Re: [vpp-dev] ipsec interface revisted.

2020-07-10 Thread Christian Hopps
; To: "Neale Ranns (nranns)" > Cc: Christian Hopps , vpp-dev > Subject: Re: [vpp-dev] ipsec interface revisted. > > > > >> On Jun 26, 2020, at 4:22 AM, Neale Ranns (nranns) wrote: >> >> Hi Chris, >> >> As far as I'm concerned, i

Re: [vpp-dev] ipsec interface revisted.

2020-07-06 Thread Neale Ranns via lists.fd.io
From: Christian Hopps Date: Friday 26 June 2020 at 12:13 To: "Neale Ranns (nranns)" Cc: Christian Hopps , vpp-dev Subject: Re: [vpp-dev] ipsec interface revisted. On Jun 26, 2020, at 4:22 AM, Neale Ranns (nranns) mailto:nra...@cisco.com>> wrote: Hi Chris, As far as I&#

Re: [vpp-dev] ipsec interface revisted.

2020-06-26 Thread Christian Hopps
> On Jun 26, 2020, at 4:22 AM, Neale Ranns (nranns) wrote: > > Hi Chris, > > As far as I'm concerned, it's your plugin, you can add whatever functionality > you need. If you separate the new interface type out into another plugin, so > it can be used without your feature, then the community

Re: [vpp-dev] ipsec interface revisted.

2020-06-26 Thread Neale Ranns via lists.fd.io
Hi Chris, As far as I'm concerned, it's your plugin, you can add whatever functionality you need. If you separate the new interface type out into another plugin, so it can be used without your feature, then the community will benefit twice. Let's just make sure we document the whys and hows of

Re: [vpp-dev] ipsec interface revisted.

2020-06-23 Thread Christian Hopps
Hi Neale, It's maybe worth pointing this out: using policy based IPsec continues to work fine for me. What I had and lost is route based IPsec, i.e., a destination interface that directs traffic to an SA *without trying to "partially-implement" the tunnel mode SA functionality*. The new code i

Re: [vpp-dev] ipsec interface revisted.

2020-06-23 Thread Neale Ranns via lists.fd.io
Hi Chris, On 22/06/2020 13:09, "Christian Hopps" wrote: > > - It operates directly with the IPsec tunnel mode and transport mode SAs without needing to mangle the internal definition of SA tunnel into transport mode. Do you have any comments on this point? This is what I was t

Re: [vpp-dev] ipsec interface revisted.

2020-06-22 Thread Christian Hopps
> On Jun 22, 2020, at 4:11 AM, Neale Ranns via lists.fd.io > wrote: > > > > From: on behalf of Christian Hopps > Date: Thursday 18 June 2020 at 18:20 > To: vpp-dev > Cc: Christian Hopps > Subject: [vpp-dev] ipsec interface revisted. > > Hi, > >

Re: [vpp-dev] ipsec interface revisted.

2020-06-22 Thread Neale Ranns via lists.fd.io
From: on behalf of Christian Hopps Date: Thursday 18 June 2020 at 18:20 To: vpp-dev Cc: Christian Hopps Subject: [vpp-dev] ipsec interface revisted. Hi, So to revisit this topic from a different angle. I believe VPP needs something like the xfrm linux interface [1]. If I understand things

[vpp-dev] ipsec interface revisted.

2020-06-18 Thread Christian Hopps
Hi, So to revisit this topic from a different angle. I believe VPP needs something like the xfrm linux interface [1]. If I understand things correctly this actually provides what was useful (but more-so) with old ipsec interface functionality that has been lost. It is also a much cleaner/more p