DPDK usage discussions
 help / color / mirror / Atom feed
From: "Joshi, Venkatesh" <venkatesh.joshi@hpe.com>
To: "Trahe, Fiona" <fiona.trahe@intel.com>,
	"users@dpdk.org" <users@dpdk.org>
Subject: Re: [dpdk-users] DPDK-19.11 : IPSEC-SECGW tests not successful
Date: Wed, 22 Jul 2020 16:05:13 +0000	[thread overview]
Message-ID: <AT5PR8401MB05457DE485B72D7AAD586FA8EC790@AT5PR8401MB0545.NAMPRD84.PROD.OUTLOOK.COM> (raw)
In-Reply-To: <SN6PR11MB288002A3C912685C2DF73BFFE4790@SN6PR11MB2880.namprd11.prod.outlook.com>

Hi Fiona,

Here are the command-lines:


For the Intel Board 1:
-------------------------

./build/ipsec-secgw -l 1 -n 4 -w b3:00.0 -w b3:00.1 -w 67:01.0 -- -P -p 0x3 -u 1 --config="(0,0,1),(1,0,1)" -f ./ep0-intel-board1.cfg

ep0-intel-board1.cfg:
-------------------------
#SP IPv4 rule - for outgoing (to crb-3)
sp ipv4 out esp protect 1000 pri 5 dst 40.1.1.0/24 sport 0:65535 dport 0:65535

#SA rules
sa out 1000 cipher_algo aes-128-cbc cipher_key a0:a0:a0:a0:a0:a0:a0:a0:a0:a0:a0:a0:\
a0:a0:a0:a0 auth_algo sha1-hmac auth_key a0:a0:a0:a0:a0:a0:a0:a0:a0:a0:a0:a0:\
a0:a0:a0:a0:a0:a0:a0:a0 mode ipv4-tunnel src 20.1.1.50 dst 20.1.1.20

#SP IPv4 rule - for incoming (to IXIA)
sp ipv4 in esp protect 1010 pri 5 dst 20.1.1.50/32 src 20.1.1.20/32 sport 0:65535 dport 0:65535

#SA rules
sa in 1010 cipher_algo aes-128-cbc cipher_key a0:a0:a0:a0:a0:a0:a0:a0:a0:a0:a0:a0:\
a0:a0:a0:a0 auth_algo sha1-hmac auth_key a0:a0:a0:a0:a0:a0:a0:a0:a0:a0:a0:a0:\
a0:a0:a0:a0:a0:a0:a0:a0 mode ipv4-tunnel src 20.1.1.20 dst 20.1.1.50


#Routing rules
rt ipv4 dst 20.1.1.20/32 port 1
rt ipv4 dst 30.1.1.10/32 port 0


For  the Intel Board 2:
-------------------------
./build/ipsec-secgw -l 1 -n 4 -w 17:00.0 -w 17:00.1 -w 67:01.0 -- -P -p 0x3 -u 1 --config="(0,0,1),(1,0,1)" -f ./ep1-intel-board2.cfg

ep1-intel-board2.cfg:
----------------------
#SP IPv4 rule - for outgoing (from IXIA)
sp ipv4 out esp protect 1010 pri 1 dst 30.1.1.0/24 sport 0:65535 dport 0:65535

#SA rules
sa out 1010 cipher_algo aes-128-cbc cipher_key a0:a0:a0:a0:a0:a0:a0:a0:a0:a0:a0:a0:\
a0:a0:a0:a0 auth_algo sha1-hmac auth_key a0:a0:a0:a0:a0:a0:a0:a0:a0:a0:a0:a0:\
a0:a0:a0:a0:a0:a0:a0:a0 mode ipv4-tunnel src 20.1.1.20 dst 20.1.1.50

#Routing rules
rt ipv4 dst 20.1.1.50/32 port 1






Regards,
Venkatesh


-----Original Message-----
From: Trahe, Fiona [mailto:fiona.trahe@intel.com] 
Sent: Wednesday, July 22, 2020 5:15 PM
To: Joshi, Venkatesh <venkatesh.joshi@hpe.com>; users@dpdk.org
Cc: Trahe, Fiona <fiona.trahe@intel.com>
Subject: RE: DPDK-19.11 : IPSEC-SECGW tests not successful

Have you tried using --log-level=8 (or ="qat,8") on your process commandline?
In conjunction with rebuilding with 
CONFIG_RTE_LOG_DP_LEVEL=RTE_LOG_DEBUG 
this should show if any cryptodev ops are being sent to QAT PMD.

Something else to try would be  - can you run either  
dpdk-test-crypto-perf or the unit test application - just to validate that the process can run crypto on QAT PMD ok.
Your setup for QAT looks ok. 

Also could you share the command-line you're using for each process please.


> -----Original Message-----
> From: users <users-bounces@dpdk.org> On Behalf Of Joshi, Venkatesh
> Sent: Wednesday, July 22, 2020 8:51 AM
> To: users@dpdk.org
> Subject: [dpdk-users] DPDK-19.11 : IPSEC-SECGW tests not successful
> 
> Hi,
> 
> I'm not able to successfully run the IPSEC-SECGW tests with DPDK-19.11. I have followed the guide
> published at doc.dpdk.org but still not able to get things right.
> 
> Please help me figure out what could be wrong.
> 
> Here are the setup details:
> 
> Network Diagram:
> ------------------
>                                       XL710                             XL 710
>                |---------------------|Port 1        IPSEC Tunnel        Port 1|----------------------|
>                |    Intel board 1    |<-------------------------------------->|   Intel board 2      |
>                |---------------------|                                        |----------------------|
>                  Port 0  ^                                                               ^ Port 0 (XL710)
>                  (XL710) |                                                               |
>                          |         |--------------------------------|                    |
>                           -------->|7          IXIA                4|<-------------------
>                                    |--------------------------------|
> 
> * Linux kernel: 4.14
> * DPDK version: 19.11
> * All ports are 40G ports (XL710 NICs)
> * The intel board is: Intel(R) Xeon(R) Gold 5220 CPU
>                       - has a single socket, 18 cores, 2 threads per core
> * The QAT card: C62x
> 
> 
> Issue:
> --------
> * Traffic is sent from IXIA Port 4 to IXIA port 7:
>    - This is IP/UDP traffic of size 1024 bytes
>    - The dst mac is set to the MAC of port 0 of the XL710 NIC of Intel board 2
>    - The src ip: 40.1.1.10, dst ip: 30.1.1.10
>    - No packets are received on IXIA Port 7
>    - On further debugging: Packets are not getting forwarded out of the IPSEC tunnel from Intel board 2.
> 
> On Intel board 1:
> -------------------
> XL710 Port 0: b3:00.0 - bound to vfio-pci
> XL710 Port 1: b3:00.1 - bound to vfio-pci
> QAT VF: 0000:67:01.0 'Device 37c9' drv=vfio-pci
> 
> Endpoint 0 config file: attached
> Command-line and output file: attached
> 
> On Intel board 2:
> -------------------
> XL710 Port 0: 17:00.0 - bound to vfio-pci
> XL710 Port 1: 17:00.1 - bound to vfio-pci
> QAT VF: 0000:68:01.0 'Device 37c9' drv=vfio-pci
> 
> Endpoint 1 config file: attached
> Command-line and output file: attached
> 
> 
> DPDK:
> -------
> - config has the following set:
>   CONFIG_RTE_LIBRTE_PMD_QAT=y
>   CONFIG_RTE_LIBRTE_PMD_QAT_SYM=y
> 
> QAT driver version: qat1.7.l.4.9.0-00008
> -------------------------------------------
> Makefile has: ICP_SRIOV_AM=1
> ./configure --enable-icp-sriov=host
> 
> 
> Please let me know if any additional information is required.
> 
> 
> Regards,
> Venkatesh
> 
> 
> -------------- next part --------------
> An embedded and charset-unspecified text was scrubbed...
> Name: intel-board1-cmdline-and-output.txt
> URL: <http://mails.dpdk.org/archives/users/attachments/20200722/3050bab3/attachment.txt >
> -------------- next part --------------
> An embedded and charset-unspecified text was scrubbed...
> Name: intel-board2-cmdline-and-output.txt
> URL: <http://mails.dpdk.org/archives/users/attachments/20200722/3050bab3/attachment-0001.txt >

  reply	other threads:[~2020-07-22 16:05 UTC|newest]

Thread overview: 6+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2020-07-22  7:50 Joshi, Venkatesh
2020-07-22 11:45 ` Trahe, Fiona
2020-07-22 16:05   ` Joshi, Venkatesh [this message]
2020-07-22 16:10     ` Trahe, Fiona
2020-07-22 17:23       ` Joshi, Venkatesh
2020-07-22 17:42         ` Trahe, Fiona

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=AT5PR8401MB05457DE485B72D7AAD586FA8EC790@AT5PR8401MB0545.NAMPRD84.PROD.OUTLOOK.COM \
    --to=venkatesh.joshi@hpe.com \
    --cc=fiona.trahe@intel.com \
    --cc=users@dpdk.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).