| Message ID | 1580306768-110555-1-git-send-email-vladimir.medvedkin@intel.com (mailing list archive) |
|---|---|
| Headers |
Return-Path: <dev-bounces@dpdk.org> X-Original-To: patchwork@inbox.dpdk.org Delivered-To: patchwork@inbox.dpdk.org Received: from dpdk.org (dpdk.org [92.243.14.124]) by inbox.dpdk.org (Postfix) with ESMTP id 22AA6A052F; Wed, 29 Jan 2020 15:06:15 +0100 (CET) Received: from [92.243.14.124] (localhost [127.0.0.1]) by dpdk.org (Postfix) with ESMTP id 33A771BFEE; Wed, 29 Jan 2020 15:06:14 +0100 (CET) Received: from mga04.intel.com (mga04.intel.com [192.55.52.120]) by dpdk.org (Postfix) with ESMTP id 317981BFED for <dev@dpdk.org>; Wed, 29 Jan 2020 15:06:12 +0100 (CET) X-Amp-Result: SKIPPED(no attachment in message) X-Amp-File-Uploaded: False Received: from orsmga007.jf.intel.com ([10.7.209.58]) by fmsmga104.fm.intel.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 29 Jan 2020 06:06:11 -0800 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.70,378,1574150400"; d="scan'208";a="217955160" Received: from silpixa00400072.ir.intel.com ([10.237.222.213]) by orsmga007.jf.intel.com with ESMTP; 29 Jan 2020 06:06:10 -0800 From: Vladimir Medvedkin <vladimir.medvedkin@intel.com> To: dev@dpdk.org Cc: konstantin.ananyev@intel.com, akhil.goyal@nxp.com Date: Wed, 29 Jan 2020 14:06:02 +0000 Message-Id: <1580306768-110555-1-git-send-email-vladimir.medvedkin@intel.com> X-Mailer: git-send-email 2.7.4 In-Reply-To: <1579012036-326214-1-git-send-email-vladimir.medvedkin@intel.com> References: <1579012036-326214-1-git-send-email-vladimir.medvedkin@intel.com> Subject: [dpdk-dev] [PATCH v5 0/6] integrate librte_ipsec SAD into ipsec-secgw X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: DPDK patches and discussions <dev.dpdk.org> List-Unsubscribe: <https://mails.dpdk.org/options/dev>, <mailto:dev-request@dpdk.org?subject=unsubscribe> List-Archive: <http://mails.dpdk.org/archives/dev/> List-Post: <mailto:dev@dpdk.org> List-Help: <mailto:dev-request@dpdk.org?subject=help> List-Subscribe: <https://mails.dpdk.org/listinfo/dev>, <mailto:dev-request@dpdk.org?subject=subscribe> Errors-To: dev-bounces@dpdk.org Sender: "dev" <dev-bounces@dpdk.org> |
| Series |
integrate librte_ipsec SAD into ipsec-secgw
|
|
Message
Vladimir Medvedkin
Jan. 29, 2020, 2:06 p.m. UTC
This series integrates SA database (SAD) capabilities from ipsec library. The goal is to make ipsec-secgw RFC compliant regarding inbound SAD. Also patch series removes hardcoded limitation for maximum number of SA's and SP's. According to our measurements, after this series of patches, ipsec-secgw performance drops by about 0-2%. v5: - introduce SAD cache to solve performance degradation - ipsec_sad_add() returns an error if the key is present v4: - put tunnel SA's into SAD with SPI_ONLY type for performance reason v3: - parse SA and SP into sorted array instead of linked list v2: - get rid of maximum sp limitation Vladimir Medvedkin (6): ipsec: move ipsec sad name length into .h examples/ipsec-secgw: implement inbound SAD examples/ipsec-secgw: integrate inbound SAD examples/ipsec-secgw: get rid of maximum sa limitation examples/ipsec-secgw: get rid of maximum sp limitation examples/ipsec-secgw: add SAD cache examples/ipsec-secgw/Makefile | 1 + examples/ipsec-secgw/ipsec-secgw.c | 34 +++++- examples/ipsec-secgw/ipsec.h | 12 +- examples/ipsec-secgw/meson.build | 2 +- examples/ipsec-secgw/parser.c | 4 + examples/ipsec-secgw/parser.h | 9 ++ examples/ipsec-secgw/sa.c | 238 +++++++++++++++++++++---------------- examples/ipsec-secgw/sad.c | 149 +++++++++++++++++++++++ examples/ipsec-secgw/sad.h | 168 ++++++++++++++++++++++++++ examples/ipsec-secgw/sp4.c | 114 +++++++++++++----- examples/ipsec-secgw/sp6.c | 112 ++++++++++++----- lib/librte_ipsec/ipsec_sad.c | 20 ++-- lib/librte_ipsec/rte_ipsec_sad.h | 2 + 13 files changed, 686 insertions(+), 179 deletions(-) create mode 100644 examples/ipsec-secgw/sad.c create mode 100644 examples/ipsec-secgw/sad.h
Comments
> > This series integrates SA database (SAD) capabilities from ipsec library. > The goal is to make ipsec-secgw RFC compliant regarding inbound SAD. > Also patch series removes hardcoded limitation for maximum number of SA's > and SP's. > According to our measurements, after this series of patches, > ipsec-secgw performance drops by about 0-2%. > > v5: > - introduce SAD cache to solve performance degradation > - ipsec_sad_add() returns an error if the key is present > > v4: > - put tunnel SA's into SAD with SPI_ONLY type for performance reason > > v3: > - parse SA and SP into sorted array instead of linked list > > v2: > - get rid of maximum sp limitation > > Vladimir Medvedkin (6): > ipsec: move ipsec sad name length into .h > examples/ipsec-secgw: implement inbound SAD > examples/ipsec-secgw: integrate inbound SAD > examples/ipsec-secgw: get rid of maximum sa limitation > examples/ipsec-secgw: get rid of maximum sp limitation > examples/ipsec-secgw: add SAD cache > > examples/ipsec-secgw/Makefile | 1 + > examples/ipsec-secgw/ipsec-secgw.c | 34 +++++- > examples/ipsec-secgw/ipsec.h | 12 +- > examples/ipsec-secgw/meson.build | 2 +- > examples/ipsec-secgw/parser.c | 4 + > examples/ipsec-secgw/parser.h | 9 ++ > examples/ipsec-secgw/sa.c | 238 +++++++++++++++++++++---------------- > examples/ipsec-secgw/sad.c | 149 +++++++++++++++++++++++ > examples/ipsec-secgw/sad.h | 168 ++++++++++++++++++++++++++ > examples/ipsec-secgw/sp4.c | 114 +++++++++++++----- > examples/ipsec-secgw/sp6.c | 112 ++++++++++++----- > lib/librte_ipsec/ipsec_sad.c | 20 ++-- > lib/librte_ipsec/rte_ipsec_sad.h | 2 + > 13 files changed, 686 insertions(+), 179 deletions(-) > create mode 100644 examples/ipsec-secgw/sad.c > create mode 100644 examples/ipsec-secgw/sad.h > Series Acked-by: Akhil Goyal <akhil.goyal@nxp.com> Hi Anoob, Do you have any comments on this set. I do not see degradation on this patchset now. Regards, Akhil
Hi Akhil, > > > > This series integrates SA database (SAD) capabilities from ipsec library. > > The goal is to make ipsec-secgw RFC compliant regarding inbound SAD. > > Also patch series removes hardcoded limitation for maximum number of > > SA's and SP's. > > According to our measurements, after this series of patches, > > ipsec-secgw performance drops by about 0-2%. > > > > v5: > > - introduce SAD cache to solve performance degradation > > - ipsec_sad_add() returns an error if the key is present > > > > v4: > > - put tunnel SA's into SAD with SPI_ONLY type for performance reason > > > > v3: > > - parse SA and SP into sorted array instead of linked list > > > > v2: > > - get rid of maximum sp limitation > > > > Vladimir Medvedkin (6): > > ipsec: move ipsec sad name length into .h > > examples/ipsec-secgw: implement inbound SAD > > examples/ipsec-secgw: integrate inbound SAD > > examples/ipsec-secgw: get rid of maximum sa limitation > > examples/ipsec-secgw: get rid of maximum sp limitation > > examples/ipsec-secgw: add SAD cache > > > > examples/ipsec-secgw/Makefile | 1 + > > examples/ipsec-secgw/ipsec-secgw.c | 34 +++++- > > examples/ipsec-secgw/ipsec.h | 12 +- > > examples/ipsec-secgw/meson.build | 2 +- > > examples/ipsec-secgw/parser.c | 4 + > > examples/ipsec-secgw/parser.h | 9 ++ > > examples/ipsec-secgw/sa.c | 238 +++++++++++++++++++++----------- > ----- > > examples/ipsec-secgw/sad.c | 149 +++++++++++++++++++++++ > > examples/ipsec-secgw/sad.h | 168 ++++++++++++++++++++++++++ > > examples/ipsec-secgw/sp4.c | 114 +++++++++++++----- > > examples/ipsec-secgw/sp6.c | 112 ++++++++++++----- > > lib/librte_ipsec/ipsec_sad.c | 20 ++-- > > lib/librte_ipsec/rte_ipsec_sad.h | 2 + > > 13 files changed, 686 insertions(+), 179 deletions(-) create mode > > 100644 examples/ipsec-secgw/sad.c create mode 100644 > > examples/ipsec-secgw/sad.h > > > > Series > Acked-by: Akhil Goyal <akhil.goyal@nxp.com> > > Hi Anoob, > > Do you have any comments on this set. I do not see degradation on this > patchset now. [Anoob] The perf degradation is negligible on our platform as well. I don't have any issue with the patch set. Series Acked-by: Anoob Joseph <anoobj@marvell.com>
> > Hi Akhil, > > > > > > > This series integrates SA database (SAD) capabilities from ipsec library. > > > The goal is to make ipsec-secgw RFC compliant regarding inbound SAD. > > > Also patch series removes hardcoded limitation for maximum number of > > > SA's and SP's. > > > According to our measurements, after this series of patches, > > > ipsec-secgw performance drops by about 0-2%. > > > > > > v5: > > > - introduce SAD cache to solve performance degradation > > > - ipsec_sad_add() returns an error if the key is present > > > > > > v4: > > > - put tunnel SA's into SAD with SPI_ONLY type for performance reason > > > > > > v3: > > > - parse SA and SP into sorted array instead of linked list > > > > > > v2: > > > - get rid of maximum sp limitation > > > > > > Vladimir Medvedkin (6): > > > ipsec: move ipsec sad name length into .h > > > examples/ipsec-secgw: implement inbound SAD > > > examples/ipsec-secgw: integrate inbound SAD > > > examples/ipsec-secgw: get rid of maximum sa limitation > > > examples/ipsec-secgw: get rid of maximum sp limitation > > > examples/ipsec-secgw: add SAD cache > > > > > > examples/ipsec-secgw/Makefile | 1 + > > > examples/ipsec-secgw/ipsec-secgw.c | 34 +++++- > > > examples/ipsec-secgw/ipsec.h | 12 +- > > > examples/ipsec-secgw/meson.build | 2 +- > > > examples/ipsec-secgw/parser.c | 4 + > > > examples/ipsec-secgw/parser.h | 9 ++ > > > examples/ipsec-secgw/sa.c | 238 +++++++++++++++++++++----------- > > ----- > > > examples/ipsec-secgw/sad.c | 149 +++++++++++++++++++++++ > > > examples/ipsec-secgw/sad.h | 168 ++++++++++++++++++++++++++ > > > examples/ipsec-secgw/sp4.c | 114 +++++++++++++----- > > > examples/ipsec-secgw/sp6.c | 112 ++++++++++++----- > > > lib/librte_ipsec/ipsec_sad.c | 20 ++-- > > > lib/librte_ipsec/rte_ipsec_sad.h | 2 + > > > 13 files changed, 686 insertions(+), 179 deletions(-) create mode > > > 100644 examples/ipsec-secgw/sad.c create mode 100644 > > > examples/ipsec-secgw/sad.h > > > > > > > Series > > Acked-by: Akhil Goyal <akhil.goyal@nxp.com> > > > > Hi Anoob, > > > > Do you have any comments on this set. I do not see degradation on this > > patchset now. > > [Anoob] The perf degradation is negligible on our platform as well. I don't have > any issue with the patch set. > > Series > Acked-by: Anoob Joseph <anoobj@marvell.com> Applied to dpdk-next-crypto Thanks.