diff options
6 files changed, 197 insertions, 12 deletions
diff --git a/docs/tag_documentation.rst b/docs/tag_documentation.rst index 4a869d6991..581f69ff7d 100644 --- a/docs/tag_documentation.rst +++ b/docs/tag_documentation.rst @@ -812,6 +812,10 @@ Encryption Tags IPSec using crypto sw scheduler engine. +.. topic:: FASTPATH + + IPSec policy mode with spd fast path enabled. + Client-Workload Tags -------------------- diff --git a/resources/libraries/python/VppConfigGenerator.py b/resources/libraries/python/VppConfigGenerator.py index dc1529033b..4fd28ffb8a 100644 --- a/resources/libraries/python/VppConfigGenerator.py +++ b/resources/libraries/python/VppConfigGenerator.py @@ -1,4 +1,4 @@ -# Copyright (c) 2022 Cisco and/or its affiliates. +# Copyright (c) 2023 Cisco and/or its affiliates. # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at: @@ -433,10 +433,14 @@ class VppConfigGenerator: path = [u"ip6", u"heap-size"] self.add_config_item(self._nodeconfig, value, path) - def add_spd_flow_cache_ipv4_outbound(self): - """Add SPD flow cache for IP4 outbound traffic""" + def add_ipsec_spd_flow_cache_ipv4_outbound(self, value): + """Add IPsec spd flow cache for IP4 outbound. + + :param value: "on" to enable spd flow cache. + :type value: str + """ path = [u"ipsec", u"ipv4-outbound-spd-flow-cache"] - self.add_config_item(self._nodeconfig, "on", path) + self.add_config_item(self._nodeconfig, value, path) def add_ipsec_spd_fast_path_ipv4_outbound(self, value): """Add IPsec spd fast path for IP4 outbound. diff --git a/resources/libraries/robot/crypto/ipsec.robot b/resources/libraries/robot/crypto/ipsec.robot index 52a0e5fb66..d03f662994 100644 --- a/resources/libraries/robot/crypto/ipsec.robot +++ b/resources/libraries/robot/crypto/ipsec.robot @@ -1,4 +1,4 @@ -# Copyright (c) 2022 Cisco and/or its affiliates. +# Copyright (c) 2023 Cisco and/or its affiliates. # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at: @@ -249,7 +249,7 @@ | | ... | Enable IPv4 Outbound SPD flow cache in VPP configuration file. | | | | FOR | ${dut} | IN | @{duts} -| | | Run Keyword | ${dut}.Add SPD Flow Cache IPv4 Outbound +| | | Run Keyword | ${dut}.Add IPsec SPD Flow cache IPv4 Outbound | on | | END | Enable IPsec SPD Fast Path IPv4 Outbound @@ -262,6 +262,7 @@ | | [Arguments] | ${value} | | | | FOR | ${dut} | IN | @{duts} +| | | Run Keyword | ${dut}.Add IPsec SPD Flow cache IPv4 Outbound | off | | | Run Keyword | ${dut}.Add IPsec SPD Fast Path IPv4 Outbound | on | | | Run Keyword | ${dut}.Add IPsec SPD Fast Path Num Buckets | ${value} | | END diff --git a/tests/vpp/perf/crypto/10ge2p1x710-ethip4ipsec10000tnlhwasync-ip4base-policy-fastpath-aes256gcm-ndrpdr.robot b/tests/vpp/perf/crypto/10ge2p1x710-ethip4ipsec10000tnlhwasync-ip4base-policy-fastpath-aes256gcm-ndrpdr.robot index c54d0c6597..ac920e187b 100644 --- a/tests/vpp/perf/crypto/10ge2p1x710-ethip4ipsec10000tnlhwasync-ip4base-policy-fastpath-aes256gcm-ndrpdr.robot +++ b/tests/vpp/perf/crypto/10ge2p1x710-ethip4ipsec10000tnlhwasync-ip4base-policy-fastpath-aes256gcm-ndrpdr.robot @@ -1,5 +1,5 @@ -# Copyright (c) 2022 Intel and/or its affiliates. -# Copyright (c) 2022 Cisco and/or its affiliates. +# Copyright (c) 2023 Intel and/or its affiliates. +# Copyright (c) 2023 Cisco and/or its affiliates. # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at: @@ -18,7 +18,7 @@ | | Force Tags | 3_NODE_SINGLE_LINK_TOPO | PERFTEST | HW_ENV | SCALE | NDRPDR | ... | IP4FWD | IPSEC | IPSECHW | ASYNC | IPSECTUN | NIC_Intel-X710 | TNL_10000 -| ... | AES_256_GCM | AES | DRV_VFIO_PCI +| ... | FASTPATH | AES_256_GCM | AES | DRV_VFIO_PCI | ... | RXQ_SIZE_0 | TXQ_SIZE_0 | ... | ethip4ipsec10000tnlhwasync-ip4base-policy-fastpath-aes256gcm | diff --git a/tests/vpp/perf/crypto/10ge2p1x710-ethip4ipsec10000tnlsw-ip4base-policy-fastpath-aes256gcm-ndrpdr.robot b/tests/vpp/perf/crypto/10ge2p1x710-ethip4ipsec10000tnlsw-ip4base-policy-fastpath-aes256gcm-ndrpdr.robot index 5ce90681f7..1b0ce789ed 100644 --- a/tests/vpp/perf/crypto/10ge2p1x710-ethip4ipsec10000tnlsw-ip4base-policy-fastpath-aes256gcm-ndrpdr.robot +++ b/tests/vpp/perf/crypto/10ge2p1x710-ethip4ipsec10000tnlsw-ip4base-policy-fastpath-aes256gcm-ndrpdr.robot @@ -1,5 +1,5 @@ -# Copyright (c) 2022 Intel and/or its affiliates. -# Copyright (c) 2022 Cisco and/or its affiliates. +# Copyright (c) 2023 Intel and/or its affiliates. +# Copyright (c) 2023 Cisco and/or its affiliates. # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at: @@ -17,7 +17,7 @@ | Resource | resources/libraries/robot/crypto/ipsec.robot | | Force Tags | 3_NODE_SINGLE_LINK_TOPO | PERFTEST | HW_ENV | NDRPDR | TNL_10000 -| ... | IP4FWD | IPSEC | IPSECSW | IPSECTUN | NIC_Intel-X710 | SCALE +| ... | IP4FWD | IPSEC | IPSECSW | IPSECTUN | FASTPATH | NIC_Intel-X710 | SCALE | ... | AES_256_GCM | AES | DRV_VFIO_PCI | ... | RXQ_SIZE_0 | TXQ_SIZE_0 | ... | ethip4ipsec10000tnlsw-ip4base-policy-fastpath-aes256gcm diff --git a/tests/vpp/perf/crypto/10ge2p1x710-ethip4ipsec40000tnlsw-ip4base-policy-fastpath-aes256gcm-ndrpdr.robot b/tests/vpp/perf/crypto/10ge2p1x710-ethip4ipsec40000tnlsw-ip4base-policy-fastpath-aes256gcm-ndrpdr.robot new file mode 100644 index 0000000000..07f69e8bfe --- /dev/null +++ b/tests/vpp/perf/crypto/10ge2p1x710-ethip4ipsec40000tnlsw-ip4base-policy-fastpath-aes256gcm-ndrpdr.robot @@ -0,0 +1,176 @@ +# Copyright (c) 2023 Intel and/or its affiliates. +# Copyright (c) 2023 Cisco and/or its affiliates. +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at: +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +*** Settings *** +| Resource | resources/libraries/robot/shared/default.robot +| Resource | resources/libraries/robot/crypto/ipsec.robot +| +| Force Tags | 3_NODE_SINGLE_LINK_TOPO | PERFTEST | HW_ENV | NDRPDR | TNL_40000 +| ... | IP4FWD | IPSEC | IPSECSW | IPSECTUN | FASTPATH | NIC_Intel-X710 | SCALE +| ... | AES_256_GCM | AES | DRV_VFIO_PCI +| ... | RXQ_SIZE_0 | TXQ_SIZE_0 +| ... | ethip4ipsec40000tnlsw-ip4base-policy-fastpath-aes256gcm +| +| Suite Setup | Setup suite topology interfaces | performance +| Suite Teardown | Tear down suite | performance +| Test Setup | Setup test | performance +| Test Teardown | Tear down test | performance | ipsec_all +| +| Test Template | Local Template +| +| Documentation | **IPv4 IPsec tunnel mode performance test suite.** +| ... | +| ... | - **[Top] Network Topologies:** TG-DUT1-DUT2-TG 3-node circular \ +| ... | topology with single links between nodes. +| ... | +| ... | - **[Enc] Packet Encapsulations:** Eth-IPv4 on TG-DUTn, \ +| ... | Eth-IPv4-IPSec on DUT1-DUT2. +| ... | +| ... | - **[Cfg] DUT configuration:** DUT1 and DUT2 are configured with \ +| ... | multiple IPsec tunnels between them. DUTs get IPv4 traffic from TG, \ +| ... | encrypt it and send to another DUT, where packets are decrypted and \ +| ... | sent back to TG. +| ... | +| ... | - **[Ver] TG verification:** TG finds and reports throughput NDR (Non \ +| ... | Drop Rate) with zero packet loss tolerance and throughput PDR \ +| ... | (Partial Drop Rate) with non-zero packet loss tolerance (LT) \ +| ... | expressed in percentage of packets transmitted. NDR and PDR are \ +| ... | discovered for different Ethernet L2 frame sizes using MLRsearch \ +| ... | library. +| ... | Test packets are generated by TG on \ +| ... | links to DUTs. TG traffic profile contains two L3 flow-groups \ +| ... | (flow-group per direction, number of flows per flow-group equals to \ +| ... | number of IPSec tunnels) with all packets \ +| ... | containing Ethernet header, IPv4 header with IP protocol=61 and \ +| ... | static payload. MAC addresses are matching MAC addresses of the TG \ +| ... | node interfaces. Incrementing of IP.dst (IPv4 destination address) \ +| ... | is applied to both streams. +| ... | +| ... | - **[Ref] Applicable standard specifications:** RFC4303 and RFC2544. + +*** Variables *** +| @{plugins_to_enable}= | dpdk_plugin.so | perfmon_plugin.so +| ... | crypto_native_plugin.so +| ... | crypto_ipsecmb_plugin.so | crypto_openssl_plugin.so +| ${crypto_type}= | ${None} +| ${nic_name}= | Intel-X710 +| ${nic_driver}= | vfio-pci +| ${nic_rxq_size}= | 0 +| ${nic_txq_size}= | 0 +| ${nic_pfs}= | 2 +| ${nic_vfs}= | 0 +| ${osi_layer}= | L3 +| ${overhead}= | ${54} +| ${tg_if1_ip4}= | 192.168.10.254 +| ${dut1_if1_ip4}= | 192.168.10.11 +| ${dut1_if2_ip4}= | 100.0.0.1 +| ${dut2_if1_ip4}= | 200.0.0.102 +| ${dut2_if2_ip4}= | 192.168.20.11 +| ${tg_if2_ip4}= | 192.168.20.254 +| ${raddr_ip4}= | 20.0.0.0 +| ${laddr_ip4}= | 10.0.0.0 +| ${addr_range}= | ${24} +| ${n_tunnels}= | ${40000} +# Main heap size multiplicator +| ${heap_size_mult}= | ${4} +# Traffic profile: +| ${traffic_profile}= | trex-stl-3n-ethip4-ip4dst${n_tunnels} + +*** Keywords *** +| Local Template +| | [Documentation] +| | ... | - **[Cfg]** DUT runs IPSec tunneling AES_256_GCM config. \ +| | ... | Each DUT uses ${phy_cores} physical core(s) for worker threads. +| | ... | - **[Ver]** Measure NDR and PDR values using MLRsearch algorithm. +| | +| | ... | *Arguments:* +| | ... | - frame_size - Framesize in Bytes in integer or string (IMIX_v4_1). +| | ... | Type: integer, string +| | ... | - phy_cores - Number of physical cores. Type: integer +| | ... | - search_type - NDR or PDR. Type: string +| | ... | - rxq - Number of RX queues, default value: ${None}. Type: integer +| | ... | - min_rate - Min rate for binary search, default value: ${50000}. +| | ... | Type: integer +| | +| | [Arguments] | ${frame_size} | ${phy_cores} | ${rxq}=${None} +| | +| | Set Test Variable | \${frame_size} +| | +| | # These are enums (not strings) so they cannot be in Variables table. +| | ${encr_alg}= | Crypto Alg AES GCM 256 +| | ${auth_alg}= | Set Variable | ${NONE} +| | ${ipsec_proto}= | IPsec Proto ESP +| | +| | Given Set Max Rate And Jumbo +| | And Add worker threads to all DUTs | ${phy_cores} | ${rxq} +| | And Pre-initialize layer driver | ${nic_driver} +| | And Enable IPsec SPD Fast Path IPv4 Outbound | ${${n_tunnels}*10} +| | And Apply startup configuration on all VPP DUTs +| | When Initialize layer driver | ${nic_driver} +| | And Initialize layer interface +| | And Initialize IPSec in 3-node circular topology +| | And VPP IPsec Add Multiple Tunnels +| | ... | ${nodes} | ${DUT1_${int}2}[0] | ${DUT2_${int}1}[0] | ${n_tunnels} +| | ... | ${encr_alg} | ${auth_alg} | ${dut1_if2_ip4} | ${dut2_if1_ip4} +| | ... | ${laddr_ip4} | ${raddr_ip4} | ${addr_range} +| | Then Find NDR and PDR intervals using optimized search + +*** Test Cases *** +| 64B-1c-ethip4ipsec40000tnlsw-ip4base-policy-fastpath-aes256gcm-ndrpdr +| | [Tags] | 64B | 1C +| | frame_size=${64} | phy_cores=${1} + +| 64B-2c-ethip4ipsec40000tnlsw-ip4base-policy-fastpath-aes256gcm-ndrpdr +| | [Tags] | 64B | 2C +| | frame_size=${64} | phy_cores=${2} + +| 64B-4c-ethip4ipsec40000tnlsw-ip4base-policy-fastpath-aes256gcm-ndrpdr +| | [Tags] | 64B | 4C +| | frame_size=${64} | phy_cores=${4} + +| 1518B-1c-ethip4ipsec40000tnlsw-ip4base-policy-fastpath-aes256gcm-ndrpdr +| | [Tags] | 1518B | 1C +| | frame_size=${1518} | phy_cores=${1} + +| 1518B-2c-ethip4ipsec40000tnlsw-ip4base-policy-fastpath-aes256gcm-ndrpdr +| | [Tags] | 1518B | 2C +| | frame_size=${1518} | phy_cores=${2} + +| 1518B-4c-ethip4ipsec40000tnlsw-ip4base-policy-fastpath-aes256gcm-ndrpdr +| | [Tags] | 1518B | 4C +| | frame_size=${1518} | phy_cores=${4} + +| 9000B-1c-ethip4ipsec40000tnlsw-ip4base-policy-fastpath-aes256gcm-ndrpdr +| | [Tags] | 9000B | 1C +| | frame_size=${9000} | phy_cores=${1} + +| 9000B-2c-ethip4ipsec40000tnlsw-ip4base-policy-fastpath-aes256gcm-ndrpdr +| | [Tags] | 9000B | 2C +| | frame_size=${9000} | phy_cores=${2} + +| 9000B-4c-ethip4ipsec40000tnlsw-ip4base-policy-fastpath-aes256gcm-ndrpdr +| | [Tags] | 9000B | 4C +| | frame_size=${9000} | phy_cores=${4} + +| IMIX-1c-ethip4ipsec40000tnlsw-ip4base-policy-fastpath-aes256gcm-ndrpdr +| | [Tags] | IMIX | 1C +| | frame_size=IMIX_v4_1 | phy_cores=${1} + +| IMIX-2c-ethip4ipsec40000tnlsw-ip4base-policy-fastpath-aes256gcm-ndrpdr +| | [Tags] | IMIX | 2C +| | frame_size=IMIX_v4_1 | phy_cores=${2} + +| IMIX-4c-ethip4ipsec40000tnlsw-ip4base-policy-fastpath-aes256gcm-ndrpdr +| | [Tags] | IMIX | 4C +| | frame_size=IMIX_v4_1 | phy_cores=${4} |