Hi,
I have recently started working on VPP IPSec. My knowledge for same is limited to IPSEC. I have few queries w.r.t to broader support of IPSec in VPP. Would appreciate any pointers/help for same. As per wiki below, I have installed IPSec and it worked well for aes-cbc-128/sha1 https://wiki.fd.io/view/VPP/IPSec_and_IKEv2 I see source of VPP and found that VPP core code only supports AES_CBC/SHA1. Quick google pointed me few links where VPP used DPDK for IPSEC. Wanted to know what all Enc/hmac algorithm are supported by VPP->DPDK For same, I followed below https://docs.fd.io/vpp/17.04/dpdk_crypto_ipsec_doc.html and compiled vpp using “make vpp_uses_dpdk_cryptodev_sw=yes build-release” I see dpdk crypto files in dir src/plugins/dpdk/ipsec. Here it looks that only aes-gcm-128 is supported. Not sure whether this is what I shall be looking for Dpdk supported IPSec. With above steps: When I am trying to configure aes-gcm-128, I get error vpp# ipsec sa add 10 spi 1001 esp crypto-alg aes-gcm-128 crypto-key 4a506a794f574265564551694d653768 ipsec sa: unsupported aes-gcm-128 crypto-alg IPSec support via VPP core and Dpdk is as follows it seems: 1. Aes-cbc is supported in VPP core 2. Aes-gcm is supported in VPP via DPDK. Is there any plan/way to include other algorithms like DES_CBC/MD5/AES_XCBC? System Details: vpp# show vers vpp v17.10-rc0~103-g42e6b09 built by vagrant on localhost at Sun Aug 27 22:06:20 PDT 2017 vpp# show dpdk vers DPDK Version: DPDK 17.05.0 DPDK EAL init args: -c 1 -n 4 --huge-dir /run/vpp/hugepages --file-prefix vpp -b 0000:00:03.0 -b 0000:00:09.0 --master-lcore 0 --socket-mem 256 Thanks Mukesh
_______________________________________________ vpp-dev mailing list vpp-dev@lists.fd.io https://lists.fd.io/mailman/listinfo/vpp-dev
