[dpdk-dev] [PATCH v4 0/5] integrate librte_ipsec SAD into ipsec-secgw

Akhil Goyal akhil.goyal at nxp.com
Fri Jan 17 13:26:41 CET 2020

Previous message: [dpdk-dev] [PATCH v4 0/5] integrate librte_ipsec SAD into ipsec-secgw
Next message: [dpdk-dev] [PATCH v4 0/5] integrate librte_ipsec SAD into ipsec-secgw
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Hi Vladimir,

The lookup logic for SAD has been brought more closer to real use case, but it looks very high on CPU and should be optimized. We cannot have 10-15% drop because of this change in SA lookup for small packet(82B) sizes where CPU is bottleneck. For large packet sizes it will not impact.

> 
> Hi Vladimir,
> 
> There is more than 10% drop with this patchset on NXP hardware with both
> legacy mode and the ipsec lib mode. This would need some debugging.
> Didn't you see any drop on intel?
> 
> Regards,
> Akhil
> 
> >
> > This series integrates SA database (SAD) capabilities from ipsec library.
> > The goal is to make ipsec-secgw RFC compliant regarding inbound SAD.
> > Also patch series removes hardcoded limitation for maximum number of SA's
> > and SP's.
> >
> > v4:
> >  - put tunnel SA's into SAD with SPI_ONLY type for performance reason
> >
> > v3:
> >  - parse SA and SP into sorted array instead of linked list
> >
> > v2:
> >  - get rid of maximum sp limitation
> >
> > Vladimir Medvedkin (5):
> >   ipsec: move ipsec sad name length into .h
> >   examples/ipsec-secgw: implement inbound SAD
> >   examples/ipsec-secgw: integrate inbound SAD
> >   examples/ipsec-secgw: get rid of maximum sa limitation
> >   examples/ipsec-secgw: get rid of maximum sp limitation
> >
> >  examples/ipsec-secgw/Makefile      |   1 +
> >  examples/ipsec-secgw/ipsec-secgw.c |   4 +-
> >  examples/ipsec-secgw/ipsec.h       |  11 +-
> >  examples/ipsec-secgw/meson.build   |   2 +-
> >  examples/ipsec-secgw/parser.c      |   4 +
> >  examples/ipsec-secgw/parser.h      |   9 ++
> >  examples/ipsec-secgw/sa.c          | 256 +++++++++++++++++++++++-------------
> -
> >  examples/ipsec-secgw/sad.c         |  90 +++++++++++++
> >  examples/ipsec-secgw/sad.h         |  74 +++++++++++
> >  examples/ipsec-secgw/sp4.c         | 114 ++++++++++++-----
> >  examples/ipsec-secgw/sp6.c         | 112 +++++++++++-----
> >  lib/librte_ipsec/ipsec_sad.c       |  20 +--
> >  lib/librte_ipsec/rte_ipsec_sad.h   |   2 +
> >  13 files changed, 528 insertions(+), 171 deletions(-)
> >  create mode 100644 examples/ipsec-secgw/sad.c
> >  create mode 100644 examples/ipsec-secgw/sad.h
> >
> > --
> > 2.7.4

Previous message: [dpdk-dev] [PATCH v4 0/5] integrate librte_ipsec SAD into ipsec-secgw
Next message: [dpdk-dev] [PATCH v4 0/5] integrate librte_ipsec SAD into ipsec-secgw
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

More information about the dev mailing list