[vpp-dev] Did anything ever make vpp's native ipsec stack (ia32) work with dpdk/phy nic?

Chuan Han via Lists.Fd.Io Mon, 18 Nov 2019 14:49:56 -0800

Hi, vpp experts,

I was told that vpp's native ipsec stack is stabler and more performant. We
can enable it by commenting out the vdev line in dpdk stanza.


However, when I did so, ipsec decryption failed.

Ex:
# commenting out this line makes decryption fail.
vdev crypto_aesni_mb0,socket_id=0

Did anyone ever make native ipsec stack, i.e., ia32 work with dpdk/phy nic?

The interesting thing is no matter whether I comment out the vdev line or
not, ia32 is shown as the active crypto handler for aes-gcm-256. Does this
mean ia32 is used by both cases?

vpp# sh crypto engines
Name                Prio    Description
ia32                100     Intel IA32 ISA Optimized Crypto
ipsecmb             80      Intel(R) Multi-Buffer Crypto for IPsec Library
0.52.0
openssl             50      OpenSSL
vpp# sh crypto handlers
Algo                Type                Active              Candidates
(nil)
des-cbc             encrypt             openssl             openssl
                    decrypt             openssl             openssl
3des-cbc            encrypt             openssl             openssl
                    decrypt             openssl             openssl
aes-128-cbc         encrypt             ia32                ia32 ipsecmb
openssl
                    decrypt             ia32                ia32 ipsecmb
openssl
aes-192-cbc         encrypt             ia32                ia32 ipsecmb
openssl
                    decrypt             ia32                ia32 ipsecmb
openssl
aes-256-cbc         encrypt             ia32                ia32 ipsecmb
openssl
                    decrypt             ia32                ia32 ipsecmb
openssl
aes-128-ctr         encrypt             openssl             openssl
                    decrypt             openssl             openssl
aes-192-ctr         encrypt             openssl             openssl
                    decrypt             openssl             openssl
aes-256-ctr         encrypt             openssl             openssl
                    decrypt             openssl             openssl
aes-128-gcm         aead-encrypt        ia32                ia32 ipsecmb
openssl
                    aead-decrypt        ia32                ia32 ipsecmb
openssl
aes-192-gcm         aead-encrypt        ia32                ia32 ipsecmb
openssl
                    aead-decrypt        ia32                ia32 ipsecmb
openssl
aes-256-gcm         aead-encrypt        ia32                ia32 ipsecmb
openssl
                    aead-decrypt        ia32                ia32 ipsecmb
openssl
hmac-md5            hmac                openssl             openssl
hmac-sha-1          hmac                ipsecmb             ipsecmb openssl
hmac-sha-224        hmac                ipsecmb             ipsecmb openssl
hmac-sha-256        hmac                ipsecmb             ipsecmb openssl
hmac-sha-384        hmac                ipsecmb             ipsecmb openssl
hmac-sha-512        hmac                ipsecmb             ipsecmb openssl
vpp#

I attached the two servers' startup conf files and topology diagram.

Any input/comments are welcome.

Thanks.
Chuan

vpp testbed - iperf3.pdf
Description: Adobe PDF document

srv-2 vpp startup.conf
Description: Binary data

srv-1 vpp switch startup.cfg
Description: Binary data

srv-1 vpp startup.conf
Description: Binary data

srv-2 vpp switch startup.cfg
Description: Binary data

-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.

View/Reply Online (#14619): https://lists.fd.io/g/vpp-dev/message/14619
Mute This Topic: https://lists.fd.io/mt/60327762/21656
Group Owner: [email protected]
Unsubscribe: https://lists.fd.io/g/vpp-dev/unsub  [[email protected]]
-=-=-=-=-=-=-=-=-=-=-=-

[vpp-dev] Did anything ever make vpp's native ipsec stack (ia32) work with dpdk/phy nic?

Reply via email to