Hi Mukesh,
I am by no means an expert on the matter but after talking to some folks
my understanding is that it is a common feature (uRPF).
This issue has nothing to do with IPsec though, I am pretty sure you
could reproduce the issue with other tunnels too.
Note that uRPF would apply to pack
HI Sergio,
Thanks with changes as below, IPSec worked in tunnel mode as well.
Is this restriction right?
i.e dropping packet in Rx processing if there is no route for Source IP.
In normal linux machine we simply process the packet and in TX we 1st Make a
packet and then route matter when we do f
Hi Mukesh,
I think the problem is that we do not have fib entry for 1.1.1.1 network.
I guess there are different ways to fix the issue, I did the following
(already updated interface name to match your config):
set ip arp GigabitEthernet0/8/0 2.2.2.254 be:ef:00:00:00:02
ip route add 1.1.1.0/2
Hi Sergio,
Just to inform this issue is seen in tunnel mode on VPP core as well.
That means issue is seen only on tunnel mode both with DPDK and w/o DPDK.
Thanks
Mukesh
On 07/09/17, 2:35 PM, "Mukesh Yadav (mukyadav)" wrote:
HI,
I haven’t tested tunnel mode w/o DPDK.
With trans
HI,
I haven’t tested tunnel mode w/o DPDK.
With transport mode, I see it works fine both with VPP core and DPDK and
follows path post decryption
dpdk-esp-decrypt -> dpdk-esp-decrypt-post ->ip4-input-> ip4-lookup-> ip4-local
and further follow icmp path.
I see this problem only with tunnel mode
Hi Mukesh,
On 07/09/2017 08:48, Mukesh Yadav (mukyadav) wrote:
HI Sergio,
As I mentioned that transport mode is working now.
Next I tried tunnel mode.
Here I can see successfully packet decryption. But later inner packet gets
dropped.
Outer IPSec packet is like 172.28.128.4 -> 172.28.128
HI Sergio,
As I mentioned that transport mode is working now.
Next I tried tunnel mode.
Here I can see successfully packet decryption. But later inner packet gets
dropped.
Outer IPSec packet is like 172.28.128.4 -> 172.28.128.5
Inner packet is 1.1.1.1 -> 2.2.2.2
I have added 2.2.2.2 on same in
HI Sergio,
As I mentioned that transport mode is working now.
Next I tried tunnel mode.
Here I can see successfully packet decryption. But later inner packet gets
dropped.
Outer IPSec packet is like 172.28.128.4 -> 172.28.128.5
Inner packet is 1.1.1.1 -> 2.2.2.2
I have added 2.2.2.2 on same int
Thanks Sergio,
DPDK based IPsec basic tunnel worked with multi-core config.
cpu {
main-core 0
corelist-workers 1
#skip-cores 4
workers 1
}
Now since DPDK basic IPSec is working. I will try to dig in more in detail.
One query I posted in early threads, possibly got
There are a few different ways to set cores/workers, best explained in
the following link:
https://wiki.fd.io/view/VPP/Using_VPP_In_A_Multi-thread_Model
Thanks,
Sergio
On 05/09/2017 15:10, Mukesh Yadav (mukyadav) wrote:
Thanks Sergio,
I will for sure try latest clone with a fix.
Besides w
Thanks Sergio,
I will for sure try latest clone with a fix.
Besides what is configuration to test same with worker core.
Will be helpful for me in future..
Thanks
Mukesh
On 05/09/17, 6:22 PM, "Sergio Gonzalez Monroy"
wrote:
Hi Mukesh,
I was able to find the bug. It was not direct
Hi Mukesh,
I was able to find the bug. It was not directly related to transport
mode but to the setup when using single core (master core) without
workers ( https://gerrit.fd.io/r/8302 ).
You can either apply the change or setup VPP to use workers (at the
moment you are running with single c
On 04/09/2017 17:07, Mukesh Yadav (mukyadav) wrote:
HI Sergio,
I see new document as updated in latest clone is as below:
dpdk {
dev :81:00.0
dev :81:00.1
dev :85:01.0
dev :85:01.1
vdev crypto_aesni_mb0,socket_id=1
vdev crypto_aesni_mb1,socket_id=1
HI Sergio,
I see new document as updated in latest clone is as below:
dpdk {
dev :81:00.0
dev :81:00.1
dev :85:01.0
dev :85:01.1
vdev crypto_aesni_mb0,socket_id=1
vdev crypto_aesni_mb1,socket_id=1
}
I think it shall be “vdev crypto_aesni_mb0” instead as you
HI Sergio,
Do I have to fetch fresh clone using
git clone https://gerrit.fd.io/r/vpp
or take some explicit release?
Which document page shall I refer,
https://docs.fd.io/vpp/17.10/dpdk_crypto_ipsec_doc.html
or some other
Thanks
Mukesh
___
FYI I updated the doc, hopefully everything is correct and up to date now.
https://gerrit.fd.io/r/#/c/8273/
Thanks,
Sergio
On 31/08/2017 10:00, Sergio Gonzalez Monroy wrote:
On 31/08/2017 09:37, Mukesh Yadav (mukyadav) wrote:
Thanks a lot Sergio for lot of patience and help,
No problem at
On 31/08/2017 09:37, Mukesh Yadav (mukyadav) wrote:
Thanks a lot Sergio for lot of patience and help,
No problem at all. I said before, it is great that someone else goes
through the docs/wiki to double check everything is working as described.
With you latest comments, I can see dpdk IPS
Thanks a lot Sergio for lot of patience and help,
With you latest comments, I can see dpdk IPSec is happening.
There are some issues, I am getting where post decryption ip4-input is not
called.
As such I have kept config of IPSec same as was when working with VPP core
IPSec.
I need to dig furth
t;
> sudo service vpp start
>
> Thanks
>
> Mukesh
>
> *From: *Sergio Gonzalez Monroy
> *Date: *Wednesday, 30 August 2017 at 4:18 PM
> *To: *Mukesh Yadav , "vpp-dev@lists.fd.io"
>
> *Subject: *Re: [vpp-d
something.
>
> Can you point me out any working wiki or document for making IPSec
> work along DPDK in VPP.
>
> Thanks
>
> Mukesh
>
> *From: *Sergio Gonzalez Monroy
> <mailto:sergio.gonzalez.mon...@intel.co
om: *Sergio Gonzalez Monroy
*Date: *Wednesday, 30 August 2017 at 4:18 PM
*To: *Mukesh Yadav , "vpp-dev@lists.fd.io"
*Subject: *Re: [vpp-dev] Query for IPSec support on VPP
Which VPP are you using?
If you are using/installing VPP package (rpm/deb), then it is likely
that you do not have
August 2017 at 4:18 PM
To: Mukesh Yadav , "vpp-dev@lists.fd.io"
Subject: Re: [vpp-dev] Query for IPSec support on VPP
Which VPP are you using?
If you are using/installing VPP package (rpm/deb), then it is likely that you
do not have DPDK SW crypto support.
As a summary, if you wa
me out any working wiki or document for making IPSec
work along DPDK in VPP.
Thanks
Mukesh
*From: *Sergio Gonzalez Monroy
*Date: *Wednesday, 30 August 2017 at 2:06 PM
*To: *Mukesh Yadav , "vpp-dev@lists.fd.io"
*Subject: *Re: [vpp-dev] Query for IPSec support on VPP
Just for ref
config is missing something.
Can you point me out any working wiki or document for making IPSec work along
DPDK in VPP.
Thanks
Mukesh
From: Sergio Gonzalez Monroy
Date: Wednesday, 30 August 2017 at 2:06 PM
To: Mukesh Yadav , "vpp-dev@lists.fd.io"
Subject: Re: [vpp-dev] Query for IPSec
Just for reference and clarity, there is no wiki entry for the DPDK
crypto, only documentation page.
The wiki page is for general VPP/IPSec/IKEv2.
Thanks,
Sergio
On 30/08/2017 09:19, Sergio Gonzalez Monroy wrote:
On 29/08/2017 18:25, Mukesh Yadav (mukyadav) wrote:
Thanks Sergio for quick hel
On 29/08/2017 18:25, Mukesh Yadav (mukyadav) wrote:
Thanks Sergio for quick help. Pointers cleared few of basic doubts.
You are flushing out few left overs from previous releases, so thank you.
I will use below wiki to proceed.
https://docs.fd.io/vpp/17.10/dpdk_crypto_ipsec_doc.html
Since
Thanks Sergio for quick help. Pointers cleared few of basic doubts.
I will use below wiki to proceed.
https://docs.fd.io/vpp/17.10/dpdk_crypto_ipsec_doc.html
Since vpp version is 17.10
I added below in /vpp/src/vpp/conf/startup.conf
dpdk {
socket-mem 1024,1024
num-mbufs 131072
Hi Mukesh,
On 28/08/2017 17:19, Mukesh Yadav (mukyadav) wrote:
Hi,
I have recently started working on VPP IPSec. My knowledge for same is
limited to IPSEC.
I have few queries w.r.t to broader support of IPSec in VPP. Would
appreciate any pointers/help for same.
As per wiki below, I have
Hi,
I have recently started working on VPP IPSec. My knowledge for same is limited
to IPSEC.
I have few queries w.r.t to broader support of IPSec in VPP. Would appreciate
any pointers/help for same.
As per wiki below, I have installed IPSec and it worked well for
aes-cbc-128/sha1
https:
29 matches
Mail list logo
