From: "Ananyev, Konstantin" <konstantin.ananyev@intel.com>
To: Akhil Goyal <akhil.goyal@nxp.com>, Thomas Monjalon <thomas@monjalon.net>
Cc: "Iremonger, Bernard" <bernard.iremonger@intel.com>,
"dev@dpdk.org" <dev@dpdk.org>, Anoob Joseph <anoobj@marvell.com>,
Jerin Jacob Kollanukkaran <jerinj@marvell.com>,
Narayana Prasad Raju Athreya <pathreya@marvell.com>
Subject: Re: [dpdk-dev] [EXT] [PATCH] doc: deprecate legacy code path in ipsec-secgw
Date: Wed, 31 Jul 2019 10:19:53 +0000 [thread overview]
Message-ID: <2601191342CEEE43887BDE71AB9772580168A6002C@irsmsx105.ger.corp.intel.com> (raw)
In-Reply-To: <VE1PR04MB6639479185C28D9CE680F214E6DC0@VE1PR04MB6639.eurprd04.prod.outlook.com>
Hi Akhil,
> > > >
> > > > 30/07/2019 10:48, Akhil Goyal:
> > > > > > 30/07/2019 09:20, Akhil Goyal:
> > > > > > > > 30/07/2019 07:55, Akhil Goyal:
> > > > > > > > > > > > > All the functionality of the legacy code path in now available
> > > > > > > > > > > > > in the librte_ipsec library.
> > > > > > > > > > > > > It is planned to deprecate the legacy code path in the 19.11
> > > > > > > > > > > > > release and remove the legacy code path in the 20.02
> > release.
> > > > > > > > > > > > >
> > > > > > > > > > > > > Signed-off-by: Bernard Iremonger
> > > > <bernard.iremonger@intel.com>
> > > > > > > > > > > > > Acked-by: Konstantin Ananyev
> > <konstantin.ananyev@intel.com>
> > > > > > > > > > > > > Acked-by: Fan Zhang <roy.fan.zhang@intel.com>
> > > > > > > > > > > > > Acked-by: Akhil Goyal <akhil.goyal@nxp.com>
> > > > > > > > > > > > > ---
> > > > > > > > > > > > > doc/guides/rel_notes/deprecation.rst | 5 +++++
> > > > > > > > > > > > > 1 file changed, 5 insertions(+)
> > > > > > > > > > > > >
> > > > > > > > > > > > Acked-by: Anoob Joseph <anoobj@marvell.com>
> > > > > > > > > > >
> > > > > > > > > > > Applied to dpdk-next-crypto
> > > > > > > > > >
> > > > > > > > > > Why do we have a deprecation notice for some code path in an
> > > > example?
> > > > > > > > > > The deprecation notices are for the API.
> > > > > > > > > >
> > > > > > > > > > I think you can drop the legacy code in 19.11,
> > > > > > > > > > and I don't merge this patch in master.
> > > > > > > > >
> > > > > > > > > We are planning to remove the original code and replace it with
> > IPSec
> > > > > > > > > library APIs which are still experimental.
> > > > > > > > > With this change there won't be any example of the legacy ipsec
> > code
> > > > path.
> > > > > >
> > > > > > That's good to drop old code.
> > > > > > If someone still wants to look at it, it is in old releases.
> > > > > >
> > > > > > > > > Applications over DPDK take ipsec-secgw as an example and IPSec
> > > > > > > > > is a major use case for customers. There may also be performance
> > > > > > > > > differences in the two code paths. Atleast on NXP platforms I saw
> > > > > > > > > 5-7% drop when the patches were originally submitted.
> > > > > > > > > Not sure what is the current state.
> > > > > >
> > > > > > That's a different issue you need to solve in the library.
> > > > > >
> > > > > > > > > I feel it is worth notifying the users that the original codepath is
> > > > > > > > > getting deprecated, so that they can plan to move to new IPSec
> > APIs.
> > > > > >
> > > > > > I hope they already planned to move when they saw the new library.
> > > > > >
> > > > > > > > The deprecation notice is not the right place for a change in an
> > example.
> > > > > > > > What change is there in IPsec API? In which release?
> > > > > > >
> > > > > > > IPSec lib was introduced in 1902 release and a few enhancements
> > > > > > > are done thereafter.
> > > > > > > Previously all IPSec related stuff was done in the application,
> > > > > > > now we have IPSec Lib which perform similar work.
> > > > > > > There are changes both in datapath as well as control path.
> > > > > > > User need to adapt to the recent changes, as we may no longer
> > > > > > > support/maintain the datapath/control path which was done previously
> > > > > > > and there may be some conflict.
> > > > > >
> > > > > > So the real DPDK change is to have a new library in 19.02.
> > > > > >
> > > > > > > If deprecation notice is not the right place,
> > > > > > > then where should it be notified before actually making the change.
> > > > > >
> > > > > > It has already been notified in "New Features" of 19.02
> > > > > > that there is an IPsec library. What do you want to notify more?
> > > > > > Again, the example is not supposed to be a real application.
> > > > > > If you want to maintain an IPsec application with better quality rules,
> > > > > > I suggest to start a new git repository for it.
> > > > >
> > > > > OK got your point, but in that case, I would say, legacy code shall not be
> > > > removed
> > > > > Until we have the ipsec lib as experimental.
> > > > > User should have both the code paths as long as we have ipsec library
> > > > experimental.
> >
> > Not sure why it is needed?
> There is some performance gap.
Ok, and you think that keeping legacy code-path till 20.02
will provide enough time to analyze the perf drop for NXP devices?
> Original Idea for ipsec lib was to have
> better performing APIs.
Not only.
Main reasons were to hide from user complexity of IPsec packet processing
and avoid necessity for each user to re-implement it.
Also legacy code doesn't provide many important features
(replay window, ESN, multi-seg support, etc.)
> How much gain is observed using these APIs on intel?
It depends.
From my last observations for inline case library code-path is 10-15%
faster than legacy one. Though I think reason for that in not in the library
itself, but that legacy code handles inline traffic in suboptimal way.
For lookaside - in most cases library and legacy code performance is about the same,
except the case when we have a burst of packets where each packet belongs to different SA.
In that case new code-path is 3-5% slower.
As I understand, main reason is again not the library itself,
but that in new code we try to group packets that belongs
to the same SA both before and after crypto-dev enqueue/dequeue.
Usually that helps, but for that case it just adds extra overhead (no grouping is possible).
> Do we have data? Atleast on NXP devices, these are not performing better.
>
> > Why DPDK sample app can't use DPDK experimental API as it is,
> > without some alternate code-path?
>
> Sample app can use experimental APIs as is. There is no issue with that.
> The intent is just to notify the users that it will be removed so that they
> can be ready for change in their code.
Ok, but if we don't submit deprecation notice (as Thomas suggested)
how they'll be notified?
Would there be a separate RN when we'll remove experimental tag
and legacy code?
>
> >
> > > >
> > > > That's your take.
> > > > When do you plan to remove experimental status of IPsec library?
> > > >
> > > There have been addition of some functionality in this release cycle. I would
> > say we
> > > can wait for 1 release cycle for some fixes or changes which may be required.
> > > If it looks stable in next release cycle, we can make formal in DPDK 2002.
> >
> > If we'll leave legacy code in 19.11, does it mean we'll have to
> > support it for next 2 years (LTS cycle)?
>
> The original intent of this patch was also to remove the legacy code in 2002 release and
> not in 1911. Moreover, it is the application code that we need to remove. We can get that patch
> backported to the 19.11.1 release as well. Then it would be same.
>
next prev parent reply other threads:[~2019-07-31 10:20 UTC|newest]
Thread overview: 23+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-07-11 9:05 [dpdk-dev] [RFC] " Bernard Iremonger
2019-07-19 11:23 ` Ananyev, Konstantin
2019-07-19 14:55 ` Zhang, Roy Fan
2019-07-24 9:47 ` Akhil Goyal
2019-07-24 10:12 ` [dpdk-dev] [PATCH] " Bernard Iremonger
2019-07-24 10:14 ` Akhil Goyal
2019-07-26 14:06 ` Akhil Goyal
2019-07-26 14:45 ` [dpdk-dev] [EXT] " Anoob Joseph
2019-07-29 8:49 ` Akhil Goyal
2019-07-29 16:33 ` Thomas Monjalon
2019-07-29 20:07 ` Ananyev, Konstantin
2019-07-30 5:55 ` Akhil Goyal
2019-07-30 7:09 ` Thomas Monjalon
2019-07-30 7:20 ` Akhil Goyal
2019-07-30 7:54 ` Thomas Monjalon
2019-07-30 8:48 ` Akhil Goyal
2019-07-30 8:56 ` Thomas Monjalon
2019-07-30 9:03 ` Akhil Goyal
2019-07-30 9:25 ` Ananyev, Konstantin
2019-07-30 11:06 ` Akhil Goyal
2019-07-31 10:19 ` Ananyev, Konstantin [this message]
2019-07-31 11:26 ` Akhil Goyal
2019-08-01 7:34 ` Ananyev, Konstantin
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=2601191342CEEE43887BDE71AB9772580168A6002C@irsmsx105.ger.corp.intel.com \
--to=konstantin.ananyev@intel.com \
--cc=akhil.goyal@nxp.com \
--cc=anoobj@marvell.com \
--cc=bernard.iremonger@intel.com \
--cc=dev@dpdk.org \
--cc=jerinj@marvell.com \
--cc=pathreya@marvell.com \
--cc=thomas@monjalon.net \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).