subject:"\[vpp\-dev\] A question about last used timestamp in ipsec sa"

Re: [vpp-dev] A question about last used timestamp in ipsec sa

2022-10-14 Thread Guangming

Hi ben
The firtst reason   is the  SA bytes/packets  only show there is some 
trafffic that use this sa ,  we must record and calculation the last time  in 
IKE processs, 
and this is not accurate that based on the poll frequency.  This is the major 
reason  , we want this timestamp is more accurately in DPD.
The second reason is thar our IKE is strongswan , it expect get that  last 
use time from query_sa or query_policy directly. 

Thanks
Gaungming


zhangguangm...@baicells.com
 
From: Benoit Ganne (bganne) via lists.fd.io
Date: 2022-10-14 14:44
To: vpp-dev@lists.fd.io; neale; radu.nicolau; roy.fan.zhang
Subject: Re: [vpp-dev] A question about last used timestamp in ipsec sa
As you'd have to poll SA timestamp counters anyway to check the timestamp, why 
not just poll existing SA bytes/packets counters instead to see if some traffic 
is going through?
 
Best
ben
 
> -Original Message-
> From: vpp-dev@lists.fd.io  On Behalf Of Guangming
> Sent: Friday, October 14, 2022 8:37
> To: neale ; radu.nicolau ;
> roy.fan.zhang 
> Cc: vpp-dev 
> Subject: [vpp-dev] A question about last used timestamp in ipsec sa
> 
> 
> 
> Hi，Neale , Radu and Fan
>   Now the ipsec in VPP did not record the traffic timestamp in sa and
> spd like linux kernel . So we can not Implement the full DPD  function In
> IKE control daemon that only send DPD when no traffic .
> What is the good method to add timestamp .  This method should be fit to
> both sync node and async mode.
> Use a new timestamp  counter or add timestamp in old couter
> ipsec_sa_counters ?
> 
>  struct xfrm_lifetime_cur {
> __u64 bytes;
> __u64 packets;
> __u64 add_time;
> __u64 use_time;
> };
> 
> 
> Thanks
> Guangming
> 
> 
> zhangguangm...@baicells.com
 
 
 

 

-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#22032): https://lists.fd.io/g/vpp-dev/message/22032
Mute This Topic: https://lists.fd.io/mt/94321862/21656
Group Owner: vpp-dev+ow...@lists.fd.io
Unsubscribe: https://lists.fd.io/g/vpp-dev/leave/1480452/21656/631435203/xyzzy 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

Re: [vpp-dev] A question about last used timestamp in ipsec sa

2022-10-13 Thread Benoit Ganne (bganne) via lists.fd.io

As you'd have to poll SA timestamp counters anyway to check the timestamp, why 
not just poll existing SA bytes/packets counters instead to see if some traffic 
is going through?

Best
ben

> -Original Message-
> From: vpp-dev@lists.fd.io  On Behalf Of Guangming
> Sent: Friday, October 14, 2022 8:37
> To: neale ; radu.nicolau ;
> roy.fan.zhang 
> Cc: vpp-dev 
> Subject: [vpp-dev] A question about last used timestamp in ipsec sa
> 
> 
> 
> Hi，Neale , Radu and Fan
>   Now the ipsec in VPP did not record the traffic timestamp in sa and
> spd like linux kernel . So we can not Implement the full DPD  function In
> IKE control daemon that only send DPD when no traffic .
> What is the good method to add timestamp .  This method should be fit to
> both sync node and async mode.
> Use a new timestamp  counter or add timestamp in old couter
> ipsec_sa_counters ?
> 
>  struct xfrm_lifetime_cur {
> __u64 bytes;
> __u64 packets;
> __u64 add_time;
> __u64 use_time;
> };
> 
> 
> Thanks
> Guangming
> 
> 
> zhangguangm...@baicells.com

-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#22030): https://lists.fd.io/g/vpp-dev/message/22030
Mute This Topic: https://lists.fd.io/mt/94321862/21656
Group Owner: vpp-dev+ow...@lists.fd.io
Unsubscribe: https://lists.fd.io/g/vpp-dev/leave/1480452/21656/631435203/xyzzy 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[vpp-dev] A question about last used timestamp in ipsec sa

2022-10-13 Thread Guangming


Hi，Neale , Radu and Fan 
  Now the ipsec in VPP did not record the traffic timestamp in sa and  spd 
like linux kernel . So we can not Implement the full DPD  function In IKE 
control daemon that only send DPD when no traffic .
What is the good method to add timestamp .  This method should be fit to both 
sync node and async mode. 
Use a new timestamp  counter or add timestamp in old couter ipsec_sa_counters ? 

 struct xfrm_lifetime_cur {
__u64 bytes;
__u64 packets;
__u64 add_time;
__u64 use_time;
};


Thanks 
Guangming


zhangguangm...@baicells.com

-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#22029): https://lists.fd.io/g/vpp-dev/message/22029
Mute This Topic: https://lists.fd.io/mt/94321862/21656
Group Owner: vpp-dev+ow...@lists.fd.io
Unsubscribe: https://lists.fd.io/g/vpp-dev/leave/1480452/21656/631435203/xyzzy 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

Re: [vpp-dev] A question about last used timestamp in ipsec sa

Re: [vpp-dev] A question about last used timestamp in ipsec sa

[vpp-dev] A question about last used timestamp in ipsec sa

3 matches

Site Navigation

Mail list logo

Footer information