Hi all,
I am using fdio vpp stack 20.05 and am using the vnet/ipsec that is
programmed by non-vpp IKEv2 stack. I observe that in the data-path always
"esp4-decrypt-tun" is hit for inbound packets while "esp-encrypt-tun" is
hit for all outbound packets.
I think these two graph nodes are hit becaus
Hi Andrew,
The tests updated as part of this patch[1] are related to the IPSec outbound
side "flow cache" i.e. test/test_ipsec_spd_flow_cache.py (see commit[2]). This
is really testing the behaviour of the flow cache, rather than this drop by
default behaviour described here. These tests just h
Zach, Neale,
Just a thought from the “make test” PoV:
If understand this email thread well, this change adds a behavior, relying on
which can create security implications in case this new behavior gets broken -
so you think you could add a few negative tests as well ? (I.e. that the
packets i
Hi Neale,
Please see https://gerrit.fd.io/r/c/vpp/+/34252 for the patch for this. Would
appreciate a review when you get the chance so Juraj can start adding the CSIT
tests required for the inbound side IPSec flow cache (
https://gerrit.fd.io/r/c/vpp/+/32903 ).
Best,
Zach
-=-=-=-=-=-=-=-=-=-
