diff options
author | Maciek Konstantynowicz <mkonstan@cisco.com> | 2020-10-05 14:06:18 +0100 |
---|---|---|
committer | Tibor Frank <tifrank@cisco.com> | 2020-10-14 09:52:45 +0000 |
commit | ef9bab0a1b87871a8365e766a19971f0ec0b7ed8 (patch) | |
tree | 06b52d2bbbc841762f032429af19b6396e6c7018 /docs/report/introduction/methodology_ipsec.rst | |
parent | f8f509571e8cc3fc8596f39ddd5118b4f2d85374 (diff) |
report: updates to methodology section including nat44, acl, ipsec
Change-Id: I13464728d903cba14feedd3cfb78226d50f3d4a1
Signed-off-by: Maciek Konstantynowicz <mkonstan@cisco.com>
Diffstat (limited to 'docs/report/introduction/methodology_ipsec.rst')
-rw-r--r-- | docs/report/introduction/methodology_ipsec.rst | 52 |
1 files changed, 52 insertions, 0 deletions
diff --git a/docs/report/introduction/methodology_ipsec.rst b/docs/report/introduction/methodology_ipsec.rst new file mode 100644 index 0000000000..ee0572ffc5 --- /dev/null +++ b/docs/report/introduction/methodology_ipsec.rst @@ -0,0 +1,52 @@ +Internet Protocol Security (IPsec) +---------------------------------- + +VPP IPsec performance tests are executed for the following crypto +plugins: + +- `crypto_native`, used for software based crypto leveraging CPU + platform optimizations e.g. Intel's AES-NI instruction set. +- `crypto_ipsecmb`, used for hardware based crypto with Intel QAT PCIe + cards. + +IPsec with VPP Native SW Crypto +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +Currently |csit-release| implements following IPsec test cases relying +on VPP native crypto (`crypto_native` plugin): + ++-------------------+------------------+----------------+------------------+ +| VPP Crypto Engine | ESP Encryption | ESP Integrity | Scale Tested | ++===================+===================+===============+==================+ +| crypto_native | AES[128|256]-GCM | GCM | 1 to 60k tunnels | ++-------------------+------------------+----------------+------------------+ +| crypto_native | AES128-CBC | SHA[256|512] | 1 to 60k tunnels | ++-------------------+------------------+----------------+------------------+ + +VPP IPsec with SW crypto are executed in both tunnel and policy modes, +with tests running on 3-node testbeds: 3n-hsw and 3n-skx. + +IPsec with Intel QAT HW +^^^^^^^^^^^^^^^^^^^^^^^ + +Currently |csit-release| implements following IPsec test cases relying +on ipsecmb library (`crypto_ipsecmb` plugin) and Intel QAT 8950 (50G HW +crypto card): + +dpdk_cryptodev + ++-------------------+---------------------+------------------+----------------+------------------+ +| VPP Crypto Engine | VPP Crypto Workers | ESP Encryption | ESP Integrity | Scale Tested | ++===================+=====================+==================+================+==================+ +| crypto_ipsecmb | sync/all workers | AES[128|256]-GCM | GCM | 1, 1k tunnels | ++-------------------+---------------------+------------------+----------------+------------------+ +| crypto_ipsecmb | sync/all workers | AES[128]-CBC | SHA[256|512] | 1, 1k tunnels | ++-------------------+---------------------+------------------+----------------+------------------+ +| crypto_ipsecmb | async/crypto worker | AES[128|256]-GCM | GCM | 1, 4, 1k tunnels | ++-------------------+---------------------+------------------+----------------+------------------+ +| crypto_ipsecmb | async/crypto worker | AES[128]-CBC | SHA[256|512] | 1, 4, 1k tunnels | ++-------------------+---------------------+------------------+----------------+------------------+ + +VPP IPsec with HW crypto are executed in both tunnel and policy modes, +with tests running on 3-node Haswell testbeds (3n-hsw), as these are the +only testbeds equipped with Intel QAT cards. |