[dpdk-dev] [PATCH v2 00/12] add eventmode to ipsec-secgw

[Anoob Joseph]

Hi Akhil, Konstantin,

Do you have any further comments?

Thanks,
Anoob

> -----Original Message-----
> From: dev <dev-bounces at dpdk.org> On Behalf Of Anoob Joseph
> Sent: Monday, January 20, 2020 7:15 PM
> To: Akhil Goyal <akhil.goyal at nxp.com>; Radu Nicolau
> <radu.nicolau at intel.com>; Thomas Monjalon <thomas at monjalon.net>
> Cc: Anoob Joseph <anoobj at marvell.com>; Jerin Jacob Kollanukkaran
> <jerinj at marvell.com>; Narayana Prasad Raju Athreya
> <pathreya at marvell.com>; Ankur Dwivedi <adwivedi at marvell.com>;
> Archana Muniganti <marchana at marvell.com>; Tejasree Kondoj
> <ktejasree at marvell.com>; Vamsi Krishna Attunuru
> <vattunuru at marvell.com>; Lukas Bartosik <lbartosik at marvell.com>;
> Konstantin Ananyev <konstantin.ananyev at intel.com>; dev at dpdk.org
> Subject: [dpdk-dev] [PATCH v2 00/12] add eventmode to ipsec-secgw
> 
> This series introduces event-mode additions to ipsec-secgw. This effort is
> parallel to the similar changes in l2fwd (l2fwd-event app) & l3fwd.
> 
> With this series, ipsec-secgw would be able to run in eventmode. The worker
> thread (executing loop) would be receiving events and would be submitting
> it back to the eventdev after the processing. This way, multicore scaling and
> h/w assisted scheduling is achieved by making use of the eventdev
> capabilities.
> 
> Since the underlying event device would be having varying capabilities, the
> worker thread could be drafted differently to maximize performance.
> This series introduces usage of multiple worker threads, among which the
> one to be used will be determined by the operating conditions and the
> underlying device capabilities.
> 
> For example, if an event device - eth device pair has Tx internal port, then
> application can do tx_adapter_enqueue() instead of regular
> event_enqueue(). So a thread making an assumption that the device pair has
> internal port will not be the right solution for another pair. The infrastructure
> added with these patches aims to help application to have multiple worker
> threads, there by extracting maximum performance from every device
> without affecting existing paths/use cases.
> 
> The eventmode configuration is predefined. All packets reaching one eth
> port will hit one event queue. All event queues will be mapped to all event
> ports. So all cores will be able to receive traffic from all ports.
> When schedule_type is set as RTE_SCHED_TYPE_ORDERED/ATOMIC, event
> device will ensure the ordering. Ordering would be lost when tried in
> PARALLEL.
> 
> Following command line options are introduced,
> 
> --transfer-mode: to choose between poll mode & event mode
> --schedule-type: to specify the scheduling type
>                  (RTE_SCHED_TYPE_ORDERED/
>                   RTE_SCHED_TYPE_ATOMIC/
>                   RTE_SCHED_TYPE_PARALLEL)
> 
> Additionally the event mode introduces two modes of processing packets:
> 
> Driver-mode: This mode will have bare minimum changes in the application
>              to support ipsec. There woudn't be any lookup etc done in
>              the application. And for inline-protocol use case, the
>              thread would resemble l2fwd as the ipsec processing would be
>              done entirely in the h/w. This mode can be used to benchmark
>              the raw performance of the h/w. All the application side
>              steps (like lookup) can be redone based on the requirement
>              of the end user. Hence the need for a mode which would
>              report the raw performance.
> 
> App-mode: This mode will have all the features currently implemented with
>           ipsec-secgw (non librte_ipsec mode). All the lookups etc
>           would follow the existing methods and would report numbers
>           that can be compared against regular ipsec-secgw benchmark
>           numbers.
> 
> The driver mode is selected with existing --single-sa option (used also by poll
> mode). When --single-sa option is used in conjution with event mode then
> index passed to --single-sa is ignored.
> 
> Example commands to execute ipsec-secgw in various modes on OCTEON
> TX2 platform,
> 
> #Inbound and outbound app mode
> ipsec-secgw -w 0002:02:00.0,ipsec_in_max_spi=128 -w
> 0002:03:00.0,ipsec_in_max_spi=128 -w 0002:0e:00.0 -w 0002:10:00.1 --log-
> level=8 -c 0x1 -- -P -p 0x3 -u 0x1 --config "(1,0,0),(0,0,0)" -f aes-gcm.cfg --
> transfer-mode event --schedule-type parallel
> 
> #Inbound and outbound driver mode
> ipsec-secgw -w 0002:02:00.0,ipsec_in_max_spi=128 -w
> 0002:03:00.0,ipsec_in_max_spi=128 -w 0002:0e:00.0 -w 0002:10:00.1 --log-
> level=8 -c 0x1 -- -P -p 0x3 -u 0x1 --config "(1,0,0),(0,0,0)" -f aes-gcm.cfg --
> transfer-mode event --schedule-type parallel --single-sa 0
> 
> This series adds non burst tx internal port workers only. It provides
> infrastructure for non internal port workers, however does not define any.
> Also, only inline ipsec protocol mode is supported by the worker threads
> added.
> 
> Following are planned features,
> 1. Add burst mode workers.
> 2. Add non internal port workers.
> 3. Verify support for Rx core (the support is added but lack of h/w to verify).
> 4. Add lookaside protocol support.
> 
> Following are features that Marvell won't be attempting.
> 1. Inline crypto support.
> 2. Lookaside crypto support.
> 
> For the features that Marvell won't be attempting, new workers can be
> introduced by the respective stake holders.
> 
> This series is tested on Marvell OCTEON TX2.
> 
> Changes in v2:
> * Remove --process-dir option. Instead use existing unprotected port mask
>   option (-u) to decide wheter port handles inbound or outbound traffic.
> * Remove --process-mode option. Instead use existing --single-sa option
>   to select between app and driver modes.
> * Add handling of PKT_RX_SEC_OFFLOAD_FAIL result in app worker thread.
> * Fix passing of req_rx_offload flags to create_default_ipsec_flow().
> * Move destruction of flows to a location where eth ports are stopped
>   and closed.
> * Print error and exit when event mode --schedule-type option is used
>   in poll mode.
> * Reduce number of goto statements replacing them with loop constructs.
> * Remove sec_session_fixed table and replace it with locally build
>   table in driver worker thread. Table is indexed by port identifier
>   and holds first inline session pointer found for a given port.
> * Print error and exit when sessions other than inline are configured
>   in event mode.
> * When number of event queues is less than number of eth ports then
>   map all eth ports to one event queue.
> * Cleanup and minor improvements in code as suggested by Konstantin
> 
> Deferred to v3:
> * The final patch updates the hardcoded number of buffers in a pool.
>   Also, there was a discussion on the update of number of qp. Both the
>   above can be handled properly, if we can remove the logic which limits
>   one core to only use one crypto qp. If we can allow one qp per
>   lcore_param, every eth queue can have it's own crypto qp and that would
>   solve the requirements with OCTEON TX2 inline ipsec support as well.
> 
>   Patch with the mentioned change,
>   https://urldefense.proofpoint.com/v2/url?u=http-
> 3A__patches.dpdk.org_patch_64408_&d=DwIDAg&c=nKjWec2b6R0mOyPaz
> 7xtfQ&r=BPcGOOudUMrTDQ9YbgKcOkO5ChYiUPPlPNIEvTOhjNE&m=rg71UQ
> 1CwRYPFy30QuJQZd1Lam_kwYg15N2h5GN2iD4&s=yHzfRBRuunl4JWV97vufk
> 7aycUc472ahPVnQ9Tt6SeY&e=
> 
> * Update ipsec-secgw documentation to describe the new options as well as
>   event mode support.
> 
> This series depends on the PMD changes submitted in the following set,
> https://urldefense.proofpoint.com/v2/url?u=http-
> 3A__patches.dpdk.org_project_dpdk_list_-3Fseries-
> 3D8203&d=DwIDAg&c=nKjWec2b6R0mOyPaz7xtfQ&r=BPcGOOudUMrTDQ9Y
> bgKcOkO5ChYiUPPlPNIEvTOhjNE&m=rg71UQ1CwRYPFy30QuJQZd1Lam_kwY
> g15N2h5GN2iD4&s=g2wtO9tOQTYHa9os1ECz5uwgpz9JmjTlGbEl-
> Cp6WAw&e=
> 
> Ankur Dwivedi (1):
>   examples/ipsec-secgw: add default rte_flow for inline Rx
> 
> Anoob Joseph (5):
>   examples/ipsec-secgw: add framework for eventmode helper
>   examples/ipsec-secgw: add eventdev port-lcore link
>   examples/ipsec-secgw: add Rx adapter support
>   examples/ipsec-secgw: add Tx adapter support
>   examples/ipsec-secgw: add routines to display config
> 
> Lukasz Bartosik (6):
>   examples/ipsec-secgw: add routines to launch workers
>   examples/ipsec-secgw: add support for internal ports
>   examples/ipsec-secgw: add eventmode to ipsec-secgw
>   examples/ipsec-secgw: add driver mode worker
>   examples/ipsec-secgw: add app mode worker
>   examples/ipsec-secgw: add cmd line option for bufs
> 
>  examples/ipsec-secgw/Makefile       |    2 +
>  examples/ipsec-secgw/event_helper.c | 1714
> +++++++++++++++++++++++++++++++++++
>  examples/ipsec-secgw/event_helper.h |  312 +++++++  examples/ipsec-
> secgw/ipsec-secgw.c  |  502 ++++++++--
>  examples/ipsec-secgw/ipsec-secgw.h  |   86 ++
>  examples/ipsec-secgw/ipsec.c        |    7 +
>  examples/ipsec-secgw/ipsec.h        |   36 +-
>  examples/ipsec-secgw/ipsec_worker.c |  656 ++++++++++++++
>  examples/ipsec-secgw/ipsec_worker.h |   39 +
>  examples/ipsec-secgw/meson.build    |    4 +-
>  examples/ipsec-secgw/sa.c           |   11 -
>  11 files changed, 3275 insertions(+), 94 deletions(-)  create mode 100644
> examples/ipsec-secgw/event_helper.c
>  create mode 100644 examples/ipsec-secgw/event_helper.h
>  create mode 100644 examples/ipsec-secgw/ipsec-secgw.h
>  create mode 100644 examples/ipsec-secgw/ipsec_worker.c
>  create mode 100644 examples/ipsec-secgw/ipsec_worker.h
> 
> --
> 2.7.4