From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from dpdk.org (dpdk.org [92.243.14.124]) by inbox.dpdk.org (Postfix) with ESMTP id 43A31A051C; Fri, 17 Jan 2020 18:05:32 +0100 (CET) Received: from [92.243.14.124] (localhost [127.0.0.1]) by dpdk.org (Postfix) with ESMTP id 8CC9E2C28; Fri, 17 Jan 2020 18:05:31 +0100 (CET) Received: from mga11.intel.com (mga11.intel.com [192.55.52.93]) by dpdk.org (Postfix) with ESMTP id 968AC2C08 for ; Fri, 17 Jan 2020 18:05:29 +0100 (CET) X-Amp-Result: SKIPPED(no attachment in message) X-Amp-File-Uploaded: False Received: from fmsmga003.fm.intel.com ([10.253.24.29]) by fmsmga102.fm.intel.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 17 Jan 2020 09:05:27 -0800 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.70,330,1574150400"; d="scan'208,217";a="274443392" Received: from vmedvedk-mobl.ger.corp.intel.com (HELO [10.237.220.135]) ([10.237.220.135]) by FMSMGA003.fm.intel.com with ESMTP; 17 Jan 2020 09:05:27 -0800 To: Akhil Goyal , "dev@dpdk.org" Cc: "konstantin.ananyev@intel.com" References: <1578920122-228017-1-git-send-email-vladimir.medvedkin@intel.com> <1579012036-326214-1-git-send-email-vladimir.medvedkin@intel.com> From: "Medvedkin, Vladimir" Message-ID: <2177e720-a00c-b228-c3c7-f0ec50197ace@intel.com> Date: Fri, 17 Jan 2020 17:05:26 +0000 User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:68.0) Gecko/20100101 Thunderbird/68.4.1 MIME-Version: 1.0 In-Reply-To: Content-Language: en-US Content-Type: text/plain; charset=utf-8; format=flowed Content-Transfer-Encoding: 7bit X-Content-Filtered-By: Mailman/MimeDel 2.1.15 Subject: Re: [dpdk-dev] [PATCH v4 0/5] integrate librte_ipsec SAD into ipsec-secgw X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: DPDK patches and discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: dev-bounces@dpdk.org Sender: "dev" Hi Akhil, Indeed with our tests we also seeing ~15% perf drop for small packets (~90B) and ~3-4% drop for 1KB packets. While I am looking on a ways to minimize the drop, I think it would be hard, if possible at all to eliminate it completely. Reason for that: current SAD implementation is completely synthetic (using plain array structure indexed by SPI value). That provides a very low overhead, but doesn't provide expected functionality and can't be used in proper implementation. To measure plain IPsec performance without SAD user can still use '--signle-sa' option. On 15/01/2020 15:45, Akhil Goyal wrote: > Hi Vladimir, > > There is more than 10% drop with this patchset on NXP hardware with both legacy mode and the ipsec lib mode. This would need some debugging. > Didn't you see any drop on intel? > > Regards, > Akhil > >> -----Original Message----- >> From: Vladimir Medvedkin >> Sent: Tuesday, January 14, 2020 7:57 PM >> To: dev@dpdk.org >> Cc: konstantin.ananyev@intel.com; Akhil Goyal >> Subject: [PATCH v4 0/5] integrate librte_ipsec SAD into ipsec-secgw >> >> This series integrates SA database (SAD) capabilities from ipsec library. >> The goal is to make ipsec-secgw RFC compliant regarding inbound SAD. >> Also patch series removes hardcoded limitation for maximum number of SA's >> and SP's. >> >> v4: >> - put tunnel SA's into SAD with SPI_ONLY type for performance reason >> >> v3: >> - parse SA and SP into sorted array instead of linked list >> >> v2: >> - get rid of maximum sp limitation >> >> Vladimir Medvedkin (5): >> ipsec: move ipsec sad name length into .h >> examples/ipsec-secgw: implement inbound SAD >> examples/ipsec-secgw: integrate inbound SAD >> examples/ipsec-secgw: get rid of maximum sa limitation >> examples/ipsec-secgw: get rid of maximum sp limitation >> >> examples/ipsec-secgw/Makefile | 1 + >> examples/ipsec-secgw/ipsec-secgw.c | 4 +- >> examples/ipsec-secgw/ipsec.h | 11 +- >> examples/ipsec-secgw/meson.build | 2 +- >> examples/ipsec-secgw/parser.c | 4 + >> examples/ipsec-secgw/parser.h | 9 ++ >> examples/ipsec-secgw/sa.c | 256 +++++++++++++++++++++++-------------- >> examples/ipsec-secgw/sad.c | 90 +++++++++++++ >> examples/ipsec-secgw/sad.h | 74 +++++++++++ >> examples/ipsec-secgw/sp4.c | 114 ++++++++++++----- >> examples/ipsec-secgw/sp6.c | 112 +++++++++++----- >> lib/librte_ipsec/ipsec_sad.c | 20 +-- >> lib/librte_ipsec/rte_ipsec_sad.h | 2 + >> 13 files changed, 528 insertions(+), 171 deletions(-) >> create mode 100644 examples/ipsec-secgw/sad.c >> create mode 100644 examples/ipsec-secgw/sad.h >> >> -- >> 2.7.4 -- Regards, Vladimir