[dpdk-dev] [PATCH v6 00/10] examples/ipsec-secgw: make app to use ipsec library

Akhil Goyal akhil.goyal at nxp.com
Fri Jan 4 18:38:08 CET 2019

Previous message: [dpdk-dev] [PATCH v6 00/10] examples/ipsec-secgw: make app to use ipsec library
Next message: [dpdk-dev] [PATCH v6 01/10] examples/ipsec-secgw: allow user to disable some RX/TX offloads
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]


On 1/4/2019 10:34 PM, Ananyev, Konstantin wrote:
>> On 1/4/2019 5:59 PM, Ananyev, Konstantin wrote:
>>> Hi Akhil,
>>>
>>>> Hi Konstantin,
>>>>
>>>> With this patchset, I am seeing a 3% drop in legacy mode lookaside and
>>>> 12% drop with -l option.
>>>> I am debugging this. Will let you know if I find something.
>>> Ok, thanks.
>>> For legacy mode do you know which patch in the series causing 3% drop?
>>> Is it still: " fix crypto-op might never get dequeued" or a different one?
>>> Konstantin
>>>
>> for legacy mode you may consider this diff in 3/10
>>
>> diff --git a/examples/ipsec-secgw/ipsec-secgw.c
>> b/examples/ipsec-secgw/ipsec-secgw.c
>> index 4f7a77d8d..d183862b8 100644
>> --- a/examples/ipsec-secgw/ipsec-secgw.c
>> +++ b/examples/ipsec-secgw/ipsec-secgw.c
>> @@ -1015,10 +1015,13 @@ main_loop(__attribute__((unused)) void *dummy)
>>
>>                           if (nb_rx > 0)
>>                                   process_pkts(qconf, pkts, nb_rx, portid);
>> -               }
>> +//             }
>>
>> -               drain_inbound_crypto_queues(qconf, &qconf->inbound);
>> -               drain_outbound_crypto_queues(qconf, &qconf->outbound);
>> +                       if (UNPROTECTED_PORT(portid))
>> +                               drain_inbound_crypto_queues(qconf,
>> &qconf->inbound);
>> +                       else
>> +                               drain_outbound_crypto_queues(qconf,
>> &qconf->outbound);
>> +               }
>>           }
>>    }
>>
>> The 3% gap was on single core performance. But on multi cores scenario,
>> there is no significant drop.
>>
>> But I see a bigger functional problem in case of non-legacy mode.
>> I am trying a multi tunnel scenario with 32 kind of flows on one side
>> each with different tunnels.
>> The flows are kind of dest ip: 192.168.101.1 ........... 192.168.x.1
>> .........  192.168.132.1.
>> Each IP has a different tunnel.
>> All are pumped from same port. I can see that some of the IPs are not
>> getting forwarded.
>> like 192.168.103.1, 192.168.104.1, 192.168.105.1, 192.168.114.1,
>> 192.168.115.1, 192.168.116.1, 192.168.122.1, 192.168.125.1,
>> 192.168.126.1, 192.168.130.1
>>
>> The same setup/flows works perfectly fine with legacy mode.
> I'll try to reproduce it on my box.
> To clarify:
>     you are using one core, one port.
4 cores one port with 4 queues

./ipsec-secgw -c 0xff -n 1   -- -p 0x3 -P -u 0x2 
--config="(0,0,0),(0,1,1),(0,2,2),(0,3,3),(1,0,4),(1,1,5),(1,2,6),(1,3,7)" 
-f ep0_64X64_proto.cfg
>     each dest ip assigned to different SA
>    (i.e. for dst=192.168.103.1, spi=1,  dst=192.168.104.1, spi=2, ...)
yes
>    and for some SAs packets are not forwarded.
>    I presume each rx burst contains packets from different SAs.
>   correct?
yes
>   Is that failure for inbound or outbound packets or both?
I believe it can be anything, probably because unprotected port is 
trying to dequeue outbound queues.
>   Any particular details about mode(tunnel/transport), algorithm?
tunnel, aes-cbc-hmac-sha1
>     
> Thanks
> Konstantin

Previous message: [dpdk-dev] [PATCH v6 00/10] examples/ipsec-secgw: make app to use ipsec library
Next message: [dpdk-dev] [PATCH v6 01/10] examples/ipsec-secgw: allow user to disable some RX/TX offloads
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

More information about the dev mailing list