From: "Joshi, Venkatesh" <venkatesh.joshi@hpe.com>
To: "Trahe, Fiona" <fiona.trahe@intel.com>,
"users@dpdk.org" <users@dpdk.org>
Subject: Re: [dpdk-users] DPDK-19.11 : IPSEC-SECGW tests not successful
Date: Wed, 22 Jul 2020 16:05:13 +0000 [thread overview]
Message-ID: <AT5PR8401MB05457DE485B72D7AAD586FA8EC790@AT5PR8401MB0545.NAMPRD84.PROD.OUTLOOK.COM> (raw)
In-Reply-To: <SN6PR11MB288002A3C912685C2DF73BFFE4790@SN6PR11MB2880.namprd11.prod.outlook.com>
Hi Fiona,
Here are the command-lines:
For the Intel Board 1:
-------------------------
./build/ipsec-secgw -l 1 -n 4 -w b3:00.0 -w b3:00.1 -w 67:01.0 -- -P -p 0x3 -u 1 --config="(0,0,1),(1,0,1)" -f ./ep0-intel-board1.cfg
ep0-intel-board1.cfg:
-------------------------
#SP IPv4 rule - for outgoing (to crb-3)
sp ipv4 out esp protect 1000 pri 5 dst 40.1.1.0/24 sport 0:65535 dport 0:65535
#SA rules
sa out 1000 cipher_algo aes-128-cbc cipher_key a0:a0:a0:a0:a0:a0:a0:a0:a0:a0:a0:a0:\
a0:a0:a0:a0 auth_algo sha1-hmac auth_key a0:a0:a0:a0:a0:a0:a0:a0:a0:a0:a0:a0:\
a0:a0:a0:a0:a0:a0:a0:a0 mode ipv4-tunnel src 20.1.1.50 dst 20.1.1.20
#SP IPv4 rule - for incoming (to IXIA)
sp ipv4 in esp protect 1010 pri 5 dst 20.1.1.50/32 src 20.1.1.20/32 sport 0:65535 dport 0:65535
#SA rules
sa in 1010 cipher_algo aes-128-cbc cipher_key a0:a0:a0:a0:a0:a0:a0:a0:a0:a0:a0:a0:\
a0:a0:a0:a0 auth_algo sha1-hmac auth_key a0:a0:a0:a0:a0:a0:a0:a0:a0:a0:a0:a0:\
a0:a0:a0:a0:a0:a0:a0:a0 mode ipv4-tunnel src 20.1.1.20 dst 20.1.1.50
#Routing rules
rt ipv4 dst 20.1.1.20/32 port 1
rt ipv4 dst 30.1.1.10/32 port 0
For the Intel Board 2:
-------------------------
./build/ipsec-secgw -l 1 -n 4 -w 17:00.0 -w 17:00.1 -w 67:01.0 -- -P -p 0x3 -u 1 --config="(0,0,1),(1,0,1)" -f ./ep1-intel-board2.cfg
ep1-intel-board2.cfg:
----------------------
#SP IPv4 rule - for outgoing (from IXIA)
sp ipv4 out esp protect 1010 pri 1 dst 30.1.1.0/24 sport 0:65535 dport 0:65535
#SA rules
sa out 1010 cipher_algo aes-128-cbc cipher_key a0:a0:a0:a0:a0:a0:a0:a0:a0:a0:a0:a0:\
a0:a0:a0:a0 auth_algo sha1-hmac auth_key a0:a0:a0:a0:a0:a0:a0:a0:a0:a0:a0:a0:\
a0:a0:a0:a0:a0:a0:a0:a0 mode ipv4-tunnel src 20.1.1.20 dst 20.1.1.50
#Routing rules
rt ipv4 dst 20.1.1.50/32 port 1
Regards,
Venkatesh
-----Original Message-----
From: Trahe, Fiona [mailto:fiona.trahe@intel.com]
Sent: Wednesday, July 22, 2020 5:15 PM
To: Joshi, Venkatesh <venkatesh.joshi@hpe.com>; users@dpdk.org
Cc: Trahe, Fiona <fiona.trahe@intel.com>
Subject: RE: DPDK-19.11 : IPSEC-SECGW tests not successful
Have you tried using --log-level=8 (or ="qat,8") on your process commandline?
In conjunction with rebuilding with
CONFIG_RTE_LOG_DP_LEVEL=RTE_LOG_DEBUG
this should show if any cryptodev ops are being sent to QAT PMD.
Something else to try would be - can you run either
dpdk-test-crypto-perf or the unit test application - just to validate that the process can run crypto on QAT PMD ok.
Your setup for QAT looks ok.
Also could you share the command-line you're using for each process please.
> -----Original Message-----
> From: users <users-bounces@dpdk.org> On Behalf Of Joshi, Venkatesh
> Sent: Wednesday, July 22, 2020 8:51 AM
> To: users@dpdk.org
> Subject: [dpdk-users] DPDK-19.11 : IPSEC-SECGW tests not successful
>
> Hi,
>
> I'm not able to successfully run the IPSEC-SECGW tests with DPDK-19.11. I have followed the guide
> published at doc.dpdk.org but still not able to get things right.
>
> Please help me figure out what could be wrong.
>
> Here are the setup details:
>
> Network Diagram:
> ------------------
> XL710 XL 710
> |---------------------|Port 1 IPSEC Tunnel Port 1|----------------------|
> | Intel board 1 |<-------------------------------------->| Intel board 2 |
> |---------------------| |----------------------|
> Port 0 ^ ^ Port 0 (XL710)
> (XL710) | |
> | |--------------------------------| |
> -------->|7 IXIA 4|<-------------------
> |--------------------------------|
>
> * Linux kernel: 4.14
> * DPDK version: 19.11
> * All ports are 40G ports (XL710 NICs)
> * The intel board is: Intel(R) Xeon(R) Gold 5220 CPU
> - has a single socket, 18 cores, 2 threads per core
> * The QAT card: C62x
>
>
> Issue:
> --------
> * Traffic is sent from IXIA Port 4 to IXIA port 7:
> - This is IP/UDP traffic of size 1024 bytes
> - The dst mac is set to the MAC of port 0 of the XL710 NIC of Intel board 2
> - The src ip: 40.1.1.10, dst ip: 30.1.1.10
> - No packets are received on IXIA Port 7
> - On further debugging: Packets are not getting forwarded out of the IPSEC tunnel from Intel board 2.
>
> On Intel board 1:
> -------------------
> XL710 Port 0: b3:00.0 - bound to vfio-pci
> XL710 Port 1: b3:00.1 - bound to vfio-pci
> QAT VF: 0000:67:01.0 'Device 37c9' drv=vfio-pci
>
> Endpoint 0 config file: attached
> Command-line and output file: attached
>
> On Intel board 2:
> -------------------
> XL710 Port 0: 17:00.0 - bound to vfio-pci
> XL710 Port 1: 17:00.1 - bound to vfio-pci
> QAT VF: 0000:68:01.0 'Device 37c9' drv=vfio-pci
>
> Endpoint 1 config file: attached
> Command-line and output file: attached
>
>
> DPDK:
> -------
> - config has the following set:
> CONFIG_RTE_LIBRTE_PMD_QAT=y
> CONFIG_RTE_LIBRTE_PMD_QAT_SYM=y
>
> QAT driver version: qat1.7.l.4.9.0-00008
> -------------------------------------------
> Makefile has: ICP_SRIOV_AM=1
> ./configure --enable-icp-sriov=host
>
>
> Please let me know if any additional information is required.
>
>
> Regards,
> Venkatesh
>
>
> -------------- next part --------------
> An embedded and charset-unspecified text was scrubbed...
> Name: intel-board1-cmdline-and-output.txt
> URL: <http://mails.dpdk.org/archives/users/attachments/20200722/3050bab3/attachment.txt >
> -------------- next part --------------
> An embedded and charset-unspecified text was scrubbed...
> Name: intel-board2-cmdline-and-output.txt
> URL: <http://mails.dpdk.org/archives/users/attachments/20200722/3050bab3/attachment-0001.txt >
next prev parent reply other threads:[~2020-07-22 16:05 UTC|newest]
Thread overview: 6+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-07-22 7:50 Joshi, Venkatesh
2020-07-22 11:45 ` Trahe, Fiona
2020-07-22 16:05 ` Joshi, Venkatesh [this message]
2020-07-22 16:10 ` Trahe, Fiona
2020-07-22 17:23 ` Joshi, Venkatesh
2020-07-22 17:42 ` Trahe, Fiona
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=AT5PR8401MB05457DE485B72D7AAD586FA8EC790@AT5PR8401MB0545.NAMPRD84.PROD.OUTLOOK.COM \
--to=venkatesh.joshi@hpe.com \
--cc=fiona.trahe@intel.com \
--cc=users@dpdk.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).