Hello vpp-dev team,
Our csit performance tests for Ipsec using aes-gcm ciphering started to fail
because created ipsec interface cannot get to up state - tested with vpp master
(build 19.04-rc0~67-g72de626~b6198) as well as with stable/1901 (build
19.01-rc2~3-g9124874~b2).
We are using HW crypto card, dpdk plugin is loaded and dpdk backend is active
ipsec backend for ESP. We are receiving following responses for set interface
state up command:
- in case of AES-GCM-128: set interface state: unsupported aes-gcm-128
crypto-alg
- in case of AES-GCM-192: set interface state: unsupported none integ-alg
Could you, please, let us know if there is something wrong in our configuration
(see VAT commands and startup.conf below; it worked before) or there is a bug
in vpp?
Thanks,
Jan
VAT commands used to configure vpp:
sw_interface_set_flags sw_if_index 2 admin-up link-up
sw_interface_set_flags sw_if_index 1 admin-up link-up
sw_interface_dump
hw_interface_set_mtu sw_if_index 2 mtu 9200
hw_interface_set_mtu sw_if_index 1 mtu 9200
sw_interface_dump
sw_interface_dump
sw_interface_dump
sw_interface_add_del_address sw_if_index 2 192.168.10.1/24
sw_interface_add_del_address sw_if_index 1 172.168.1.1/24
ip_neighbor_add_del sw_if_index 2 dst 192.168.10.2 mac 68:05:ca:35:79:1c
ip_neighbor_add_del sw_if_index 1 dst 172.168.1.2 mac 68:05:ca:35:76:b1
ip_add_del_route 10.0.0.0/8 via 192.168.10.2 sw_if_index 2 resolve-attempts 10
count 1
ipsec_tunnel_if_add_del local_spi 10000 remote_spi 20000 crypto_alg aes-gcm-192
local_crypto_key 685857656d48393835654169447a516864314e51447450666352706a
remote_crypto_key 685857656d48393835654169447a516864314e51447450666352706a
local_ip 172.168.1.1 remote_ip 172.168.1.2
exec ip route add 20.0.0.0/32 via 172.168.1.2 ipsec0
exec set interface unnumbered ipsec0 use FortyGigabitEthernet88/0/0
exec set interface state ipsec0 up
Our startup.conf:
ip
{
heap-size 4G
}
statseg
{
size 4G
}
unix
{
cli-listen /run/vpp/cli.sock
log /tmp/vpe.log
full-coredump
nodaemon
}
ip6
{
heap-size 4G
hash-buckets 2000000
}
heapsize 4G
plugins
{
plugin default
{
disable
}
plugin dpdk_plugin.so
{
enable
}
}
cpu
{
corelist-workers 20
main-core 19
}
dpdk
{
dev 0000:88:00.1
dev 0000:88:00.0
no-multi-seg
uio-driver igb_uio
log-level debug
dev default
{
num-rx-desc 2048
num-rx-queues 1
num-tx-desc 2048
}
dev 0000:86:01.0
socket-mem 1024,1024
no-tx-checksum-offload
}
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#12057): https://lists.fd.io/g/vpp-dev/message/12057
Mute This Topic: https://lists.fd.io/mt/29592457/21656
Group Owner: [email protected]
Unsubscribe: https://lists.fd.io/g/vpp-dev/unsub [[email protected]]
-=-=-=-=-=-=-=-=-=-=-=-
