-- Damjan > On 2 Jul 2018, at 11:14, Kingwel Xie <kingwel....@ericsson.com> wrote: > > Hi Vamsi, Damjan, > > I’d like to contribute my two cents about IPSEC. We have been working on the > improvement for quite some time. > > Great that vPP supports IPSEC, but the code is mainly for PoC. It lacks of > many features: buffer chain, AES-GCM/AES-CTR, UDP encap (seems already there > in master track?) many hardcode, broken packet trace, SEQ handling, etc. > Performance is not good, because of wrongly usage of openssl, buffer copying.
Buffer copying is needed, otherwise you have problem with cloned buffers. I.e. you still want original packet to be SPANed.... > We can see 100% up after fixing all these issues. > DPDK Ipsec has better performance but the quality of code is not good, many > bugs. > > If you are looking for a production IPSEC, vpp is a good start but you still > have a lot things to do. Contributions are welcome :)
-=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#9760): https://lists.fd.io/g/vpp-dev/message/9760 Mute This Topic: https://lists.fd.io/mt/22720913/21656 Group Owner: vpp-dev+ow...@lists.fd.io Unsubscribe: https://lists.fd.io/g/vpp-dev/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
