From: Aakash Sasidharan <asasidharan@marvell.com>
To: Konstantin Ananyev <konstantin.ananyev@huawei.com>
Cc: Akhil Goyal <gakhil@marvell.com>,
Jerin Jacob <jerinj@marvell.com>,
Anoob Joseph <anoobj@marvell.com>,
Vidya Sagar Velumuri <vvelumuri@marvell.com>,
"dev@dpdk.org" <dev@dpdk.org>,
"konstantin.v.ananyev@yandex.ru" <konstantin.v.ananyev@yandex.ru>,
"vladimir.medvedkin@intel.com" <vladimir.medvedkin@intel.com>
Subject: RE: [PATCH v2] doc: announce rte_ipsec API changes
Date: Wed, 24 Jul 2024 10:16:34 +0000 [thread overview]
Message-ID: <PH0PR18MB4508E0DF35CB788F18DF5295A1AA2@PH0PR18MB4508.namprd18.prod.outlook.com> (raw)
In-Reply-To: <fa9979f1fa044c6c872b95b4566c6aa1@huawei.com>
> -----Original Message-----
> From: Konstantin Ananyev <konstantin.ananyev@huawei.com>
> Sent: Tuesday, July 23, 2024 9:35 PM
> To: Aakash Sasidharan <asasidharan@marvell.com>
> Cc: Akhil Goyal <gakhil@marvell.com>; Jerin Jacob <jerinj@marvell.com>;
> Anoob Joseph <anoobj@marvell.com>; Vidya Sagar Velumuri
> <vvelumuri@marvell.com>; dev@dpdk.org; konstantin.v.ananyev@yandex.ru;
> vladimir.medvedkin@intel.com
> Subject: [EXTERNAL] RE: [PATCH v2] doc: announce rte_ipsec API changes
>
> Hi,
>
> > In case of event mode operations where event device can help in atomic
> > sequence number increment across cores, sequence number need to be
> > provided by the application instead of being updated in rte_ipsec or
> > the PMD. To support this, a new flag
> > ``RTE_IPSEC_SAFLAG_SQN_ASSIGN_DISABLE``
> > will be added to disable sequence number update inside IPsec library
> > and the API rte_ipsec_pkt_crypto_prepare will be extended to include
> > ``sqn`` as an additional parameter to specify sequence number to be
> > used for IPsec from the application.
>
> Could you probably elaborate a bit more:
> Why such change is necessary for event-dev mode, what exactly will be
> affected in librte_ipsec (would it be for outbound mode, or both), etc.
>
[Aakash] When using eventdev, it is possible to have multiple cores process packets from the same flow at the same time, but still have ordering maintained.
Sequence for IPsec would be like below,
1. Ethdev Rx computes flow hash and submits packets to an ORDERED eventdev queue.
One flow would always hit one event dev queue.
One eventdev queue can be attached to multiple eventdev ports.
2. Lcores receives packets via these eventdev ports.
Lcores can now process the packets from the same flow in parallel.
3. Lcores submit the packets to an ATOMIC queue
This is needed as IPsec seq no update needs to be done atomically.
4. After seq no update, packets are moved to ORDERED queue.
Lcores can now processes the packets in parallel again.
5. During Tx, eventdev ensures packet ordering based on ORDERED queue.
Since lib IPsec takes care of sequence number assignment, complete rte_ipsec_pkt_crypto_prepare() routine need to be made as ATOMIC stage.
But apart from seq no update, rest of the operations can be done in parallel.
In addition, we are also looking at another use case when a set of packets from a session can be IPsec processed by rte_security device and some packets from the same session would need to be SW processed with lib IPsec. Here again the sequence number assignment would need to occur at central place so that sequence number is not repeated.
Initially we are looking at outbound only. But similar kind of use case would be applicable for inbound also.
> >
> > Signed-off-by: Aakash Sasidharan <asasidharan@marvell.com>
> > ---
> > doc/guides/rel_notes/deprecation.rst | 7 +++++++
> > 1 file changed, 7 insertions(+)
> >
> > diff --git a/doc/guides/rel_notes/deprecation.rst
> > b/doc/guides/rel_notes/deprecation.rst
> > index 6948641ff6..bc1d93cca7 100644
> > --- a/doc/guides/rel_notes/deprecation.rst
> > +++ b/doc/guides/rel_notes/deprecation.rst
> > @@ -133,6 +133,13 @@ Deprecation Notices
> > Since these functions are not called directly by the application,
> > the API remains unaffected.
> >
> > +* ipsec: The rte_ipsec library is updated to support sequence number
> > +provided
> > + by application. A new flag ``RTE_IPSEC_SAFLAG_SQN_ASSIGN_DISABLE``
> > +is introduced
> > + to disable sequence number assignment in lib IPsec.
> > + The API rte_ipsec_pkt_crypto_prepare is extended to include ``sqn``
> > +as an
> > + additional parameter allowing application to specify the sequence
> > +number to be
> > + used for the IPsec operation.
> > +
> > * pipeline: The pipeline library legacy API (functions rte_pipeline_*)
> > will be deprecated and subsequently removed in DPDK 24.11 release.
> > Before this, the new pipeline library API (functions
> > rte_swx_pipeline_*)
> > --
> > 2.25.1
next prev parent reply other threads:[~2024-07-24 10:19 UTC|newest]
Thread overview: 14+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-07-23 13:02 [PATCH] " Aakash Sasidharan
2024-07-23 13:37 ` [PATCH v2] " Aakash Sasidharan
2024-07-23 16:04 ` Konstantin Ananyev
2024-07-24 10:16 ` Aakash Sasidharan [this message]
2024-07-24 17:08 ` Konstantin Ananyev
2024-07-25 11:23 ` Aakash Sasidharan
2024-07-25 15:52 ` Konstantin Ananyev
2024-07-29 9:54 ` Aakash Sasidharan
2024-07-29 11:47 ` [PATCH v3] " Aakash Sasidharan
2024-07-29 11:53 ` Akhil Goyal
2024-07-31 13:20 ` Thomas Monjalon
2024-07-29 12:00 ` Konstantin Ananyev
2024-07-30 10:09 ` Akhil Goyal
2024-07-30 10:35 ` Radu Nicolau
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=PH0PR18MB4508E0DF35CB788F18DF5295A1AA2@PH0PR18MB4508.namprd18.prod.outlook.com \
--to=asasidharan@marvell.com \
--cc=anoobj@marvell.com \
--cc=dev@dpdk.org \
--cc=gakhil@marvell.com \
--cc=jerinj@marvell.com \
--cc=konstantin.ananyev@huawei.com \
--cc=konstantin.v.ananyev@yandex.ru \
--cc=vladimir.medvedkin@intel.com \
--cc=vvelumuri@marvell.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).