from tx-port(rte_eth_tx_burst()).
>> > >
>> > > Please help us on how to proceed further.
>> > >
>> > > Thanks,
>> > > Jagadeesh
>> > >
>> > >
>>
>

Previous message: [dpdk-dev] [EXT] Re: Ipsec-secgw packet processing
Next message: [dpdk-dev] [PATCH v2] mempool: enhance dump function to print ops name
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

More information about the dev mailing list