On 01/02/2016 11:26, Jerin Jacob wrote: > On Mon, Feb 01, 2016 at 11:09:16AM +0000, Sergio Gonzalez Monroy wrote: >> On 31/01/2016 14:39, Jerin Jacob wrote: >>> On Fri, Jan 29, 2016 at 08:29:12PM +0000, Sergio Gonzalez Monroy wrote: >>>
>>> IMO, an option for single SA based outbound processing would be useful >>> measuring performance bottlenecks with SA lookup. >>> >> Hi Jerin, >> >> Are you suggesting to have an option so we basically encrypt all traffic >> using >> a single SA bypassing the SP/ACL ? > Yes. Basicaly an option to bypass "rte_acl_classify" if its for single > SA use case. > > Hi Jerin, After re-reading your comment regarding the single SA I just want to double check that I understood correctly what you were suggesting. Basically an option that we can provide a single SA to use for outbound, skipping rte_acl_classify in outbound path. That same option would also skip rte_acl_classify in inbound path without checking that we accept specific traffic for an SA. Is that correct? Sergio
