Well, you should really look for the discussion about IKE/IPSec this mailing list had before.
I can put it this way: 1. vPP IKEv2/IPSEC is PoC quality, meaning it is far from a carrier grade product 2. No SNMP support, you got to do it by yourself 3. Performance is good though, but still can be further improved. Using DPDK crypto PMD can get doubled performance when it comes to AES-CBC 4. Many bugs. You couldn’t want too much from a PoC 5. It is really not about IKE/IPSEC, you got t understand how vPP works 6. If so, please consider replace IKEv2 in vPP with Strongstwan or something else, but keep IPSEC in vPP Regards, Kingwel From: vpp-dev@lists.fd.io <vpp-dev@lists.fd.io> On Behalf Of tianye@sina Sent: Thursday, September 20, 2018 6:56 PM To: hagb...@gmail.com; vpp-dev@lists.fd.io Subject: FW: 答复: [E] [vpp-dev] Build a telecom-class Security gateway device with VPP Hello Is there someone who know something about this? From: tianye@sina [mailto:tiany...@sina.com] Sent: Wednesday, September 19, 2018 5:03 PM To: 'Ed Warnicke'; 'vpp-dev@lists.fd.io'; 'Kevin Yan' Subject: RE: 答复: [E] [vpp-dev] Build a telecom-class Security gateway device with VPP Hello Dear VPP developers: I am planning to develop a SeGW product with VPP. I have a question for Ipsec within VPP platform. According to 3GPP TS 33.320 V13.0.0 specification, (Annex A.2 Combined Device and HP Authentication Call-flow Example, page 37) -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- 21.The SeGW checks the correctness of the AUTH received from the H(e)NB. The SeGW should send the assigned Remote IP address in the configuration payload (CFG_REPLY), if the H(e)NB requested for H(e)NB’s and/or L-GW’s Remote IP address through the CFG_REQUEST. If the SeGW allocates different remote IP addresses to the L-GW and to the H(e)NB, then the SeGW can include information to differentiate the IP address assigned to the H(e)NB and the L-GW, in order to avoid any misconfiguration.A possible mechanism to inform which IP address is to be used for H(e)NB or L-GW is implementation specific and out of scope of the present document. -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- The red font above is the requirement from 3GPP standard. Can anybody tell me if the Ipsec in VPP support this? If so, which code implemented this? [cid:image001.png@01D451CD.06D00A70][cid:image003.png@01D451CD.06D00A70]
-=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#10593): https://lists.fd.io/g/vpp-dev/message/10593 Mute This Topic: https://lists.fd.io/mt/25840496/21656 Group Owner: vpp-dev+ow...@lists.fd.io Unsubscribe: https://lists.fd.io/g/vpp-dev/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
