Re: [dpdk-users] IPSEC-SECGW sample application

Mon, 08 Jan 2018 03:48:08 -0800 

Hi  Sandesh
Thank you - I already understood that. 
I see in the documentation that this app. Supports only **complete offload**. 
But Intel NICS x540 and 82599 which supports ipsec offload requires that the SW 
will  add/remove the ESP headers 
How can I run this app with x540 nic ?
Best Regards
Avi



> -----Original Message-----
> From: Gowda, Sandesh [mailto:[email protected]]
> Sent: Monday, 08 January, 2018 10:47 AM
> To: Avi Cohen (A); [email protected]
> Subject: RE: IPSEC-SECGW sample application
> 
> 
> Hi Avi,
> 
>  The application classifies the ports as Protected and Unprotected. Thus, 
> traffic
> received on an Unprotected or Protected port is consider Inbound or Outbound
> respectively.
> ( Refer : http://dpdk.org/doc/guides/sample_app_ug/ipsec_secgw.html  )
> 
>  The Packets sent on a  Unprotected network requires Encryption whereas
> packets on Protected Network can be plain text.
>  This is the expected behavior.
> 
>  Regards,
>  Sandesh
> 
> 
> 
> 
> -----Original Message-----
> From: users [mailto:[email protected]] On Behalf Of Avi Cohen (A)
> Sent: Sunday, January 07, 2018 9:12 PM
> To: [email protected]
> Subject: [dpdk-users] IPSEC-SECGW sample application
> 
> 
> Hello
> I'm using the DPDK17.11 and running the sample app. Ipsec_secgw.
> I have 2 ports port 0 is protected and port 1 is unprotected Traffic is 
> received in
> the unprotected and should be sent to the protected  port  for encryption But
> the traffic processing for the traffic received in the unprotected port is 
> going
> through the **process_pkts_inbound ** .
> I expect that the traffic should be directed to the  **process_pkts_outbound**
> [where ESP headers are added etc.] Can someone help ?
> 
> 
> This is the config file:
> 
> #SP rules
> sp ipv4 in esp protect 5 src 1.1.1.2/32 dst 1.1.2.10/32 #SA rules sa in 5
> cipher_algo aes-128-cbc cipher_key 0:0:0:0:0:0:0:0:0:0:0:0:0:0:0:0 \ auth_algo
> sha1-hmac auth_key 0:0:0:0:0:0:0:0:0:0:0:0:0:0:0:0:0:0:0:0 \ mode ipv4-tunnel
> src 172.16.1.5 dst 172.16.2.5 \ type inline-protocol-offload port_id 0 
> #Routing
> rules rt ipv4 dst 172.16.2.5/32 port 0 rt ipv4 dst 1.1.2.0/24 port 0 rt ipv4 
> dst
> 1.1.1.0/24 port 0
> 
> 
> and this is the command line to run the applic:
> 
> ./ipsec-secgw -l 1 -n 2 -- -p 0x3 -P -u 0x2 --config="(0,0,1),(1,0,1)" -f 
> ../ep1.cfg
> 
> 
> Best Regards
> Avi

Reply via email to