Re: [dpdk-dev] [PATCH v4 0/5] integrate librte_ipsec SAD into ipsec-secgw

Fri, 17 Jan 2020 09:06:13 -0800 

Hi Akhil,
Indeed with our tests we also seeing ~15% perf drop for small packets (~90B) and ~3-4% drop for 1KB packets. While I am looking on a ways to minimize the drop, I think it would be hard, if possible at all to eliminate it completely. Reason for that: current SAD implementation is completely synthetic (using plain array structure indexed by SPI value). That provides a very low overhead, but doesn't provide expected functionality and can't be used in proper implementation. To measure plain IPsec performance without SAD user can still use '--signle-sa' option. 

On 15/01/2020 15:45, Akhil Goyal wrote:

Hi Vladimir,

There is more than 10% drop with this patchset on NXP hardware with both legacy 
mode and the ipsec lib mode. This would need some debugging.
Didn't you see any drop on intel?

Regards,
Akhil


-----Original Message-----
From: Vladimir Medvedkin <vladimir.medved...@intel.com>
Sent: Tuesday, January 14, 2020 7:57 PM
To: dev@dpdk.org
Cc: konstantin.anan...@intel.com; Akhil Goyal <akhil.go...@nxp.com>
Subject: [PATCH v4 0/5] integrate librte_ipsec SAD into ipsec-secgw

This series integrates SA database (SAD) capabilities from ipsec library.
The goal is to make ipsec-secgw RFC compliant regarding inbound SAD.
Also patch series removes hardcoded limitation for maximum number of SA's
and SP's.

v4:
  - put tunnel SA's into SAD with SPI_ONLY type for performance reason

v3:
  - parse SA and SP into sorted array instead of linked list

v2:
  - get rid of maximum sp limitation

Vladimir Medvedkin (5):
   ipsec: move ipsec sad name length into .h
   examples/ipsec-secgw: implement inbound SAD
   examples/ipsec-secgw: integrate inbound SAD
   examples/ipsec-secgw: get rid of maximum sa limitation
   examples/ipsec-secgw: get rid of maximum sp limitation

  examples/ipsec-secgw/Makefile      |   1 +
  examples/ipsec-secgw/ipsec-secgw.c |   4 +-
  examples/ipsec-secgw/ipsec.h       |  11 +-
  examples/ipsec-secgw/meson.build   |   2 +-
  examples/ipsec-secgw/parser.c      |   4 +
  examples/ipsec-secgw/parser.h      |   9 ++
  examples/ipsec-secgw/sa.c          | 256 +++++++++++++++++++++++--------------
  examples/ipsec-secgw/sad.c         |  90 +++++++++++++
  examples/ipsec-secgw/sad.h         |  74 +++++++++++
  examples/ipsec-secgw/sp4.c         | 114 ++++++++++++-----
  examples/ipsec-secgw/sp6.c         | 112 +++++++++++-----
  lib/librte_ipsec/ipsec_sad.c       |  20 +--
  lib/librte_ipsec/rte_ipsec_sad.h   |   2 +
  13 files changed, 528 insertions(+), 171 deletions(-)
  create mode 100644 examples/ipsec-secgw/sad.c
  create mode 100644 examples/ipsec-secgw/sad.h

--
2.7.4


--
Regards,
Vladimir
























					Reply via email to