[dpdk-dev] [PATCH v3 00/13] add eventmode to ipsec-secgw
Lukasz Bartosik
lbartosik at marvell.com
Tue Feb 4 14:58:28 CET 2020
This series introduces event-mode additions to ipsec-secgw.
With this series, ipsec-secgw would be able to run in eventmode. The
worker thread (executing loop) would be receiving events and would be
submitting it back to the eventdev after the processing. This way,
multicore scaling and h/w assisted scheduling is achieved by making use
of the eventdev capabilities.
Since the underlying event device would be having varying capabilities,
the worker thread could be drafted differently to maximize performance.
This series introduces usage of multiple worker threads, among which the
one to be used will be determined by the operating conditions and the
underlying device capabilities.
For example, if an event device - eth device pair has Tx internal port,
then application can do tx_adapter_enqueue() instead of regular
event_enqueue(). So a thread making an assumption that the device pair
has internal port will not be the right solution for another pair. The
infrastructure added with these patches aims to help application to have
multiple worker threads, there by extracting maximum performance from
every device without affecting existing paths/use cases.
The eventmode configuration is predefined. All packets reaching one eth
port will hit one event queue. All event queues will be mapped to all
event ports. So all cores will be able to receive traffic from all ports.
When schedule_type is set as RTE_SCHED_TYPE_ORDERED/ATOMIC, event device
will ensure the ordering. Ordering would be lost when tried in PARALLEL.
Following command line options are introduced,
--transfer-mode: to choose between poll mode & event mode
--event-schedule-type: to specify the scheduling type
(RTE_SCHED_TYPE_ORDERED/
RTE_SCHED_TYPE_ATOMIC/
RTE_SCHED_TYPE_PARALLEL)
Additionally the event mode introduces two modes of processing packets:
Driver-mode: This mode will have bare minimum changes in the application
to support ipsec. There woudn't be any lookup etc done in
the application. And for inline-protocol use case, the
thread would resemble l2fwd as the ipsec processing would be
done entirely in the h/w. This mode can be used to benchmark
the raw performance of the h/w. All the application side
steps (like lookup) can be redone based on the requirement
of the end user. Hence the need for a mode which would
report the raw performance.
App-mode: This mode will have all the features currently implemented with
ipsec-secgw (non librte_ipsec mode). All the lookups etc
would follow the existing methods and would report numbers
that can be compared against regular ipsec-secgw benchmark
numbers.
The driver mode is selected with existing --single-sa option
(used also by poll mode). When --single-sa option is used
in conjution with event mode then index passed to --single-sa
is ignored.
Example commands to execute ipsec-secgw in various modes on OCTEON TX2 platform,
#Inbound and outbound app mode
ipsec-secgw -w 0002:02:00.0,ipsec_in_max_spi=128 -w 0002:03:00.0,ipsec_in_max_spi=128 -w 0002:0e:00.0 -w 0002:10:00.1 --log-level=8 -c 0x1 -- -P -p 0x3 -u 0x1 --config "(1,0,0),(0,0,0)" -f aes-gcm.cfg --transfer-mode event --event-schedule-type parallel
#Inbound and outbound driver mode
ipsec-secgw -w 0002:02:00.0,ipsec_in_max_spi=128 -w 0002:03:00.0,ipsec_in_max_spi=128 -w 0002:0e:00.0 -w 0002:10:00.1 --log-level=8 -c 0x1 -- -P -p 0x3 -u 0x1 --config "(1,0,0),(0,0,0)" -f aes-gcm.cfg --transfer-mode event --event-schedule-type parallel --single-sa 0
This series adds non burst tx internal port workers only. It provides infrastructure
for non internal port workers, however does not define any. Also, only inline ipsec
protocol mode is supported by the worker threads added.
Following are planned features,
1. Add burst mode workers.
2. Add non internal port workers.
3. Verify support for Rx core (the support is added but lack of h/w to verify).
4. Add lookaside protocol support.
Following are features that Marvell won't be attempting.
1. Inline crypto support.
2. Lookaside crypto support.
For the features that Marvell won't be attempting, new workers can be
introduced by the respective stake holders.
This series is tested on Marvell OCTEON TX2.
Deferred to v4:
* Update ipsec-secgw documentation to describe the new options as well as
event mode support.
Changes in v3:
* Move eh_conf_init() and eh_conf_uninit() functions to event_helper.c
including minor rework.
* Rename --schedule-type option to --event-schedule-type.
* Replace macro UNPROTECTED_PORT with static inline function
is_unprotected_port().
* Move definitions of global variables used by multiple modules
to .c files and add externs in .h headers.
* Add eh_check_conf() which validates ipsec-secgw configuration
for event mode.
* Add dynamic calculation of number of buffers in a pool based
on number of cores, ports and crypto queues.
* Fix segmentation fault in event mode driver worker which happens
when there are no inline outbound sessions configured.
* Remove change related to updating number of crypto queues
in cryptodevs_init(). The update of crypto queues will be handled
in a separate patch.
* Fix compilation error on 32-bit platforms by using userdata instead
of udata64 from rte_mbuf.
Changes in v2:
* Remove --process-dir option. Instead use existing unprotected port mask
option (-u) to decide wheter port handles inbound or outbound traffic.
* Remove --process-mode option. Instead use existing --single-sa option
to select between app and driver modes.
* Add handling of PKT_RX_SEC_OFFLOAD_FAIL result in app worker thread.
* Fix passing of req_rx_offload flags to create_default_ipsec_flow().
* Move destruction of flows to a location where eth ports are stopped
and closed.
* Print error and exit when event mode --schedule-type option is used
in poll mode.
* Reduce number of goto statements replacing them with loop constructs.
* Remove sec_session_fixed table and replace it with locally build
table in driver worker thread. Table is indexed by port identifier
and holds first inline session pointer found for a given port.
* Print error and exit when sessions other than inline are configured
in event mode.
* When number of event queues is less than number of eth ports then
map all eth ports to one event queue.
* Cleanup and minor improvements in code as suggested by Konstantin
This series depends on the PMD changes submitted in the following set,
http://patches.dpdk.org/project/dpdk/list/?series=8411
Ankur Dwivedi (1):
examples/ipsec-secgw: add default rte flow for inline Rx
Anoob Joseph (5):
examples/ipsec-secgw: add framework for eventmode helper
examples/ipsec-secgw: add eventdev port-lcore link
examples/ipsec-secgw: add Rx adapter support
examples/ipsec-secgw: add Tx adapter support
examples/ipsec-secgw: add routines to display config
Lukasz Bartosik (7):
examples/ipsec-secgw: add routines to launch workers
examples/ipsec-secgw: add support for internal ports
examples/ipsec-secgw: add event helper config init/uninit
examples/ipsec-secgw: add eventmode to ipsec-secgw
examples/ipsec-secgw: add driver mode worker
examples/ipsec-secgw: add app mode worker
examples/ipsec-secgw: make number of buffers dynamic
examples/ipsec-secgw/Makefile | 2 +
examples/ipsec-secgw/event_helper.c | 1818 +++++++++++++++++++++++++++++++++++
examples/ipsec-secgw/event_helper.h | 335 +++++++
examples/ipsec-secgw/ipsec-secgw.c | 437 +++++++--
examples/ipsec-secgw/ipsec-secgw.h | 86 ++
examples/ipsec-secgw/ipsec.c | 7 +
examples/ipsec-secgw/ipsec.h | 40 +-
examples/ipsec-secgw/ipsec_worker.c | 659 +++++++++++++
examples/ipsec-secgw/ipsec_worker.h | 39 +
examples/ipsec-secgw/meson.build | 4 +-
examples/ipsec-secgw/sa.c | 19 +-
11 files changed, 3349 insertions(+), 97 deletions(-)
create mode 100644 examples/ipsec-secgw/event_helper.c
create mode 100644 examples/ipsec-secgw/event_helper.h
create mode 100644 examples/ipsec-secgw/ipsec-secgw.h
create mode 100644 examples/ipsec-secgw/ipsec_worker.c
create mode 100644 examples/ipsec-secgw/ipsec_worker.h
--
2.7.4
More information about the dev
mailing list