> Opened https://jira.fd.io/browse/VPP-1207
Updated with two comments. I do not think I can uncover more with my current way of testing. Should the issue be assigned to somebody else now? Vratko. From: Vratko Polak -X (vrpolak - PANTHEON TECHNOLOGIES at Cisco) Sent: Thursday, 2018-March-22 17:17 To: 'Matthew Smith' <mgsm...@netgate.com> Cc: vpp-dev@lists.fd.io Subject: RE: [vpp-dev] Does IPsec support jumbo frames? > open a JIRA issue for it so that its tracked Opened https://jira.fd.io/browse/VPP-1207 Vratko. From: vpp-dev@lists.fd.io<mailto:vpp-dev@lists.fd.io> <vpp-dev@lists.fd.io<mailto:vpp-dev@lists.fd.io>> On Behalf Of Matthew Smith Sent: Thursday, 2018-March-22 16:45 To: vpp-dev@lists.fd.io<mailto:vpp-dev@lists.fd.io> Cc: vpp-dev@lists.fd.io<mailto:vpp-dev@lists.fd.io> Subject: Re: [vpp-dev] Does IPsec support jumbo frames? Hi Vratko, During encapsulation/encryption, there is not currently a way to check that the buffer will not exceed the MTU of the outbound interface once padding & headers/footers are added. The outbound interface isn’t determined until after the encrypt & encapsulate is completed. If the encapsulated buffer is subsequently found to be too large for the interface it’s being sent out, it will be dropped. This is true when the MTU is 1500 also, its not specific to jumbo frames. I think it’s a known issue and it would probably be considered something that has not yet been implemented rather than a bug. I have no idea whether this is already on anyone’s mind to be addressed in the near future. It would probably he helpful if you open a JIRA issue for it so that its tracked. -Matt On Mar 22, 2018, at 7:46 AM, Vratko Polak -X (vrpolak - PANTHEON TECHNOLOGIES at Cisco) <vrpo...@cisco.com<mailto:vrpo...@cisco.com>> wrote: While adding [0] Maximum Receive Rate tests, we have found that 9000 octet long frames never pass through a VPP setup which uses IPsec. Also, the previously existing crypto performance tests never used 9000B frames (and functional tests only use small ICMP packets), so the zero receive rate is perhaps expected here. But I have not foud any documentation mentioning this (that might be just because I am new to fd.io<http://fd.io/> CSIT project). Is it known that VPP IPsec does not work with jumbo frames, is is this a new bug? Vratko. [0] https://gerrit.fd.io/r/11149 <image001.png> Vratko Polak Engineer - Software vrpo...@cisco.com<mailto:vrpo...@cisco.com> Tel: Cisco Systems, Inc. Slovakia cisco.com<http://cisco.com/> <image002.gif> Think before you print. This email may contain confidential and privileged material for the sole use of the intended recipient. Any review, use, distribution or disclosure by others is strictly prohibited. If you are not the intended recipient (or authorized to receive for the recipient), please contact the sender by reply email and delete all copies of this message. Please click here<http://www.cisco.com/c/en/us/about/legal/terms-sale-software-license-agreement/company-registration-information.html> for Company Registration Information.
