Age | Commit message (Collapse) | Author | Files | Lines |
|
The -ar- suites had everything edited,
except that one agrument that would actually enable anti-replay.
Fixes: b9dff484de0725bca3f65739519d952e3be55cbe
Change-Id: Ib2c590a9be5271348ee15d4e4ab1b7c663559477
Signed-off-by: Vratko Polak <vrpolak@cisco.com>
|
|
+ Add suite with UDP encap.
+ Add suite with anti replay enabled.
+ Add new enums where needed by the new suites.
+ Apply trimming in enum_util to support "3DES".
+ All 10ktnl suites written and tested.
+ New robot tags added.
+ Fix one comment from the parent.
Change-Id: I2581814dbb327891d8658dd009c4e52ffd318e3b
Signed-off-by: Vratko Polak <vrpolak@cisco.com>
|
|
Move DRV_VFIO_PCI after TXQ_SIZE_0.
Upcoming suites need more space in the preceding line.
131 suite files edited, luckily doable by two commands:
$ sed -i 's/ | DRV_VFIO_PCI//' *.robot
$ sed -i 's/ | TXQ_SIZE_0/ | TXQ_SIZE_0 | DRV_VFIO_PCI/' *.robot
Change-Id: Idf30d20d321922718d523a216056d22ae67e50aa
Signed-off-by: Vratko Polak <vrpolak@cisco.com>
|
|
Only related to enums appearing in ipsec suites.
+ Add conversion utility as enum_utils.py file.
+ Rename PolicyAction closer to ipsec_types.api: IpsecSpdAction.
+ Device and perf suites updated to use str in Variables table.
- Perf suites are being tested.
Change-Id: I3b1678c4d6cc303c590e5e3665ab1b05d104a121
Signed-off-by: Vratko Polak <vrpolak@cisco.com>
|
|
Signed-off-by: Peter Mikus <peter.mikus@protonmail.ch>
Change-Id: I17866709e1c7edf078055aef4db15774e136b111
|
|
+ Fix typo "enale".
- Many style and complexity issues remain:
C0302, R0904, R0914, R0913, R1735, R0915, R1734.
Change-Id: I7e8c7ecefd8f8f94dcbc28427baa52a9c8ea1227
Signed-off-by: Vratko Polak <vrpolak@cisco.com>
|
|
It is already available via default.robot import.
Change-Id: I52c8f5d62f641edfbbc4b750e40274a75b169a22
Signed-off-by: Vratko Polak <vrpolak@cisco.com>
|
|
The new suites were added in [1]
and the VPP functionality was removed in [2].
[1] https://gerrit.fd.io/r/c/csit/+/28508
[2] https://gerrit.fd.io/r/c/vpp/+/31443
Change-Id: Id3fa984bf9f61a1dd831d637695ac6844c86ffc8
Signed-off-by: Vratko Polak <vrpolak@cisco.com>
|
|
Signed-off-by: pmikus <peter.mikus@protonmail.ch>
Change-Id: Ib93dc1552945fe91ab5346b9b759d56c7468debf
|
|
Also add IPsec 10000tnlhwasync int mode and 4tnlhwasync policy mode
test suites, in order to compare sw crypto and QAT crypto and IPsec
int mode and policy mode performance.
Signed-off-by: Yulong Pei <yulong.pei@intel.com>
Signed-off-by: xinfeng zhao <xinfengx.zhao@intel.com>
Change-Id: I0aed06a0c75c1a545720649d3561a0aa5a861db2
|
|
Add ipsec reassembly test cases to bring in line with 3n-icx.
Add ipsec policy test cases with flow cache enabled for both inbound and
outbound traffic.
Remove GTPU hardware tests as the NIC doesn't support GTPU offload RX.
Change-Id: I7b18914f983d5974b390f995ec638a64b9bbccbb
Signed-off-by: Juraj Linkeš <juraj.linkes@pantheon.tech>
|
|
In tunneling scenarios, VPP needs to reassembly packet fragments
before decapsulation. Conveniently, VPP also fragments the packets
after encapsulation (at least for some encapsulation protocols)
if they do not fit into MTU.
So this change adds few suites, adapted from existing 3-node ones
which additionally lower MTU on DUT1-DUT2 link.
The intended packet size is 1518B. 64B packets will fit,
and most of IMIX packets will also fit without fragmentation.
VPP refuses to reassembly 9000B packets as they have too many fragments.
+ Add a keyword so suites need only one additional line of code.
+ Add new test tag REASSEMBLY for the added suites.
+ Tell autogen the one soak test case for reaseembly should be 1518B.
- It is possible to increase fragment limit for 9000B, not done yet.
- Ipsec policy suites are added but they should not be used.
- VPP does fragmentation twice (before and after encapsulation).
- VPP does not perform reassembly (only last fragment is decrypted).
- TRex does not realize the packet from VPP is only a fragment.
- The result is false pass with unfairly good performance.
+ Suites still included, to simplify verifying VPP fixes for the above.
Change-Id: If33c60d767fea161d9e4ffabb8ded3d81c8f39ed
Signed-off-by: Vratko Polak <vrpolak@cisco.com>
|
|
Signed-off-by: xinfeng zhao <xinfengx.zhao@intel.com>
Signed-off-by: Yulong Pei <yulong.pei@intel.com>
Change-Id: I3708253adf4c7421ff48eee6aefb735b39726359
|
|
This will greatly improve the performance of IPsec policy cases
Signed-off-by: xinfeng zhao <xinfengx.zhao@intel.com>
Signed-off-by: Yulong Pei <yulong.pei@intel.com>
Change-Id: Ib42b5650791be7fcc8649873eaf12616aeba5aec
|
|
In order to compare performance number with existed routing based ipip
interface mode 40k tunnels ipsec test.
Signed-off-by: xinfeng zhao <xinfengx.zhao@intel.com>
Signed-off-by: Yulong Pei <yulong.pei@intel.com>
Change-Id: I94816a8c18f08b539114d6ca9d4e1218a2b6ea5f
|
|
Also add 10k tunnels IPSec policy mode test with spd fast path enabled.
spd fast path is to reduce policy adding time, refer to patchset [1] & [2]
for details.
[1] https://gerrit.fd.io/r/c/vpp/+/36095
[2] https://gerrit.fd.io/r/c/vpp/+/36097
Signed-off-by: xinfeng zhao <xinfengx.zhao@intel.com>
Signed-off-by: yulong pei <yulong.pei@intel.com>
Change-Id: I211b38a60d273c46e68a5b5f712090037977c6e6
|
|
Add VPP wireguard async mode test suite to use QAT device for crypto.
Also change keyword ipsechw to cryptohw in suite_setup.robot since currently
crypto device is not only used by IPSec.
Signed-off-by: Yulong Pei <yulong.pei@intel.com>
Signed-off-by: xinfeng zhao <xinfengx.zhao@intel.com>
Change-Id: Ibdadb3b09c04b7181415ffd4a248abddc6289075
|
|
The test scenario is about two private networks which communication was
protected by ipsec.
The test suites are to show performance impovement about ipsec esp flow
lookup that offloaded by NIC flow director and rss.
Verified on 3n-clx and Intel E810 NIC environment, with 64B ipsec packet
flow, performance improved ~31% with 1C2T, ~110% with 2C4T, ~250% with 4C8T.
Signed-off-by: xinfeng zhao <xinfengx.zhao@intel.com>
Signed-off-by: Yulong Pei <yulong.pei@intel.com>
Change-Id: I30aec8c5115e5a6fbef88c11d1bef2624029d1b9
|
|
Replace the hardcoded SPD inbound/outbound ranges with values derived
from test inputs.
Add the necessary routes now that the tunnel endpoints are not in the
same subnet. Also add ip neighbor entry on DUT2 for the same reason.
Also replace ipsec sa dump with show ipsec all in teardown of tests
where both SAs and SPDs are configured to improve troubleshooting.
Change-Id: I7d89a99fcf457a701c87bf6ac07364b62802677d
Signed-off-by: Juraj Linkeš <juraj.linkes@pantheon.tech>
|
|
Signed-off-by: xinfeng zhao <xinfengx.zhao@intel.com>
Change-Id: I1590d438216e4c886aae03f83364837153623dbc
|
|
Signed-off-by: Viliam Luc <vluc@cisco.com>
Change-Id: Ib0a853f7bd8cdbb0dee747e4f601bc4e54d006e9
|
|
When building documentation using sphinx we see ~1200 similar warnings [0]
[0] - https://s3-logs.fd.io/vex-yul-rot-jenkins-1/csit-verify-tox-master-ubuntu2004-x86_64/3289/doc_verify.log.gz
These warning are harmless and can be fixed later
Signed-off-by: Viliam Luc <vluc@cisco.com>
Change-Id: I1ac1099d38935971d47491dde905715345d3935c
|
|
Signed-off-by: Maros Mullner <maros.mullner@pantheon.tech>
Change-Id: I83b00d56a50d98c36547621cb2f41cb3b2f35741
|
|
Remaining ipsec reconf test suites for 40 tunnels include:
- int-aes128cbc-hmac512sha
- int-aes256gcm
Change-Id: I9c5f549368595bb0cbd0d7e9918b7695184d31c4
Signed-off-by: Maciek Konstantynowicz <mkonstan@cisco.com>
|
|
Remove following test suites:
- ipsec tests
- ethip4ipsectptlispgpe.
- policy-aes128gcm.
- policy-aes128cbc-hmac256sha.
- policy-aes128cbc-hmac512sha.
- int-aes128cbc-hmac256sha.
- scale of
- 400tnlsw.
- 5000tnlsw.
- 20000tnlsw.
- 60000tnlsw.
Change-Id: Ib4915213f6c440c70f9b17cbaac834245e51bd85
Signed-off-by: Maciek Konstantynowicz <mkonstan@cisco.com>
|
|
Add 1, 10, 100 and 1000 SPD entries using IPv4 outbound flow cache
optimization.
Change-Id: I7abb65a82454c17ef754cb11386186610f0c27e8
Signed-off-by: Juraj Linkeš <juraj.linkes@pantheon.tech>
|
|
Add testcases with plain ipv4 forwarding with 1, 10, 100 and 1000 SPD
entries on outbound traffic in both directions both directions. Only
match the last SPD entry and process others before the matching entry.
Add testcases only without flow cache optimization.
Refactor the Python functions that add SPD entries:
- Unify the args in functions that add one and multiple entries.
- For multiple entries, add the ability to pass an object that will
handle how values in each iteration (i.e. for each entry) are modified.
Change-Id: I061922eec6acc75a4e115202c07e72d89bf1f4d3
Signed-off-by: Juraj Linkeš <juraj.linkes@pantheon.tech>
|
|
Signed-off-by: pmikus <pmikus@cisco.com>
Change-Id: I6826add7b3032041632c3952c45a3c64409400b0
|
|
Signed-off-by: pmikus <pmikus@cisco.com>
Change-Id: I710af90aa5474381a82095c8a11ecf6c01c2483b
|
|
Add more granularity test policy tests. Mirror the number of tunnels in
other IPsec tests under 1000 tunnels.
Change-Id: I9bde7447a5d809bab05db132bf6cb524e97e19b3
Signed-off-by: Juraj Linkeš <juraj.linkes@pantheon.tech>
|
|
Add 2n1l udir 1 and 1000 tunnel sw policy IPsec tests to mirror the
existing 3n tests.
Add static ip neighbor mac entries which can't be retrieved in 2node
setups.
Change-Id: I13dd557cbeed7f907fa9b4c21e4e245d48916513
Signed-off-by: Juraj Linkeš <juraj.linkes@pantheon.tech>
|
|
Suite name part is correct: swasync.
This fixes the tag, from IPSECHW to IPSECSW.
Change-Id: I13a5201dade7edf180d315416c82c15d69c1bfce
Signed-off-by: Vratko Polak <vrpolak@cisco.com>
|
|
Add unidirectional 2n crypto tests. Only one direction can be tested on
a 2 node topology, since we can't use the same interface for both
encrypted and unencrypted traffic. Add the following tests:
* {n}tnlsw-ip4base-int ndrpdr tests
* {n}tnlsw-1atnl-ip4base-int reconf tests
* {n}tnlswasync-scheduler-ip4base-int ndrpdr tests
Where n is the number of tunnels:
1, 4, 40, 400, 1000, 5000, 10000, 20000, 40000, 60000 for the first two
1, 2, 4, 8 for the async scheduler tests
All of these with the following ecryption-auth algorithms:
aes128gcm
aes256gcm
aes128cbc-hmac256sha
aes128cbc-hmac512sha
Also add the corresponding trex profiles:
trex-stl-2n-ethip4-ip4dst{n}-udir.py
Where n is the number of tunnels listed above. The profiles are shared
among the tests.
Change-Id: I22bb46e6ad59801581a78aa19310bee8a5293e56
Signed-off-by: Juraj Linkeš <juraj.linkes@pantheon.tech>
|
|
This patch is to add test suites for vpp plugin crypto_sw_scheduler,
IPsec sync mode is to do crypto and packet forward work in same worker cores,
crypto_sw_scheduler can schedule crypto work to other async crypto cores to
improve whole crypto processing capability.
This test suites configure fixed 1 rx queues per port, then measure IPsec
performance with 1, 2, 3 crypto cores.
This patchset include 1, 2, 4, 8 ipsec tunnels test cases.
+Vratko help to change to count total physical cores instead of previous only
count crypto cores in test cases.
Change-Id: I0e67182e3d13273890a23703d838101900e25126
Signed-off-by: Yulong Pei <yulong.pei@intel.com>
Signed-off-by: Vratko Polak <vrpolak@cisco.com>
Signed-off-by: pmikus <pmikus@cisco.com>
|
|
Results if NDR search is in TPS (so unidir) since
https://gerrit.fd.io/r/c/csit/+/28208
The bug was causing all reconf tests report zero loss,
as they used half of NDR load during reconfiguration.
+ Small improvements to descriptions of other traffic keywords.
Change-Id: Ib9af5861cc09e698eb762feb3f0a019571d17962
Signed-off-by: Vratko Polak <vrpolak@cisco.com>
|
|
Jira: CSIT-1597
+ add ipsec_sa tear down action
Change-Id: I4d1e6f26c14e61e8ddc6f29fbf5528a034c84eb0
Signed-off-by: Jan Gelety <jgelety@cisco.com>
|
|
Ticket: CSIT-1771 VPP-1207 VPP-1675
Change-Id: I8ba2d62054361e72b833943327434ea071e7e568
Signed-off-by: Vratko Polak <vrpolak@cisco.com>
|
|
In VPP 20.05, vpp added async crypto engine that support to use QAT hardware
to do encryption and decryption, vnet/ipsec enabled async mode to use async
crypto engine.
Current async crypto engine also use dpdk_cryptodev as async handlers, in the
future it may add other native QAT driver as async handlers.
Note that async crypto engine is to support vnet/ipsec, it is different
with current existing dpdk backend which itself has ESP implementation
in plugins/dpdk/ipsec.
Change-Id: I4e6eaa7ca1eddb8b1c45212de0684fb26907119b
Signed-off-by: Yulong Pei <yulong.pei@intel.com>
|
|
Change-Id: I74641cc89d2f25d50b67d51bf2567082b420aabb
Signed-off-by: Jan Gelety <jgelety@cisco.com>
|
|
- provide base routines to run T-Rex in advanced stateful mode
Change-Id: Ib0dc5f2919c370753335f6446860683dc4b12d93
Signed-off-by: Jan Gelety <jgelety@cisco.com>
|
|
The test names are unique without it and the information doesn't add
anything extra.
Change-Id: Idc7d6d1d21c8c05691e1757227a0a3787406d370
Signed-off-by: Juraj Linkeš <juraj.linkes@pantheon.tech>
|
|
+ Merge single/double link
+ Introduce _pf{n}[0] variables so we can access physical function
same way as virtual function
+ Cleanup code by moving complex logic to python
+ Prepare code for multiple vf functions
Signed-off-by: Peter Mikus <pmikus@cisco.com>
Change-Id: Ic2e74a38bfa146441357de8f0916aeb638941c49
|
|
Change-Id: Ib30bc4697fcba93a6723ee492a59a0523425f623
Signed-off-by: Peter Mikus <pmikus@cisco.com>
|
|
Change-Id: I9af632035a1415666b2470c62a41d1b6acbf33c8
Signed-off-by: Jan Gelety <jgelety@cisco.com>
|
|
This edit is not suitable for rls2001.
Change-Id: I18ea22346d5996e78034f35d74a87c125010a146
Signed-off-by: Vratko Polak <vrpolak@cisco.com>
|
|
- Not adding nf_density tests.
- Not adding hardware ipsec tests.
- Not adding -policy- tests.
- Using old crypto_ia32_plugin.so plugin name.
+ Suitable for cherry-picking to rls2001.
Change-Id: Ibf44d6d91e2afa2320637ecd9eb69d5d5dc364aa
Signed-off-by: Vratko Polak <vrpolak@cisco.com>
|
|
https://gerrit.fd.io/r/c/vpp/+/24574
Signed-off-by: Peter Mikus <pmikus@cisco.com>
Change-Id: Ic2b7c925ceba1e16de87c64003ecceeea69c681c
|
|
Seeing differences when diff-ing between suites is distracting.
+ Bump copyright year, even for files with no change.
Change-Id: Iaca79647821dd8233bdbe6b0ac8b14fdb04060a8
Signed-off-by: Vratko Polak <vrpolak@cisco.com>
|
|
Change-Id: I0e85fc958779df3d5dbacf1ad1e3898268a832ec
Signed-off-by: Vratko Polak <vrpolak@cisco.com>
|
|
Updated to the values as seen in packet trace.
Even if VPP creates wrongly sized packets (compared to RFCs),
the overhead should correspond to the actual packet size present,
in order to correctly prevent linerate on DUT-DUT link.
The new overhead values are 62 (256SHA) and 78 (512SHA).
The GCM value is already correct, at 54 bytes, so density tests are ok.
- The lispgpe test is not updated, as it currently fails.
We will update overhead there in (or after) 24578.
Change-Id: I5cc6920205f37ddc80e76804fabd90b67174addf
Signed-off-by: Vratko Polak <vrpolak@cisco.com>
|