Age | Commit message (Collapse) | Author | Files | Lines |
|
This will greatly improve the performance of IPsec policy cases
Signed-off-by: xinfeng zhao <xinfengx.zhao@intel.com>
Signed-off-by: Yulong Pei <yulong.pei@intel.com>
Change-Id: Ib42b5650791be7fcc8649873eaf12616aeba5aec
|
|
In order to compare performance number with existed routing based ipip
interface mode 40k tunnels ipsec test.
Signed-off-by: xinfeng zhao <xinfengx.zhao@intel.com>
Signed-off-by: Yulong Pei <yulong.pei@intel.com>
Change-Id: I94816a8c18f08b539114d6ca9d4e1218a2b6ea5f
|
|
Also add 10k tunnels IPSec policy mode test with spd fast path enabled.
spd fast path is to reduce policy adding time, refer to patchset [1] & [2]
for details.
[1] https://gerrit.fd.io/r/c/vpp/+/36095
[2] https://gerrit.fd.io/r/c/vpp/+/36097
Signed-off-by: xinfeng zhao <xinfengx.zhao@intel.com>
Signed-off-by: yulong pei <yulong.pei@intel.com>
Change-Id: I211b38a60d273c46e68a5b5f712090037977c6e6
|
|
Add VPP wireguard async mode test suite to use QAT device for crypto.
Also change keyword ipsechw to cryptohw in suite_setup.robot since currently
crypto device is not only used by IPSec.
Signed-off-by: Yulong Pei <yulong.pei@intel.com>
Signed-off-by: xinfeng zhao <xinfengx.zhao@intel.com>
Change-Id: Ibdadb3b09c04b7181415ffd4a248abddc6289075
|
|
The test scenario is about two private networks which communication was
protected by ipsec.
The test suites are to show performance impovement about ipsec esp flow
lookup that offloaded by NIC flow director and rss.
Verified on 3n-clx and Intel E810 NIC environment, with 64B ipsec packet
flow, performance improved ~31% with 1C2T, ~110% with 2C4T, ~250% with 4C8T.
Signed-off-by: xinfeng zhao <xinfengx.zhao@intel.com>
Signed-off-by: Yulong Pei <yulong.pei@intel.com>
Change-Id: I30aec8c5115e5a6fbef88c11d1bef2624029d1b9
|
|
Replace the hardcoded SPD inbound/outbound ranges with values derived
from test inputs.
Add the necessary routes now that the tunnel endpoints are not in the
same subnet. Also add ip neighbor entry on DUT2 for the same reason.
Also replace ipsec sa dump with show ipsec all in teardown of tests
where both SAs and SPDs are configured to improve troubleshooting.
Change-Id: I7d89a99fcf457a701c87bf6ac07364b62802677d
Signed-off-by: Juraj Linkeš <juraj.linkes@pantheon.tech>
|
|
Signed-off-by: xinfeng zhao <xinfengx.zhao@intel.com>
Change-Id: I1590d438216e4c886aae03f83364837153623dbc
|
|
Signed-off-by: Viliam Luc <vluc@cisco.com>
Change-Id: Ib0a853f7bd8cdbb0dee747e4f601bc4e54d006e9
|
|
When building documentation using sphinx we see ~1200 similar warnings [0]
[0] - https://s3-logs.fd.io/vex-yul-rot-jenkins-1/csit-verify-tox-master-ubuntu2004-x86_64/3289/doc_verify.log.gz
These warning are harmless and can be fixed later
Signed-off-by: Viliam Luc <vluc@cisco.com>
Change-Id: I1ac1099d38935971d47491dde905715345d3935c
|
|
Signed-off-by: Maros Mullner <maros.mullner@pantheon.tech>
Change-Id: I83b00d56a50d98c36547621cb2f41cb3b2f35741
|
|
Remaining ipsec reconf test suites for 40 tunnels include:
- int-aes128cbc-hmac512sha
- int-aes256gcm
Change-Id: I9c5f549368595bb0cbd0d7e9918b7695184d31c4
Signed-off-by: Maciek Konstantynowicz <mkonstan@cisco.com>
|
|
Remove following test suites:
- ipsec tests
- ethip4ipsectptlispgpe.
- policy-aes128gcm.
- policy-aes128cbc-hmac256sha.
- policy-aes128cbc-hmac512sha.
- int-aes128cbc-hmac256sha.
- scale of
- 400tnlsw.
- 5000tnlsw.
- 20000tnlsw.
- 60000tnlsw.
Change-Id: Ib4915213f6c440c70f9b17cbaac834245e51bd85
Signed-off-by: Maciek Konstantynowicz <mkonstan@cisco.com>
|
|
Add 1, 10, 100 and 1000 SPD entries using IPv4 outbound flow cache
optimization.
Change-Id: I7abb65a82454c17ef754cb11386186610f0c27e8
Signed-off-by: Juraj Linkeš <juraj.linkes@pantheon.tech>
|
|
Add testcases with plain ipv4 forwarding with 1, 10, 100 and 1000 SPD
entries on outbound traffic in both directions both directions. Only
match the last SPD entry and process others before the matching entry.
Add testcases only without flow cache optimization.
Refactor the Python functions that add SPD entries:
- Unify the args in functions that add one and multiple entries.
- For multiple entries, add the ability to pass an object that will
handle how values in each iteration (i.e. for each entry) are modified.
Change-Id: I061922eec6acc75a4e115202c07e72d89bf1f4d3
Signed-off-by: Juraj Linkeš <juraj.linkes@pantheon.tech>
|
|
Signed-off-by: pmikus <pmikus@cisco.com>
Change-Id: I6826add7b3032041632c3952c45a3c64409400b0
|
|
Signed-off-by: pmikus <pmikus@cisco.com>
Change-Id: I710af90aa5474381a82095c8a11ecf6c01c2483b
|
|
Add more granularity test policy tests. Mirror the number of tunnels in
other IPsec tests under 1000 tunnels.
Change-Id: I9bde7447a5d809bab05db132bf6cb524e97e19b3
Signed-off-by: Juraj Linkeš <juraj.linkes@pantheon.tech>
|
|
Add 2n1l udir 1 and 1000 tunnel sw policy IPsec tests to mirror the
existing 3n tests.
Add static ip neighbor mac entries which can't be retrieved in 2node
setups.
Change-Id: I13dd557cbeed7f907fa9b4c21e4e245d48916513
Signed-off-by: Juraj Linkeš <juraj.linkes@pantheon.tech>
|
|
Suite name part is correct: swasync.
This fixes the tag, from IPSECHW to IPSECSW.
Change-Id: I13a5201dade7edf180d315416c82c15d69c1bfce
Signed-off-by: Vratko Polak <vrpolak@cisco.com>
|
|
Add unidirectional 2n crypto tests. Only one direction can be tested on
a 2 node topology, since we can't use the same interface for both
encrypted and unencrypted traffic. Add the following tests:
* {n}tnlsw-ip4base-int ndrpdr tests
* {n}tnlsw-1atnl-ip4base-int reconf tests
* {n}tnlswasync-scheduler-ip4base-int ndrpdr tests
Where n is the number of tunnels:
1, 4, 40, 400, 1000, 5000, 10000, 20000, 40000, 60000 for the first two
1, 2, 4, 8 for the async scheduler tests
All of these with the following ecryption-auth algorithms:
aes128gcm
aes256gcm
aes128cbc-hmac256sha
aes128cbc-hmac512sha
Also add the corresponding trex profiles:
trex-stl-2n-ethip4-ip4dst{n}-udir.py
Where n is the number of tunnels listed above. The profiles are shared
among the tests.
Change-Id: I22bb46e6ad59801581a78aa19310bee8a5293e56
Signed-off-by: Juraj Linkeš <juraj.linkes@pantheon.tech>
|
|
This patch is to add test suites for vpp plugin crypto_sw_scheduler,
IPsec sync mode is to do crypto and packet forward work in same worker cores,
crypto_sw_scheduler can schedule crypto work to other async crypto cores to
improve whole crypto processing capability.
This test suites configure fixed 1 rx queues per port, then measure IPsec
performance with 1, 2, 3 crypto cores.
This patchset include 1, 2, 4, 8 ipsec tunnels test cases.
+Vratko help to change to count total physical cores instead of previous only
count crypto cores in test cases.
Change-Id: I0e67182e3d13273890a23703d838101900e25126
Signed-off-by: Yulong Pei <yulong.pei@intel.com>
Signed-off-by: Vratko Polak <vrpolak@cisco.com>
Signed-off-by: pmikus <pmikus@cisco.com>
|
|
Results if NDR search is in TPS (so unidir) since
https://gerrit.fd.io/r/c/csit/+/28208
The bug was causing all reconf tests report zero loss,
as they used half of NDR load during reconfiguration.
+ Small improvements to descriptions of other traffic keywords.
Change-Id: Ib9af5861cc09e698eb762feb3f0a019571d17962
Signed-off-by: Vratko Polak <vrpolak@cisco.com>
|
|
Jira: CSIT-1597
+ add ipsec_sa tear down action
Change-Id: I4d1e6f26c14e61e8ddc6f29fbf5528a034c84eb0
Signed-off-by: Jan Gelety <jgelety@cisco.com>
|
|
Ticket: CSIT-1771 VPP-1207 VPP-1675
Change-Id: I8ba2d62054361e72b833943327434ea071e7e568
Signed-off-by: Vratko Polak <vrpolak@cisco.com>
|
|
In VPP 20.05, vpp added async crypto engine that support to use QAT hardware
to do encryption and decryption, vnet/ipsec enabled async mode to use async
crypto engine.
Current async crypto engine also use dpdk_cryptodev as async handlers, in the
future it may add other native QAT driver as async handlers.
Note that async crypto engine is to support vnet/ipsec, it is different
with current existing dpdk backend which itself has ESP implementation
in plugins/dpdk/ipsec.
Change-Id: I4e6eaa7ca1eddb8b1c45212de0684fb26907119b
Signed-off-by: Yulong Pei <yulong.pei@intel.com>
|
|
Change-Id: I74641cc89d2f25d50b67d51bf2567082b420aabb
Signed-off-by: Jan Gelety <jgelety@cisco.com>
|
|
- provide base routines to run T-Rex in advanced stateful mode
Change-Id: Ib0dc5f2919c370753335f6446860683dc4b12d93
Signed-off-by: Jan Gelety <jgelety@cisco.com>
|
|
The test names are unique without it and the information doesn't add
anything extra.
Change-Id: Idc7d6d1d21c8c05691e1757227a0a3787406d370
Signed-off-by: Juraj Linkeš <juraj.linkes@pantheon.tech>
|
|
+ Merge single/double link
+ Introduce _pf{n}[0] variables so we can access physical function
same way as virtual function
+ Cleanup code by moving complex logic to python
+ Prepare code for multiple vf functions
Signed-off-by: Peter Mikus <pmikus@cisco.com>
Change-Id: Ic2e74a38bfa146441357de8f0916aeb638941c49
|
|
Change-Id: Ib30bc4697fcba93a6723ee492a59a0523425f623
Signed-off-by: Peter Mikus <pmikus@cisco.com>
|
|
Change-Id: I9af632035a1415666b2470c62a41d1b6acbf33c8
Signed-off-by: Jan Gelety <jgelety@cisco.com>
|
|
This edit is not suitable for rls2001.
Change-Id: I18ea22346d5996e78034f35d74a87c125010a146
Signed-off-by: Vratko Polak <vrpolak@cisco.com>
|
|
- Not adding nf_density tests.
- Not adding hardware ipsec tests.
- Not adding -policy- tests.
- Using old crypto_ia32_plugin.so plugin name.
+ Suitable for cherry-picking to rls2001.
Change-Id: Ibf44d6d91e2afa2320637ecd9eb69d5d5dc364aa
Signed-off-by: Vratko Polak <vrpolak@cisco.com>
|
|
https://gerrit.fd.io/r/c/vpp/+/24574
Signed-off-by: Peter Mikus <pmikus@cisco.com>
Change-Id: Ic2b7c925ceba1e16de87c64003ecceeea69c681c
|
|
Seeing differences when diff-ing between suites is distracting.
+ Bump copyright year, even for files with no change.
Change-Id: Iaca79647821dd8233bdbe6b0ac8b14fdb04060a8
Signed-off-by: Vratko Polak <vrpolak@cisco.com>
|
|
Change-Id: I0e85fc958779df3d5dbacf1ad1e3898268a832ec
Signed-off-by: Vratko Polak <vrpolak@cisco.com>
|
|
Updated to the values as seen in packet trace.
Even if VPP creates wrongly sized packets (compared to RFCs),
the overhead should correspond to the actual packet size present,
in order to correctly prevent linerate on DUT-DUT link.
The new overhead values are 62 (256SHA) and 78 (512SHA).
The GCM value is already correct, at 54 bytes, so density tests are ok.
- The lispgpe test is not updated, as it currently fails.
We will update overhead there in (or after) 24578.
Change-Id: I5cc6920205f37ddc80e76804fabd90b67174addf
Signed-off-by: Vratko Polak <vrpolak@cisco.com>
|
|
+ Include a script to add suite tags to many suites at once.
+ Add suite tags also to device tests (not covered by autogen).
Change-Id: I514ee6178e22999b43460028fe2696738b012f04
Signed-off-by: Vratko Polak <vrpolak@cisco.com>
|
|
+ Disallowed -avf- (or -rdma-) as "template" suites.
+ GBP suite switched to DPDK driver in repo.
+ Each NIC has its own list of supported drivers, in Constants.
+ Updated tag expressions for daily jobs:
+ Feature, ipsec, memif, scale, srv6, tunnels, vhost and vts
are tested only with vfio-pci.
+ Other (base, dot1q, dot1ad) tested with all drivers.
+ Setup actions currently depend on driver, generated.
- The performance_rdma action is trivial for now.
- Several tests fail, to be fixed later, e.g. by performance_rdma.
+ Reconf tests are also supported.
+ Added DRV_VFIO_PCI tags missing, mainly in density tests.
- Vhost suites (density, reconf) are failing, but suites look good.
- TCP suites do not support NIC drivers yet.
- DPDK obviously not supported.
+ Use Python 3 in regenerate scripts.
+ Fix typos binded => bound.
+ File open modes set either u"rt" or u"wt" everywhere.
+ Remove a trailing space in an environment variable name.
Change-Id: I290470675dc5c9e88b2eaa5ab6285ecd9ed7827a
Signed-off-by: Vratko Polak <vrpolak@cisco.com>
|
|
Change-Id: I1392c06b1d64f62b141d24c0d42a8e36913b15e2
Signed-off-by: Jan Gelety <jgelety@cisco.com>
|
|
- IPsec proto is not for GCM
Signed-off-by: Peter Mikus <pmikus@cisco.com>
Change-Id: If6a9721574a72dacb4486c837100e4f2ed2bab19
|
|
+ This will help unify driver base differences between TCs.
+ Decrease amount of logic needed for suite generator.
Signed-off-by: Peter Mikus <pmikus@cisco.com>
Change-Id: I1e84ba361dc1e829f0612c58a61096e2633ce0c5
|
|
+ Small bugfixes in various suites
Signed-off-by: Peter Mikus <pmikus@cisco.com>
Change-Id: I051af0a6da7340fe3f617400370c3846ca5241ab
|
|
- Attempt to repair IPsec LispGpe perf suite.
+ Collection name to reflect the current stable vpp.
+ Add messages found in CSIT L1 keywords.
- Uncommented (instead of deleted) untestable messages. Reasons:
- Honeycomb.
- Messages used by unused keywords.
+ Listed reasons. Honeycomb not mentioned if both reasons apply.
+ Delete CRC items for commands not found in keywords anymore.
+ Add CRCs from .json.api files (as teardown is hard to execute).
+ Define and restore alphabetical order.
+ Add hints to find used API commands (not entirely reliable).
+ Move used commands to "cmd = " form so hints find them.
+ Argument to run_cli_command changed from "cmd" to "cli_cmd".
+ Except also struct.error where IOError is excepted.
Change-Id: I61058dbe1e33296908aabd0c13433bb16cfa6adf
Signed-off-by: Vratko Polak <vrpolak@cisco.com>
|
|
- Added new traffic profiles.
Signed-off-by: Ludovit Mikula <ludovit.mikula@pantheon.tech>
Change-Id: Ie06b7a1cf4d9df403d098b7a495219fd95e5869e
|
|
+ Add testcases and tag expressions for perf occurrences.
+ Add TNL_1 tag for single tunnel IPsec suites.
- Some CRCs were missing before, but form a pair with a listed CRC.
- Probably the other half of the pair is not used.
- Will be fixed in subsequent Change.
Change-Id: I5754210755c13c41226b71045813714a65a1cdf3
Signed-off-by: Vratko Polak <vrpolak@cisco.com>
|
|
- Just bcause they wanted.
Change-Id: I46a83924d61e9191bb02cf9dcfb761156686d545
Signed-off-by: Peter Mikus <pmikus@cisco.com>
|
|
Change-Id: Iecfd7e69a72c8d5893a703fa93439cde0a3edf5f
Signed-off-by: Peter Mikus <pmikus@cisco.com>
|
|
Change-Id: Iac790bf5755a70697e4c4eff32242b04f8e7f789
Signed-off-by: Jan Gelety <jgelety@cisco.com>
|
|
Change-Id: Ie7bfaaaa2e4cab4b52dab42f71780f581306659b
Signed-off-by: Yulong Pei <yulong.pei@intel.com>
|