1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
|
.. BSD LICENSE
Copyright(c) 2010-2014 Intel Corporation. All rights reserved.
All rights reserved.
Redistribution and use in source and binary forms, with or without
modification, are permitted provided that the following conditions
are met:
* Redistributions of source code must retain the above copyright
notice, this list of conditions and the following disclaimer.
* Redistributions in binary form must reproduce the above copyright
notice, this list of conditions and the following disclaimer in
the documentation and/or other materials provided with the
distribution.
* Neither the name of Intel Corporation nor the names of its
contributors may be used to endorse or promote products derived
from this software without specific prior written permission.
THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
"AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
(INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
Intel® QuickAssist Technology Sample Application
================================================
This sample application demonstrates the use of the cryptographic operations provided
by the Intel® QuickAssist Technology from within the DPDK environment.
Therefore, building and running this application requires having both the DPDK and
the QuickAssist Technology Software Library installed, as well as at least one
Intel® QuickAssist Technology hardware device present in the system.
For this sample application, there is a dependency on either of:
* Intel® Communications Chipset 8900 to 8920 Series Software for Linux* package
* Intel® Communications Chipset 8925 to 8955 Series Software for Linux* package
Overview
--------
An overview of the application is provided in :numref:`figure_quickassist_block_diagram`.
For simplicity, only two NIC ports and one Intel® QuickAssist Technology device are shown in this diagram,
although the number of NIC ports and Intel® QuickAssist Technology devices can be different.
.. _figure_quickassist_block_diagram:
.. figure:: img/quickassist_block_diagram.*
Intel® QuickAssist Technology Application Block Diagram
The application allows the configuration of the following items:
* Number of NIC ports
* Number of logical cores (lcores)
* Mapping of NIC RX queues to logical cores
Each lcore communicates with every cryptographic acceleration engine in the system through a pair of dedicated input - output queues.
Each lcore has a dedicated NIC TX queue with every NIC port in the system.
Therefore, each lcore reads packets from its NIC RX queues and cryptographic accelerator output queues and
writes packets to its NIC TX queues and cryptographic accelerator input queues.
Each incoming packet that is read from a NIC RX queue is either directly forwarded to its destination NIC TX port (forwarding path)
or first sent to one of the Intel® QuickAssist Technology devices for either encryption or decryption
before being sent out on its destination NIC TX port (cryptographic path).
The application supports IPv4 input packets only.
For each input packet, the decision between the forwarding path and
the cryptographic path is taken at the classification stage based on the value of the IP source address field read from the input packet.
Assuming that the IP source address is A.B.C.D, then if:
* D = 0: the forwarding path is selected (the packet is forwarded out directly)
* D = 1: the cryptographic path for encryption is selected (the packet is first encrypted and then forwarded out)
* D = 2: the cryptographic path for decryption is selected (the packet is first decrypted and then forwarded out)
For the cryptographic path cases (D = 1 or D = 2), byte C specifies the cipher algorithm and
byte B the cryptographic hash algorithm to be used for the current packet.
Byte A is not used and can be any value.
The cipher and cryptographic hash algorithms supported by this application are listed in the crypto.h header file.
For each input packet, the destination NIC TX port is decided at the forwarding stage (executed after the cryptographic stage,
if enabled for the packet) by looking at the RX port index of the dst_ports[ ] array,
which was initialized at startup, being the outport the adjacent enabled port.
For example, if ports 1,3,5 and 6 are enabled, for input port 1, outport port will be 3 and vice versa,
and for input port 5, output port will be 6 and vice versa.
For the cryptographic path, it is the payload of the IPv4 packet that is encrypted or decrypted.
Setup
~~~~~
Building and running this application requires having both the DPDK package and
the QuickAssist Technology Software Library installed,
as well as at least one Intel® QuickAssist Technology hardware device present in the system.
For more details on how to build and run DPDK and Intel® QuickAssist Technology applications,
please refer to the following documents:
* *DPDK Getting Started Guide*
* Intel® Communications Chipset 8900 to 8920 Series Software for Linux* Getting Started Guide (440005)
* Intel® Communications Chipset 8925 to 8955 Series Software for Linux* Getting Started Guide (523128)
For more details on the actual platforms used to validate this application, as well as performance numbers,
please refer to the Test Report, which is accessible by contacting your Intel representative.
Building the Application
------------------------
Steps to build the application:
#. Set up the following environment variables:
.. code-block:: console
export RTE_SDK=<Absolute path to the DPDK installation folder>
export ICP_ROOT=<Absolute path to the Intel QAT installation folder>
#. Set the target (a default target is used if not specified). For example:
.. code-block:: console
export RTE_TARGET=x86_64-native-linuxapp-gcc
Refer to the *DPDK Getting Started Guide* for possible RTE_TARGET values.
#. Build the application:
.. code-block:: console
cd ${RTE_SDK}/examples/dpdk_qat
make
Running the Application
-----------------------
Intel® QuickAssist Technology Configuration Files
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
The Intel® QuickAssist Technology configuration files used by the application are located in the config_files folder in the application folder.
There following sets of configuration files are included in the DPDK package:
* Stargo CRB (single CPU socket): located in the stargo folder
* dh89xxcc_qa_dev0.conf
* Shumway CRB (dual CPU socket): located in the shumway folder
* dh89xxcc_qa_dev0.conf
* dh89xxcc_qa_dev1.conf
* Coleto Creek: located in the coleto folder
* dh895xcc_qa_dev0.conf
The relevant configuration file(s) must be copied to the /etc/ directory.
Please note that any change to these configuration files requires restarting the Intel®
QuickAssist Technology driver using the following command:
.. code-block:: console
# service qat_service restart
Refer to the following documents for information on the Intel® QuickAssist Technology configuration files:
* Intel® Communications Chipset 8900 to 8920 Series Software Programmer's Guide
* Intel® Communications Chipset 8925 to 8955 Series Software Programmer's Guide
* Intel® Communications Chipset 8900 to 8920 Series Software for Linux* Getting Started Guide.
* Intel® Communications Chipset 8925 to 8955 Series Software for Linux* Getting Started Guide.
Traffic Generator Setup and Application Startup
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
The application has a number of command line options:
dpdk_qat [EAL options] -- -p PORTMASK [--no-promisc] [--config '(port,queue,lcore)[,(port,queue,lcore)]']
where,
* -p PORTMASK: Hexadecimal bitmask of ports to configure
* --no-promisc: Disables promiscuous mode for all ports,
so that only packets with the Ethernet MAC destination address set to the Ethernet address of the port are accepted.
By default promiscuous mode is enabled so that packets are accepted regardless of the packet's Ethernet MAC destination address.
* --config'(port,queue,lcore)[,(port,queue,lcore)]': determines which queues from which ports are mapped to which cores.
Refer to the :doc:`l3_forward` for more detailed descriptions of the --config command line option.
As an example, to run the application with two ports and two cores,
which are using different Intel® QuickAssist Technology execution engines,
performing AES-CBC-128 encryption with AES-XCBC-MAC-96 hash, the following settings can be used:
* Traffic generator source IP address: 0.9.6.1
* Command line:
.. code-block:: console
./build/dpdk_qat -c 0xff -n 2 -- -p 0x3 --config '(0,0,1),(1,0,2)'
Refer to the *DPDK Test Report* for more examples of traffic generator setup and the application startup command lines.
If no errors are generated in response to the startup commands, the application is running correctly.
|
