From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mga02.intel.com (mga02.intel.com [134.134.136.20]) by dpdk.org (Postfix) with ESMTP id 764D8F72 for ; Thu, 10 Mar 2016 00:54:53 +0100 (CET) Received: from fmsmga002.fm.intel.com ([10.253.24.26]) by orsmga101.jf.intel.com with ESMTP; 09 Mar 2016 15:54:51 -0800 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.24,313,1455004800"; d="scan'208";a="933424267" Received: from halfanda-mobl2.ger.corp.intel.com (HELO [10.252.5.215]) ([10.252.5.215]) by fmsmga002.fm.intel.com with ESMTP; 09 Mar 2016 15:54:52 -0800 To: Jerin Jacob References: <1454099352-29040-1-git-send-email-sergio.gonzalez.monroy@intel.com> <20160131143918.GA12763@localhost.localdomain> <56AF3CDC.5090105@intel.com> <20160201112646.GA10490@localhost.localdomain> From: Sergio Gonzalez Monroy Message-ID: <56E0B7CA.8010204@intel.com> Date: Wed, 9 Mar 2016 23:54:50 +0000 User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64; rv:38.0) Gecko/20100101 Thunderbird/38.6.0 MIME-Version: 1.0 In-Reply-To: <20160201112646.GA10490@localhost.localdomain> Content-Type: text/plain; charset=windows-1252; format=flowed Content-Transfer-Encoding: 7bit Cc: dev@dpdk.org Subject: Re: [dpdk-dev] [PATCH] example/ipsec-secgw: ipsec security gateway X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: patches and discussions about DPDK List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 09 Mar 2016 23:54:54 -0000 On 01/02/2016 11:26, Jerin Jacob wrote: > On Mon, Feb 01, 2016 at 11:09:16AM +0000, Sergio Gonzalez Monroy wrote: >> On 31/01/2016 14:39, Jerin Jacob wrote: >>> On Fri, Jan 29, 2016 at 08:29:12PM +0000, Sergio Gonzalez Monroy wrote: >>> >>> IMO, an option for single SA based outbound processing would be useful >>> measuring performance bottlenecks with SA lookup. >>> >> Hi Jerin, >> >> Are you suggesting to have an option so we basically encrypt all traffic >> using >> a single SA bypassing the SP/ACL ? > Yes. Basicaly an option to bypass "rte_acl_classify" if its for single > SA use case. > > Hi Jerin, After re-reading your comment regarding the single SA I just want to double check that I understood correctly what you were suggesting. Basically an option that we can provide a single SA to use for outbound, skipping rte_acl_classify in outbound path. That same option would also skip rte_acl_classify in inbound path without checking that we accept specific traffic for an SA. Is that correct? Sergio