Hi Neale/Benoit, Let me know if a similar problem was reported in vnet/ipsec.
I am not having any clue on this. Your help is much appreciated. Regards. On Fri, 1 Apr 2022, 17:39 Vijay Kumar via lists.fd.io, <vjkumar2003= gmail....@lists.fd.io> wrote: > Hi Neale/Benoit, > > In my product, we don't use the ikev2 plugin of vpp. We use another > vendor's IKE stack (we just disabled the ikev2 vpp plugin register) which > will do the signalling and install keys to the vpp ipsec (our application > uses the ipsec_sa_add_and_lock() API to program the keys. > > We are using VPP 21.06. > > I am running continuous data. While I am seeing something like this: - > > There are no packet losses in the initial few rekeys. I see some packet > loss after some 9-10 IPSEC rekeys. The packet loss is due to the failure > counter "Integrity Check Failure", but it recovers when the next rekey > happens and the traffic continues to pass successfully. > I had kept the IPSEC rekey time as 250s, so around 45min (approx 10 rekeys > were already completed) I saw this issue. Looks like the packets are fully > dropped for 250s till the next rekey happens which is when the recovery > will happen and traffic is restored. > > I performed the same test cases 2 more times and saw the same issue. This > time I cannot recollect if it was around 9/10 rekey but definitely not in > the first 4-5 rekeys. > > I am not sure if the issue is in VPP vne/ipsec or in my IKE stack that is > generating the keys and programming vnet/ipsec. > > Is it possible to run rekey with traffic for a longish time and let me > know if VPP 21.06 is not having any issue. I know the request is tough but > if you know of any such issue, is it good to take vnet/ipsec of 22.02? > > > Sorry for the big description > > > Regards, > Vijay > > > >
-=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#21188): https://lists.fd.io/g/vpp-dev/message/21188 Mute This Topic: https://lists.fd.io/mt/90176090/21656 Group Owner: vpp-dev+ow...@lists.fd.io Unsubscribe: https://lists.fd.io/g/vpp-dev/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
