On 6/27/2018 6:58 PM, Qiuyu Xiao wrote:
This patch series reintroduce IPsec support for OVS tunneling and adds new
features to prepare for the OVN IPsec support. The new features are:
1) Add CA-cert based authentication support to ovs-monitor-ipsec.
2) Enable ovs-pki to generate x.509 version 3 certificate.
Thanks for working on the series.
Just had a general query as regards IPsec in userspace.
I had previously looked at implementing a *rough* IPsec Tunnel interface
for userspace last year for OVS DPDK. I had put the work on hold as DPDK
has begun working on a general IPsec library which would make
implementation simpler and cleaner/simpler to maintain in the future.
Targeted for DPDK 18.11 (November this year).
Would the introduction of a specific IPsec tunnel interface still be
acceptable in light of this patch?
There are other libraries such as macsec that DPDK has libraries for as
well that could be introduced in the future for user space.
I'm just aware of the divergence of approaches between whats available
in kernel vs userspace so thought it was worth raising for discussion at
this point?
Appreciate any input.
Thanks
Ian
_______________________________________________
dev mailing list
[email protected]
https://mail.openvswitch.org/mailman/listinfo/ovs-dev
