[dpdk-dev] Ipsec-secgw packet processing

satyavalli rama satyavalli.rama at gmail.com
Wed Aug 19 13:08:06 CEST 2020

Previous message: [dpdk-dev] Ipsec-secgw packet processing
Next message: [dpdk-dev] Ipsec-secgw packet processing
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Hi Anoob

We are using the following hardware details,
HOST: x722 (i40e) intel.
VM: e1000 (82540) intel.

We have launched Virtual machine on host , and executing ipsec-secgw
application on VM.

Please find below the CLI and configuration for TRANSPORT MODE.

CLI:

./build/ipsec-secgw -l 0 -n 4 --socket-mem 1024,0 --vdev "crypto_null" --
-p 0x3 -P -u 0x1 --config="(0,0,0),(1,0,0)" -f ep0.cfg

#TRANSPORT:

#SP IPv4 rules
sp ipv4 out esp protect 10 pri 1 dst 192.168.122.0/24 sport 0:65535 dport
0:65535

#SA rules
sa out 10 cipher_algo aes-128-cbc cipher_key
a1:a1:a1:a1:a1:a1:a1:a1:a1:a1:a1:\
a1:a1:a1:a1:a1 auth_algo sha1-hmac auth_key
a1:a1:a1:a1:a1:a1:a1:a1:a1:a1:a1:\
a1:a1:a1:a1:a1:a1:a1:a1:a1 mode transport

#Routing rules
rt ipv4 dst 192.168.122.0/24 port 1


Please find below the CLI and configuration for TUNNEL MODE.

CLI:

./build/ipsec-secgw -l 0 -n 4 --socket-mem 1024,0 --vdev "crypto_null" --
-p 0x3 -P -u 0x1 --config="(0,0,0),(1,0,0)" -f ep0.cfg

#TUNNEL End Point-0:

#SP IPv4 rules
sp ipv4 out esp protect 5 pri 1 dst 192.168.122.0/24 sport 0:65535 dport
0:65535

#SA rules
sa out 5 cipher_algo aes-128-cbc cipher_key 0:0:0:0:0:0:0:0:0:0:0:0:0:0:0:0
\
auth_algo sha1-hmac auth_key 0:0:0:0:0:0:0:0:0:0:0:0:0:0:0:0:0:0:0:0 \
mode ipv4-tunnel src 192.168.122.96 dst 192.168.122.213

#Routing rules
rt ipv4 dst 192.168.122.0/24 port 1

On Tue, 18 Aug, 2020, 4:29 pm Anoob Joseph, <anoobj at marvell.com> wrote:

> Hi Satya,
>
> Are you attempting to enable inline protocol (IPsec) functionality? If
> yes, which PMD (& h/w) are you using for the same?
>
> Thanks,
> Anoob
>
> > -----Original Message-----
> > From: dev <dev-bounces at dpdk.org> On Behalf Of satyavalli rama
> > Sent: Tuesday, August 18, 2020 4:08 PM
> > To: dev at dpdk.org; users at dpdk.org
> > Subject: Re: [dpdk-dev] Ipsec-secgw packet processing
> >
> > We further debugged and we observed that while running ipsec-secgw
> > application in transport-mode dpdk-19.02/11, we found that inline packet
> > processing is not happening.
> > We observed that ol_flags is not setting from driver level. We are
> expecting
> > that , because of ol_flags not set , inline packet processing is not
> > happening.Any idea What could be the reason for this, I think ol_flags
> will be
> > configured from driver level Or else do we need to provide any external
> > configuration for setting ol_flags.
> > And also we are not observing encrypt/decrypt packets on pdump before
> > sending packets out from tx-port(rte_eth_tx_burst()).
> > Please help us on this...to proceed further.
> >
> > Thanks & Regards
> > Satya
> >
> >
> >
> > On Mon, 17 Aug, 2020, 4:11 pm satyavalli rama, <
> satyavalli.rama at gmail.com>
> > wrote:
> >
> > >
> > > Hello,
> > >
> > > While we are running ipsec-secgw application in transport-mode on
> > > dpdk-19.02, we found that inline packet processing is not happening.
> > >
> > > And also we are not observing any encrypt/decrypt packets on pdump
> > > before sending packets out from tx-port(rte_eth_tx_burst()).
> > >
> > > Please help us on how to proceed further.
> > >
> > > Thanks,
> > > Jagadeesh
> > >
> > >
>

Previous message: [dpdk-dev] Ipsec-secgw packet processing
Next message: [dpdk-dev] Ipsec-secgw packet processing
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

More information about the dev mailing list