A recent code review comment mentioned that src/plugins/dpdk/ipsec would be
deprecated soon.
IMO this should not happen until at least equal functionality has been put in
place to replace it (and maybe not even then -- see my point at the end).
I could be missing something, but here are the major limitations I see with the
native crypto engine:
- No support for buffer chains.
- Lack of support seemingly a *lot* of crypto offload hardware
(https://doc.dpdk.org/guides/cryptodevs/index.html)
At my company we use both buffer chaining as well as Marvell mvsam offload HW,
and have plans to utilize other offload HW from the above link. We also use the
Intel crypto_aesni_gcm (not crypto_aesni_mb) driver as well.
New 100G Bluefield hardware apparently has support for HW crypto offload, which
we certainly would want to use.
Even if VPP eventually adds support for the existing HW offload, will it also
be adding it as quickly as it gets added to dpdk? We like VPP, but part of that
is that VPP leverages the work that is also being done in DPDK.
One way around this might be to have a dpdk crypto engine that interfaced the
newer native crypto-engine path to the existing dpdk offload drivers; however,
I do not believe that code is there currently, perhaps I'm mistaken.
Thanks,
Chris.
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#14505): https://lists.fd.io/g/vpp-dev/message/14505
Mute This Topic: https://lists.fd.io/mt/42104088/21656
Group Owner: vpp-dev+ow...@lists.fd.io
Unsubscribe: https://lists.fd.io/g/vpp-dev/unsub [arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-
