[dpdk-dev] [PATCH] example/ipsec-secgw: ipsec security gateway
Sergio Gonzalez Monroy
sergio.gonzalez.monroy at intel.com
Thu Mar 10 00:54:50 CET 2016
On 01/02/2016 11:26, Jerin Jacob wrote:
> On Mon, Feb 01, 2016 at 11:09:16AM +0000, Sergio Gonzalez Monroy wrote:
>> On 31/01/2016 14:39, Jerin Jacob wrote:
>>> On Fri, Jan 29, 2016 at 08:29:12PM +0000, Sergio Gonzalez Monroy wrote:
>>>
>>> IMO, an option for single SA based outbound processing would be useful
>>> measuring performance bottlenecks with SA lookup.
>>>
>> Hi Jerin,
>>
>> Are you suggesting to have an option so we basically encrypt all traffic
>> using
>> a single SA bypassing the SP/ACL ?
> Yes. Basicaly an option to bypass "rte_acl_classify" if its for single
> SA use case.
>
>
Hi Jerin,
After re-reading your comment regarding the single SA I just want to
double check
that I understood correctly what you were suggesting.
Basically an option that we can provide a single SA to use for outbound,
skipping rte_acl_classify in outbound path.
That same option would also skip rte_acl_classify in inbound path
without checking
that we accept specific traffic for an SA.
Is that correct?
Sergio
More information about the dev
mailing list