SlideShare a Scribd company logo

Dpdk 2019-ipsec-eventdev

H
Hemant Agrawal

1) The document discusses adding event device support to the ipsec-gw application in DPDK to improve efficiency. 2) It describes how cryptodev works with poll and event modes and introduces an event crypto adapter to connect crypto queues to the event framework. 3) The proposed changes are to assign all crypto and ethernet queues to an event device and dequeue packets from the event device rather than individual devices to allow asynchronous and CPU-efficient processing.

Software
1 of 15
Download to read offline
x Adding Eventdev support in ipsec-gw application Hemant Agrawal (NXP) Akhil Goyal (NXP) DPDK Userspace - 2019
• Overview • Cryptodev • Event Crypto Adapter • Crypto Event Adapter Processing Example • Proposed changes in IPSEC event Gateway
3 CRYPTODEV • A framework for processing symmetric and asymmetric crypto workload. • Provides a standard API supporting transparent crypto processing for all vendors of crypto(SW/HW) PMD. • Poll mode driver infrastructure with the recent addition of event mode support. • User can choose to use any combination of software/hardware PMD and schedule work between them User Application Device management Device Capabilities Queue Pair Management Symmetric session management Asymmetric session management Operation processing (Enqueue/Dequeue) DPDK CRYPTODEV API COMPONENTS Device Statistics x86 Libraries OPENSSL DPAA2_SEC DPAA_SEC QAT AESNI-MBARMv8SCHEDULERCCP CAAM_JR NXP Hardware ARM libraries Marvell Hardware Libsso lib AMD Hard ware Intel ware Intel Hard ware CRYPTO PMDs OCTEONTX MVSAM
4 event driven model Flow 0 Flow 1 Flow n Event Queue 0 Flow 0 Flow 1 Flow n Event Queue 1 Flow 0 Flow 1 Flow n Event Queue n Event Port 0 Event Port 1 Event Port 2 Event Port n Core 0 Core 1 Core 2 Core n Rx Packet event An Event device Crypto completion event Timer expiry event Event from Devices Core(SW) event Enqueue(queue, flow, schedule_type, event) Link(queue, port) {queue, flow, schedule_type, event} = Dequeue(port)
5 Event Crypto Adapter • Poll mode drivers means individual queue polling and 100% CPU utilization irrespective of amount of traffic being processed. • Event based processing can work with ‘n’ queue’ • Event Port with Interrupt mode – no more wasted CPU cycles  • Each accelerator (Ethernet, Crypto, Timer etc) needs event adapter to connect eventdev • Event crypto adapter adapts the crypto queues to work for event framework • All crypto queues can be assigned to event device (hardware/ software scheduler) • Event device schedule the traffic to multiple queues • Support ordered, atomic and parallel queues • Reduces CPU utilization when traffic is low • Better utilization of hardware resources
6 Event Crypto Adapter processing
7 Crypto Adapter Example for NXP DPAA2 Platform eth-DPNI eth-DPNI DPSECI DPIODPIO eth-DPNI DPCONC while(1) { wait_for_event() dequeue(); process work; … enqueue(); } while(1) { wait_for_event() dequeue(); process work; … enqueue(); } Q Q Q Q EventDev EventQueueEventQueue Order preservation (atomic) Order restoration (ordered) Crypto Engine (SEC) Q Q Port 1 Port 2 Port 3 DPAA queuing & scheduling Q Q
8 IPSEC-SECGW *Sample* Application • Provide a L3 application for IPSEC forwarding • Security Policies(SP) and Security Associations(SA) are manually configured using a cfg file. • SPs are implemented as ACL rules • SAs are stored in a table • Routing is implemented using LPM • Support all security acceleration modes. • Support with and without IPSEC library • Works well with both hardware and software devices
9 Design principle for event in IPSec-secgw Limitation in current design • Synchronous Design • Crypto enqueue/dequeue APIs are defined to be used asynchronously but is getting used synchronously in the same thread. • Hardware crypto PMD may work slower on synchronous jobs – hence wasting cycles for empty dequeues • Continuous polling on the ethernet/crypto dev for dequeue • No free CPU Where event can help • When All (cryptodev/ethdev) queues are assigned to an eventdev, and we do dequeue from event device, • Segregate crypto/eth packets based on event type • Able to process both crypto and ethernet packets • So no more synchronous processing.  • If the underneath Event PMD support interrupt mode, dequeue will happen only in case packets are available. • Free CPU at low traffic rates.
10 Proposed Changes • Attach all crypto/ethernet queue to event device • From Each thread, Instead of dequeue from ethernet/crypto device, dequeue from event device • Segregate packets from ethernet/crypto queues based on event type • Packets from Crypto queues -> enqueue to ethernet device • Inbound packets will be plain packet • Outbound packets will be ESP packets • Packets from Ethernet queues -> enqueue to crypto device • Inbound packets will be ESP packet coming for decryption • Outbound packets will be Plain packets for Encryption.
11 Proposed Execution changes From each lcore thread Eth-EnqueueEth-dequeue Find SA Crypto-Enqueue Crypto-Dequeue Find Route From each lcore thread Event-dequeue Event type Crypto Eth Next Header type Next header type ESP Outbound pre- processing Crypto-Enqueue Non-ESP Inbound pre- processing Inbound post- processing Eth-Enqueue Non-ESP Outbound post- processing ESP Existing Model Event Driven Model
12 Challenges and Mitigation • Target is for 20.02. • Plan to send RFC in 19.11 timeframe • Main challenge is to co-exist with various crypto/security modes in the app. • Packet re-ordering • Use Atomic queues (for order preservation) • Use ordered queues (for order restoration) depending on available support in PMD • Cannot hold packets at any point to wait for next iteration • Process all packets from a burst and enqueue to next stage(crypto/eth) in the same context.
Questions? Hemant Agrawal <hemant.agrawal@nxp.com> Akhil Goyal <akhil.goyal@nxp.com>
14 Supported_processing_modes NIC L2 Application L3 librte_ipsec cryptodev Crypto Accelerator NET PMD HW CRYPTO PMD ethdev NIC L2 Application L3 librte_ipsec cryptodev lcore NET PMD SW CRYPTO PMD ethdev Lookaside Hardware Crypto Processing Core based Crypto Processing SmartNIC L2 Application L3 librte_ipsec NET PMD ethdev/flow/security SADB crypto IO based Inline Crypto Processing NIC L2 Application L3 Security cryptodev Crypto Accelerator NET PMD HW CRYPTO PMD ethdev Lookaside Hardware Security Processing lib_ipsec
15 IPSEC - Encrypt Packet Processing Packet Received Flow and SPD/SA Lookup Pre-Protocol Processing •Sequence Number •Random IV generation •Block Cipher Padding •Tunnel Header Preparations (TOS/ECN/DF etc) Crypto Processing •Encryption •Authentication Post-Protocol Processing IP Header Addition L2 process and transmission Lookaside Acceleration

Recommended

Dpdk: rte_security: An update and introducing PDCP
Dpdk: rte_security: An update and introducing PDCPDpdk: rte_security: An update and introducing PDCP
Dpdk: rte_security: An update and introducing PDCPHemant Agrawal
 
DPDK IPSec Security Gateway Application
DPDK IPSec Security Gateway ApplicationDPDK IPSec Security Gateway Application
DPDK IPSec Security Gateway ApplicationMichelle Holley
 
Kernel Recipes 2015: Greybus
Kernel Recipes 2015: GreybusKernel Recipes 2015: Greybus
Kernel Recipes 2015: GreybusAnne Nicolas
 
Symmetric Crypto for DPDK - Declan Doherty
Symmetric Crypto for DPDK - Declan DohertySymmetric Crypto for DPDK - Declan Doherty
Symmetric Crypto for DPDK - Declan Dohertyharryvanhaaren
 
HKG18-402 - Build secure key management services in OP-TEE
HKG18-402 - Build secure key management services in OP-TEEHKG18-402 - Build secure key management services in OP-TEE
HKG18-402 - Build secure key management services in OP-TEELinaro
 
DPDK IPSec performance benchmark ~ Georgii Tkachuk
DPDK IPSec performance benchmark ~ Georgii TkachukDPDK IPSec performance benchmark ~ Georgii Tkachuk
DPDK IPSec performance benchmark ~ Georgii TkachukIntel
 
Alessio Lama - Development and testing of a safety network protocol
Alessio Lama - Development and testing of a safety network protocolAlessio Lama - Development and testing of a safety network protocol
Alessio Lama - Development and testing of a safety network protocollinuxlab_conf
 
Mirko Damiani - An Embedded soft real time distributed system in Go
Mirko Damiani - An Embedded soft real time distributed system in GoMirko Damiani - An Embedded soft real time distributed system in Go
Mirko Damiani - An Embedded soft real time distributed system in Golinuxlab_conf
 

Recommended

Dpdk: rte_security: An update and introducing PDCP
Dpdk: rte_security: An update and introducing PDCPDpdk: rte_security: An update and introducing PDCP
Dpdk: rte_security: An update and introducing PDCPHemant Agrawal
 
DPDK IPSec Security Gateway Application
DPDK IPSec Security Gateway ApplicationDPDK IPSec Security Gateway Application
DPDK IPSec Security Gateway ApplicationMichelle Holley
 
Kernel Recipes 2015: Greybus
Kernel Recipes 2015: GreybusKernel Recipes 2015: Greybus
Kernel Recipes 2015: GreybusAnne Nicolas
 
Symmetric Crypto for DPDK - Declan Doherty
Symmetric Crypto for DPDK - Declan DohertySymmetric Crypto for DPDK - Declan Doherty
Symmetric Crypto for DPDK - Declan Dohertyharryvanhaaren
 
HKG18-402 - Build secure key management services in OP-TEE
HKG18-402 - Build secure key management services in OP-TEEHKG18-402 - Build secure key management services in OP-TEE
HKG18-402 - Build secure key management services in OP-TEELinaro
 
DPDK IPSec performance benchmark ~ Georgii Tkachuk
DPDK IPSec performance benchmark ~ Georgii TkachukDPDK IPSec performance benchmark ~ Georgii Tkachuk
DPDK IPSec performance benchmark ~ Georgii TkachukIntel
 
Alessio Lama - Development and testing of a safety network protocol
Alessio Lama - Development and testing of a safety network protocolAlessio Lama - Development and testing of a safety network protocol
Alessio Lama - Development and testing of a safety network protocollinuxlab_conf
 
Mirko Damiani - An Embedded soft real time distributed system in Go
Mirko Damiani - An Embedded soft real time distributed system in GoMirko Damiani - An Embedded soft real time distributed system in Go
Mirko Damiani - An Embedded soft real time distributed system in Golinuxlab_conf
 
BKK16-110 A Gentle Introduction to Trusted Execution and OP-TEE
BKK16-110 A Gentle Introduction to Trusted Execution and OP-TEEBKK16-110 A Gentle Introduction to Trusted Execution and OP-TEE
BKK16-110 A Gentle Introduction to Trusted Execution and OP-TEELinaro
 
Netsft2017 day in_life_of_nfv
Netsft2017 day in_life_of_nfvNetsft2017 day in_life_of_nfv
Netsft2017 day in_life_of_nfvIntel
 
Sfo15 408- odp-dpdk platform performance
Sfo15 408- odp-dpdk platform performanceSfo15 408- odp-dpdk platform performance
Sfo15 408- odp-dpdk platform performanceLinaro
 
LAS16-500: The Rise and Fall of Assembler and the VGIC from Hell
LAS16-500: The Rise and Fall of Assembler and the VGIC from HellLAS16-500: The Rise and Fall of Assembler and the VGIC from Hell
LAS16-500: The Rise and Fall of Assembler and the VGIC from HellLinaro
 
BKK16-103 OpenCSD - Open for Business!
BKK16-103 OpenCSD - Open for Business!BKK16-103 OpenCSD - Open for Business!
BKK16-103 OpenCSD - Open for Business!Linaro
 
BKK16-502 Suspend to Idle
BKK16-502 Suspend to IdleBKK16-502 Suspend to Idle
BKK16-502 Suspend to IdleLinaro
 
Using FPGA in Embedded Devices
Using FPGA in Embedded DevicesUsing FPGA in Embedded Devices
Using FPGA in Embedded DevicesGlobalLogic Ukraine
 
BUD17-300: Journey of a packet
BUD17-300: Journey of a packetBUD17-300: Journey of a packet
BUD17-300: Journey of a packetLinaro
 
How Linux Processes Your Network Packet - Elazar Leibovich
How Linux Processes Your Network Packet - Elazar LeibovichHow Linux Processes Your Network Packet - Elazar Leibovich
How Linux Processes Your Network Packet - Elazar LeibovichDevOpsDays Tel Aviv
 
P4 to OpenDataPlane Compiler - BUD17-304
P4 to OpenDataPlane Compiler - BUD17-304P4 to OpenDataPlane Compiler - BUD17-304
P4 to OpenDataPlane Compiler - BUD17-304Linaro
 
OVS and DPDK - T.F. Herbert, K. Traynor, M. Gray
OVS and DPDK - T.F. Herbert, K. Traynor, M. GrayOVS and DPDK - T.F. Herbert, K. Traynor, M. Gray
OVS and DPDK - T.F. Herbert, K. Traynor, M. Grayharryvanhaaren
 
Hotplug and Virtio - Tetsuya Mukawa
Hotplug and Virtio - Tetsuya MukawaHotplug and Virtio - Tetsuya Mukawa
Hotplug and Virtio - Tetsuya Mukawaharryvanhaaren
 
[DCG 25] Александр Большев - Never Trust Your Inputs or How To Fool an ADC
[DCG 25] Александр Большев - Never Trust Your Inputs or How To Fool an ADC [DCG 25] Александр Большев - Never Trust Your Inputs or How To Fool an ADC
[DCG 25] Александр Большев - Never Trust Your Inputs or How To Fool an ADC DefconRussia
 
LAS16-405:OpenDataPlane: Software Defined Dataplane leader
LAS16-405:OpenDataPlane: Software Defined Dataplane leaderLAS16-405:OpenDataPlane: Software Defined Dataplane leader
LAS16-405:OpenDataPlane: Software Defined Dataplane leaderLinaro
 
LAS16-TR03: Upstreaming 201
LAS16-TR03: Upstreaming 201LAS16-TR03: Upstreaming 201
LAS16-TR03: Upstreaming 201Linaro
 
EBPF and Linux Networking
EBPF and Linux NetworkingEBPF and Linux Networking
EBPF and Linux NetworkingPLUMgrid
 
Dpdk accelerated Ostinato
Dpdk accelerated OstinatoDpdk accelerated Ostinato
Dpdk accelerated Ostinatopstavirs
 
Hyperscan - Mohammad Abdul Awal
Hyperscan - Mohammad Abdul AwalHyperscan - Mohammad Abdul Awal
Hyperscan - Mohammad Abdul Awalharryvanhaaren
 
BUD17-214: Bus scaling QoS update
BUD17-214: Bus scaling QoS update BUD17-214: Bus scaling QoS update
BUD17-214: Bus scaling QoS update Linaro
 
LAS16-100K1: Welcome Keynote
LAS16-100K1: Welcome KeynoteLAS16-100K1: Welcome Keynote
LAS16-100K1: Welcome KeynoteLinaro
 
RISC V in Spacer
RISC V in SpacerRISC V in Spacer
RISC V in Spacerklepsydratechnologie
 
Improving Network Application Performance using Load Aware Libeventdev
Improving Network Application Performance using Load Aware LibeventdevImproving Network Application Performance using Load Aware Libeventdev
Improving Network Application Performance using Load Aware LibeventdevMichelle Holley
 

More Related Content

What's hot

BKK16-110 A Gentle Introduction to Trusted Execution and OP-TEE
BKK16-110 A Gentle Introduction to Trusted Execution and OP-TEEBKK16-110 A Gentle Introduction to Trusted Execution and OP-TEE
BKK16-110 A Gentle Introduction to Trusted Execution and OP-TEELinaro
 
Netsft2017 day in_life_of_nfv
Netsft2017 day in_life_of_nfvNetsft2017 day in_life_of_nfv
Netsft2017 day in_life_of_nfvIntel
 
Sfo15 408- odp-dpdk platform performance
Sfo15 408- odp-dpdk platform performanceSfo15 408- odp-dpdk platform performance
Sfo15 408- odp-dpdk platform performanceLinaro
 
LAS16-500: The Rise and Fall of Assembler and the VGIC from Hell
LAS16-500: The Rise and Fall of Assembler and the VGIC from HellLAS16-500: The Rise and Fall of Assembler and the VGIC from Hell
LAS16-500: The Rise and Fall of Assembler and the VGIC from HellLinaro
 
BKK16-103 OpenCSD - Open for Business!
BKK16-103 OpenCSD - Open for Business!BKK16-103 OpenCSD - Open for Business!
BKK16-103 OpenCSD - Open for Business!Linaro
 
BKK16-502 Suspend to Idle
BKK16-502 Suspend to IdleBKK16-502 Suspend to Idle
BKK16-502 Suspend to IdleLinaro
 
BUD17-300: Journey of a packet
BUD17-300: Journey of a packetBUD17-300: Journey of a packet
BUD17-300: Journey of a packetLinaro
 
How Linux Processes Your Network Packet - Elazar Leibovich
How Linux Processes Your Network Packet - Elazar LeibovichHow Linux Processes Your Network Packet - Elazar Leibovich
How Linux Processes Your Network Packet - Elazar LeibovichDevOpsDays Tel Aviv
 
P4 to OpenDataPlane Compiler - BUD17-304
P4 to OpenDataPlane Compiler - BUD17-304P4 to OpenDataPlane Compiler - BUD17-304
P4 to OpenDataPlane Compiler - BUD17-304Linaro
 
OVS and DPDK - T.F. Herbert, K. Traynor, M. Gray
OVS and DPDK - T.F. Herbert, K. Traynor, M. GrayOVS and DPDK - T.F. Herbert, K. Traynor, M. Gray
OVS and DPDK - T.F. Herbert, K. Traynor, M. Grayharryvanhaaren
 
Hotplug and Virtio - Tetsuya Mukawa
Hotplug and Virtio - Tetsuya MukawaHotplug and Virtio - Tetsuya Mukawa
Hotplug and Virtio - Tetsuya Mukawaharryvanhaaren
 
[DCG 25] Александр Большев - Never Trust Your Inputs or How To Fool an ADC
[DCG 25] Александр Большев - Never Trust Your Inputs or How To Fool an ADC [DCG 25] Александр Большев - Never Trust Your Inputs or How To Fool an ADC
[DCG 25] Александр Большев - Never Trust Your Inputs or How To Fool an ADC DefconRussia
 
LAS16-405:OpenDataPlane: Software Defined Dataplane leader
LAS16-405:OpenDataPlane: Software Defined Dataplane leaderLAS16-405:OpenDataPlane: Software Defined Dataplane leader
LAS16-405:OpenDataPlane: Software Defined Dataplane leaderLinaro
 
LAS16-TR03: Upstreaming 201
LAS16-TR03: Upstreaming 201LAS16-TR03: Upstreaming 201
LAS16-TR03: Upstreaming 201Linaro
 
EBPF and Linux Networking
EBPF and Linux NetworkingEBPF and Linux Networking
EBPF and Linux NetworkingPLUMgrid
 
Dpdk accelerated Ostinato
Dpdk accelerated OstinatoDpdk accelerated Ostinato
Dpdk accelerated Ostinatopstavirs
 
Hyperscan - Mohammad Abdul Awal
Hyperscan - Mohammad Abdul AwalHyperscan - Mohammad Abdul Awal
Hyperscan - Mohammad Abdul Awalharryvanhaaren
 
BUD17-214: Bus scaling QoS update
BUD17-214: Bus scaling QoS update BUD17-214: Bus scaling QoS update
BUD17-214: Bus scaling QoS update Linaro
 
LAS16-100K1: Welcome Keynote
LAS16-100K1: Welcome KeynoteLAS16-100K1: Welcome Keynote
LAS16-100K1: Welcome KeynoteLinaro
 

What's hot (20)

BKK16-110 A Gentle Introduction to Trusted Execution and OP-TEE
BKK16-110 A Gentle Introduction to Trusted Execution and OP-TEEBKK16-110 A Gentle Introduction to Trusted Execution and OP-TEE
BKK16-110 A Gentle Introduction to Trusted Execution and OP-TEE
 
Netsft2017 day in_life_of_nfv
Netsft2017 day in_life_of_nfvNetsft2017 day in_life_of_nfv
Netsft2017 day in_life_of_nfv
 
Sfo15 408- odp-dpdk platform performance
Sfo15 408- odp-dpdk platform performanceSfo15 408- odp-dpdk platform performance
Sfo15 408- odp-dpdk platform performance
 
LAS16-500: The Rise and Fall of Assembler and the VGIC from Hell
LAS16-500: The Rise and Fall of Assembler and the VGIC from HellLAS16-500: The Rise and Fall of Assembler and the VGIC from Hell
LAS16-500: The Rise and Fall of Assembler and the VGIC from Hell
 
BKK16-103 OpenCSD - Open for Business!
BKK16-103 OpenCSD - Open for Business!BKK16-103 OpenCSD - Open for Business!
BKK16-103 OpenCSD - Open for Business!
 
BKK16-502 Suspend to Idle
BKK16-502 Suspend to IdleBKK16-502 Suspend to Idle
BKK16-502 Suspend to Idle
 
Using FPGA in Embedded Devices
Using FPGA in Embedded DevicesUsing FPGA in Embedded Devices
Using FPGA in Embedded Devices
 
BUD17-300: Journey of a packet
BUD17-300: Journey of a packetBUD17-300: Journey of a packet
BUD17-300: Journey of a packet
 
How Linux Processes Your Network Packet - Elazar Leibovich
How Linux Processes Your Network Packet - Elazar LeibovichHow Linux Processes Your Network Packet - Elazar Leibovich
How Linux Processes Your Network Packet - Elazar Leibovich
 
P4 to OpenDataPlane Compiler - BUD17-304
P4 to OpenDataPlane Compiler - BUD17-304P4 to OpenDataPlane Compiler - BUD17-304
P4 to OpenDataPlane Compiler - BUD17-304
 
OVS and DPDK - T.F. Herbert, K. Traynor, M. Gray
OVS and DPDK - T.F. Herbert, K. Traynor, M. GrayOVS and DPDK - T.F. Herbert, K. Traynor, M. Gray
OVS and DPDK - T.F. Herbert, K. Traynor, M. Gray
 
Hotplug and Virtio - Tetsuya Mukawa
Hotplug and Virtio - Tetsuya MukawaHotplug and Virtio - Tetsuya Mukawa
Hotplug and Virtio - Tetsuya Mukawa
 
[DCG 25] Александр Большев - Never Trust Your Inputs or How To Fool an ADC
[DCG 25] Александр Большев - Never Trust Your Inputs or How To Fool an ADC [DCG 25] Александр Большев - Never Trust Your Inputs or How To Fool an ADC
[DCG 25] Александр Большев - Never Trust Your Inputs or How To Fool an ADC
 
LAS16-405:OpenDataPlane: Software Defined Dataplane leader
LAS16-405:OpenDataPlane: Software Defined Dataplane leaderLAS16-405:OpenDataPlane: Software Defined Dataplane leader
LAS16-405:OpenDataPlane: Software Defined Dataplane leader
 
LAS16-TR03: Upstreaming 201
LAS16-TR03: Upstreaming 201LAS16-TR03: Upstreaming 201
LAS16-TR03: Upstreaming 201
 
EBPF and Linux Networking
EBPF and Linux NetworkingEBPF and Linux Networking
EBPF and Linux Networking
 
Dpdk accelerated Ostinato
Dpdk accelerated OstinatoDpdk accelerated Ostinato
Dpdk accelerated Ostinato
 
Hyperscan - Mohammad Abdul Awal
Hyperscan - Mohammad Abdul AwalHyperscan - Mohammad Abdul Awal
Hyperscan - Mohammad Abdul Awal
 
BUD17-214: Bus scaling QoS update
BUD17-214: Bus scaling QoS update BUD17-214: Bus scaling QoS update
BUD17-214: Bus scaling QoS update
 
LAS16-100K1: Welcome Keynote
LAS16-100K1: Welcome KeynoteLAS16-100K1: Welcome Keynote
LAS16-100K1: Welcome Keynote
 

Similar to Dpdk 2019-ipsec-eventdev

Improving Network Application Performance using Load Aware Libeventdev
Improving Network Application Performance using Load Aware LibeventdevImproving Network Application Performance using Load Aware Libeventdev
Improving Network Application Performance using Load Aware LibeventdevMichelle Holley
 
Exploring the Final Frontier of Data Center Orchestration: Network Elements -...
Exploring the Final Frontier of Data Center Orchestration: Network Elements -...Exploring the Final Frontier of Data Center Orchestration: Network Elements -...
Exploring the Final Frontier of Data Center Orchestration: Network Elements -...Puppet
 
Snabbflow: A Scalable IPFIX exporter
Snabbflow: A Scalable IPFIX exporterSnabbflow: A Scalable IPFIX exporter
Snabbflow: A Scalable IPFIX exporterIgalia
 
LCU14 310- Cisco ODP v2
LCU14 310- Cisco ODP v2LCU14 310- Cisco ODP v2
LCU14 310- Cisco ODP v2Linaro
 
DPDK Summit 2015 - Intel - Keith Wiles
DPDK Summit 2015 - Intel - Keith WilesDPDK Summit 2015 - Intel - Keith Wiles
DPDK Summit 2015 - Intel - Keith WilesJim St. Leger
 
Install FD.IO VPP On Intel(r) Architecture & Test with Trex*
Install FD.IO VPP On Intel(r) Architecture & Test with Trex*Install FD.IO VPP On Intel(r) Architecture & Test with Trex*
Install FD.IO VPP On Intel(r) Architecture & Test with Trex*Michelle Holley
 
Introduction to DPDK
Introduction to DPDKIntroduction to DPDK
Introduction to DPDKKernel TLV
 
Security defined routing_cybergamut_v1_1
Security defined routing_cybergamut_v1_1Security defined routing_cybergamut_v1_1
Security defined routing_cybergamut_v1_1Joel W. King
 
RINA overview and ongoing research in EC-funded projects, ISO SC6 WG7
RINA overview and ongoing research in EC-funded projects, ISO SC6 WG7RINA overview and ongoing research in EC-funded projects, ISO SC6 WG7
RINA overview and ongoing research in EC-funded projects, ISO SC6 WG7Eleni Trouva
 
FD.io Vector Packet Processing (VPP)
FD.io Vector Packet Processing (VPP)FD.io Vector Packet Processing (VPP)
FD.io Vector Packet Processing (VPP)Kirill Tsym
 
FD.IO Vector Packet Processing
FD.IO Vector Packet ProcessingFD.IO Vector Packet Processing
FD.IO Vector Packet ProcessingKernel TLV
 
H2020 finsec-ibm- aidan-shribman-finsec-skydive 260820
H2020 finsec-ibm- aidan-shribman-finsec-skydive 260820H2020 finsec-ibm- aidan-shribman-finsec-skydive 260820
H2020 finsec-ibm- aidan-shribman-finsec-skydive 260820innov-acts-ltd
 
Azure Event Hubs - Behind the Scenes With Kasun Indrasiri | Current 2022
Azure Event Hubs - Behind the Scenes With Kasun Indrasiri | Current 2022Azure Event Hubs - Behind the Scenes With Kasun Indrasiri | Current 2022
Azure Event Hubs - Behind the Scenes With Kasun Indrasiri | Current 2022HostedbyConfluent
 
Container & kubernetes
Container & kubernetesContainer & kubernetes
Container & kubernetesTed Jung
 
Cloud Native Networking & Security with Cilium & eBPF
Cloud Native Networking & Security with Cilium & eBPFCloud Native Networking & Security with Cilium & eBPF
Cloud Native Networking & Security with Cilium & eBPFRaphaël PINSON
 
Seastar at Linux Foundation Collaboration Summit
Seastar at Linux Foundation Collaboration SummitSeastar at Linux Foundation Collaboration Summit
Seastar at Linux Foundation Collaboration SummitDon Marti
 

Similar to Dpdk 2019-ipsec-eventdev (20)

RISC V in Spacer
RISC V in SpacerRISC V in Spacer
RISC V in Spacer
 
Improving Network Application Performance using Load Aware Libeventdev
Improving Network Application Performance using Load Aware LibeventdevImproving Network Application Performance using Load Aware Libeventdev
Improving Network Application Performance using Load Aware Libeventdev
 
Exploring the Final Frontier of Data Center Orchestration: Network Elements -...
Exploring the Final Frontier of Data Center Orchestration: Network Elements -...Exploring the Final Frontier of Data Center Orchestration: Network Elements -...
Exploring the Final Frontier of Data Center Orchestration: Network Elements -...
 
Snabbflow: A Scalable IPFIX exporter
Snabbflow: A Scalable IPFIX exporterSnabbflow: A Scalable IPFIX exporter
Snabbflow: A Scalable IPFIX exporter
 
LCU14 310- Cisco ODP v2
LCU14 310- Cisco ODP v2LCU14 310- Cisco ODP v2
LCU14 310- Cisco ODP v2
 
DPDK Summit 2015 - Intel - Keith Wiles
DPDK Summit 2015 - Intel - Keith WilesDPDK Summit 2015 - Intel - Keith Wiles
DPDK Summit 2015 - Intel - Keith Wiles
 
Install FD.IO VPP On Intel(r) Architecture & Test with Trex*
Install FD.IO VPP On Intel(r) Architecture & Test with Trex*Install FD.IO VPP On Intel(r) Architecture & Test with Trex*
Install FD.IO VPP On Intel(r) Architecture & Test with Trex*
 
Introduction to DPDK
Introduction to DPDKIntroduction to DPDK
Introduction to DPDK
 
Security defined routing_cybergamut_v1_1
Security defined routing_cybergamut_v1_1Security defined routing_cybergamut_v1_1
Security defined routing_cybergamut_v1_1
 
RINA overview and ongoing research in EC-funded projects, ISO SC6 WG7
RINA overview and ongoing research in EC-funded projects, ISO SC6 WG7RINA overview and ongoing research in EC-funded projects, ISO SC6 WG7
RINA overview and ongoing research in EC-funded projects, ISO SC6 WG7
 
Building a Router
Building a RouterBuilding a Router
Building a Router
 
FD.io Vector Packet Processing (VPP)
FD.io Vector Packet Processing (VPP)FD.io Vector Packet Processing (VPP)
FD.io Vector Packet Processing (VPP)
 
FD.IO Vector Packet Processing
FD.IO Vector Packet ProcessingFD.IO Vector Packet Processing
FD.IO Vector Packet Processing
 
H2020 finsec-ibm- aidan-shribman-finsec-skydive 260820
H2020 finsec-ibm- aidan-shribman-finsec-skydive 260820H2020 finsec-ibm- aidan-shribman-finsec-skydive 260820
H2020 finsec-ibm- aidan-shribman-finsec-skydive 260820
 
Azure Event Hubs - Behind the Scenes With Kasun Indrasiri | Current 2022
Azure Event Hubs - Behind the Scenes With Kasun Indrasiri | Current 2022Azure Event Hubs - Behind the Scenes With Kasun Indrasiri | Current 2022
Azure Event Hubs - Behind the Scenes With Kasun Indrasiri | Current 2022
 
Container & kubernetes
Container & kubernetesContainer & kubernetes
Container & kubernetes
 
GR740 User day
GR740 User dayGR740 User day
GR740 User day
 
Current Trends in HPC
Current Trends in HPCCurrent Trends in HPC
Current Trends in HPC
 
Cloud Native Networking & Security with Cilium & eBPF
Cloud Native Networking & Security with Cilium & eBPFCloud Native Networking & Security with Cilium & eBPF
Cloud Native Networking & Security with Cilium & eBPF
 
Seastar at Linux Foundation Collaboration Summit
Seastar at Linux Foundation Collaboration SummitSeastar at Linux Foundation Collaboration Summit
Seastar at Linux Foundation Collaboration Summit
 

Recently uploaded

5 Signs You Need a Fashion PLM Software.pdf
5 Signs You Need a Fashion PLM Software.pdf5 Signs You Need a Fashion PLM Software.pdf
5 Signs You Need a Fashion PLM Software.pdfWave PLM
 
ODSC - Batch to Stream workshop - integration of Apache Spark, Cassandra, Pos...
ODSC - Batch to Stream workshop - integration of Apache Spark, Cassandra, Pos...ODSC - Batch to Stream workshop - integration of Apache Spark, Cassandra, Pos...
ODSC - Batch to Stream workshop - integration of Apache Spark, Cassandra, Pos...Christina Lin
 
The Ultimate Test Automation Guide_ Best Practices and Tips.pdf
The Ultimate Test Automation Guide_ Best Practices and Tips.pdfThe Ultimate Test Automation Guide_ Best Practices and Tips.pdf
The Ultimate Test Automation Guide_ Best Practices and Tips.pdfkalichargn70th171
 
Building Real-Time Data Pipelines: Stream & Batch Processing workshop Slide
Building Real-Time Data Pipelines: Stream & Batch Processing workshop SlideBuilding Real-Time Data Pipelines: Stream & Batch Processing workshop Slide
Building Real-Time Data Pipelines: Stream & Batch Processing workshop SlideChristina Lin
 
Unit 1.1 Excite Part 1, class 9, cbse...
Unit 1.1 Excite Part 1, class 9, cbse...Unit 1.1 Excite Part 1, class 9, cbse...
Unit 1.1 Excite Part 1, class 9, cbse...aditisharan08
 
why an Opensea Clone Script might be your perfect match.pdf
why an Opensea Clone Script might be your perfect match.pdfwhy an Opensea Clone Script might be your perfect match.pdf
why an Opensea Clone Script might be your perfect match.pdfjoe51371421
 
BATTLEFIELD ORM: TIPS, TACTICS AND STRATEGIES FOR CONQUERING YOUR DATABASE
BATTLEFIELD ORM: TIPS, TACTICS AND STRATEGIES FOR CONQUERING YOUR DATABASEBATTLEFIELD ORM: TIPS, TACTICS AND STRATEGIES FOR CONQUERING YOUR DATABASE
BATTLEFIELD ORM: TIPS, TACTICS AND STRATEGIES FOR CONQUERING YOUR DATABASEOrtus Solutions, Corp
 
Adobe Marketo Engage Deep Dives: Using Webhooks to Transfer Data
Adobe Marketo Engage Deep Dives: Using Webhooks to Transfer DataAdobe Marketo Engage Deep Dives: Using Webhooks to Transfer Data
Adobe Marketo Engage Deep Dives: Using Webhooks to Transfer DataBradBedford3
 
Reassessing the Bedrock of Clinical Function Models: An Examination of Large ...
Reassessing the Bedrock of Clinical Function Models: An Examination of Large ...Reassessing the Bedrock of Clinical Function Models: An Examination of Large ...
Reassessing the Bedrock of Clinical Function Models: An Examination of Large ...harshavardhanraghave
 
Alluxio Monthly Webinar | Cloud-Native Model Training on Distributed Data
Alluxio Monthly Webinar | Cloud-Native Model Training on Distributed DataAlluxio Monthly Webinar | Cloud-Native Model Training on Distributed Data
Alluxio Monthly Webinar | Cloud-Native Model Training on Distributed DataAlluxio, Inc.
 
HR Software Buyers Guide in 2024 - HRSoftware.com
HR Software Buyers Guide in 2024 - HRSoftware.comHR Software Buyers Guide in 2024 - HRSoftware.com
HR Software Buyers Guide in 2024 - HRSoftware.comFatema Valibhai
 
Professional Resume Template for Software Developers
Professional Resume Template for Software DevelopersProfessional Resume Template for Software Developers
Professional Resume Template for Software DevelopersVinodh Ram
 
Short Story: Unveiling the Reasoning Abilities of Large Language Models by Ke...
Short Story: Unveiling the Reasoning Abilities of Large Language Models by Ke...Short Story: Unveiling the Reasoning Abilities of Large Language Models by Ke...
Short Story: Unveiling the Reasoning Abilities of Large Language Models by Ke...kellynguyen01
 
Asset Management Software - Infographic
Asset Management Software - InfographicAsset Management Software - Infographic
Asset Management Software - InfographicHr365.us smith
 
Unlocking the Future of AI Agents with Large Language Models
Unlocking the Future of AI Agents with Large Language ModelsUnlocking the Future of AI Agents with Large Language Models
Unlocking the Future of AI Agents with Large Language Modelsaagamshah0812
 
Project Based Learning (A.I).pptx detail explanation
Project Based Learning (A.I).pptx detail explanationProject Based Learning (A.I).pptx detail explanation
Project Based Learning (A.I).pptx detail explanationkaushalgiri8080
 
EY_Graph Database Powered Sustainability
EY_Graph Database Powered SustainabilityEY_Graph Database Powered Sustainability
EY_Graph Database Powered SustainabilityNeo4j
 
Optimizing AI for immediate response in Smart CCTV
Optimizing AI for immediate response in Smart CCTVOptimizing AI for immediate response in Smart CCTV
Optimizing AI for immediate response in Smart CCTVshikhaohhpro
 
The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...
The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...
The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...ICS
 
chapter--4-software-project-planning.ppt
chapter--4-software-project-planning.pptchapter--4-software-project-planning.ppt
chapter--4-software-project-planning.pptkotipi9215
 

Recently uploaded (20)

5 Signs You Need a Fashion PLM Software.pdf
5 Signs You Need a Fashion PLM Software.pdf5 Signs You Need a Fashion PLM Software.pdf
5 Signs You Need a Fashion PLM Software.pdf
 
ODSC - Batch to Stream workshop - integration of Apache Spark, Cassandra, Pos...
ODSC - Batch to Stream workshop - integration of Apache Spark, Cassandra, Pos...ODSC - Batch to Stream workshop - integration of Apache Spark, Cassandra, Pos...
ODSC - Batch to Stream workshop - integration of Apache Spark, Cassandra, Pos...
 
The Ultimate Test Automation Guide_ Best Practices and Tips.pdf
The Ultimate Test Automation Guide_ Best Practices and Tips.pdfThe Ultimate Test Automation Guide_ Best Practices and Tips.pdf
The Ultimate Test Automation Guide_ Best Practices and Tips.pdf
 
Building Real-Time Data Pipelines: Stream & Batch Processing workshop Slide
Building Real-Time Data Pipelines: Stream & Batch Processing workshop SlideBuilding Real-Time Data Pipelines: Stream & Batch Processing workshop Slide
Building Real-Time Data Pipelines: Stream & Batch Processing workshop Slide
 
Unit 1.1 Excite Part 1, class 9, cbse...
Unit 1.1 Excite Part 1, class 9, cbse...Unit 1.1 Excite Part 1, class 9, cbse...
Unit 1.1 Excite Part 1, class 9, cbse...
 
why an Opensea Clone Script might be your perfect match.pdf
why an Opensea Clone Script might be your perfect match.pdfwhy an Opensea Clone Script might be your perfect match.pdf
why an Opensea Clone Script might be your perfect match.pdf
 
BATTLEFIELD ORM: TIPS, TACTICS AND STRATEGIES FOR CONQUERING YOUR DATABASE
BATTLEFIELD ORM: TIPS, TACTICS AND STRATEGIES FOR CONQUERING YOUR DATABASEBATTLEFIELD ORM: TIPS, TACTICS AND STRATEGIES FOR CONQUERING YOUR DATABASE
BATTLEFIELD ORM: TIPS, TACTICS AND STRATEGIES FOR CONQUERING YOUR DATABASE
 
Adobe Marketo Engage Deep Dives: Using Webhooks to Transfer Data
Adobe Marketo Engage Deep Dives: Using Webhooks to Transfer DataAdobe Marketo Engage Deep Dives: Using Webhooks to Transfer Data
Adobe Marketo Engage Deep Dives: Using Webhooks to Transfer Data
 
Reassessing the Bedrock of Clinical Function Models: An Examination of Large ...
Reassessing the Bedrock of Clinical Function Models: An Examination of Large ...Reassessing the Bedrock of Clinical Function Models: An Examination of Large ...
Reassessing the Bedrock of Clinical Function Models: An Examination of Large ...
 
Alluxio Monthly Webinar | Cloud-Native Model Training on Distributed Data
Alluxio Monthly Webinar | Cloud-Native Model Training on Distributed DataAlluxio Monthly Webinar | Cloud-Native Model Training on Distributed Data
Alluxio Monthly Webinar | Cloud-Native Model Training on Distributed Data
 
HR Software Buyers Guide in 2024 - HRSoftware.com
HR Software Buyers Guide in 2024 - HRSoftware.comHR Software Buyers Guide in 2024 - HRSoftware.com
HR Software Buyers Guide in 2024 - HRSoftware.com
 
Professional Resume Template for Software Developers
Professional Resume Template for Software DevelopersProfessional Resume Template for Software Developers
Professional Resume Template for Software Developers
 
Short Story: Unveiling the Reasoning Abilities of Large Language Models by Ke...
Short Story: Unveiling the Reasoning Abilities of Large Language Models by Ke...Short Story: Unveiling the Reasoning Abilities of Large Language Models by Ke...
Short Story: Unveiling the Reasoning Abilities of Large Language Models by Ke...
 
Asset Management Software - Infographic
Asset Management Software - InfographicAsset Management Software - Infographic
Asset Management Software - Infographic
 
Unlocking the Future of AI Agents with Large Language Models
Unlocking the Future of AI Agents with Large Language ModelsUnlocking the Future of AI Agents with Large Language Models
Unlocking the Future of AI Agents with Large Language Models
 
Project Based Learning (A.I).pptx detail explanation
Project Based Learning (A.I).pptx detail explanationProject Based Learning (A.I).pptx detail explanation
Project Based Learning (A.I).pptx detail explanation
 
EY_Graph Database Powered Sustainability
EY_Graph Database Powered SustainabilityEY_Graph Database Powered Sustainability
EY_Graph Database Powered Sustainability
 
Optimizing AI for immediate response in Smart CCTV
Optimizing AI for immediate response in Smart CCTVOptimizing AI for immediate response in Smart CCTV
Optimizing AI for immediate response in Smart CCTV
 
The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...
The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...
The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...
 
chapter--4-software-project-planning.ppt
chapter--4-software-project-planning.pptchapter--4-software-project-planning.ppt
chapter--4-software-project-planning.ppt
 

Dpdk 2019-ipsec-eventdev

  • 1. x Adding Eventdev support in ipsec-gw application Hemant Agrawal (NXP) Akhil Goyal (NXP) DPDK Userspace - 2019
  • 2. • Overview • Cryptodev • Event Crypto Adapter • Crypto Event Adapter Processing Example • Proposed changes in IPSEC event Gateway
  • 3. 3 CRYPTODEV • A framework for processing symmetric and asymmetric crypto workload. • Provides a standard API supporting transparent crypto processing for all vendors of crypto(SW/HW) PMD. • Poll mode driver infrastructure with the recent addition of event mode support. • User can choose to use any combination of software/hardware PMD and schedule work between them User Application Device management Device Capabilities Queue Pair Management Symmetric session management Asymmetric session management Operation processing (Enqueue/Dequeue) DPDK CRYPTODEV API COMPONENTS Device Statistics x86 Libraries OPENSSL DPAA2_SEC DPAA_SEC QAT AESNI-MBARMv8SCHEDULERCCP CAAM_JR NXP Hardware ARM libraries Marvell Hardware Libsso lib AMD Hard ware Intel ware Intel Hard ware CRYPTO PMDs OCTEONTX MVSAM
  • 4. 4 event driven model Flow 0 Flow 1 Flow n Event Queue 0 Flow 0 Flow 1 Flow n Event Queue 1 Flow 0 Flow 1 Flow n Event Queue n Event Port 0 Event Port 1 Event Port 2 Event Port n Core 0 Core 1 Core 2 Core n Rx Packet event An Event device Crypto completion event Timer expiry event Event from Devices Core(SW) event Enqueue(queue, flow, schedule_type, event) Link(queue, port) {queue, flow, schedule_type, event} = Dequeue(port)
  • 5. 5 Event Crypto Adapter • Poll mode drivers means individual queue polling and 100% CPU utilization irrespective of amount of traffic being processed. • Event based processing can work with ‘n’ queue’ • Event Port with Interrupt mode – no more wasted CPU cycles  • Each accelerator (Ethernet, Crypto, Timer etc) needs event adapter to connect eventdev • Event crypto adapter adapts the crypto queues to work for event framework • All crypto queues can be assigned to event device (hardware/ software scheduler) • Event device schedule the traffic to multiple queues • Support ordered, atomic and parallel queues • Reduces CPU utilization when traffic is low • Better utilization of hardware resources
  • 7. 7 Crypto Adapter Example for NXP DPAA2 Platform eth-DPNI eth-DPNI DPSECI DPIODPIO eth-DPNI DPCONC while(1) { wait_for_event() dequeue(); process work; … enqueue(); } while(1) { wait_for_event() dequeue(); process work; … enqueue(); } Q Q Q Q EventDev EventQueueEventQueue Order preservation (atomic) Order restoration (ordered) Crypto Engine (SEC) Q Q Port 1 Port 2 Port 3 DPAA queuing & scheduling Q Q
  • 8. 8 IPSEC-SECGW *Sample* Application • Provide a L3 application for IPSEC forwarding • Security Policies(SP) and Security Associations(SA) are manually configured using a cfg file. • SPs are implemented as ACL rules • SAs are stored in a table • Routing is implemented using LPM • Support all security acceleration modes. • Support with and without IPSEC library • Works well with both hardware and software devices
  • 9. 9 Design principle for event in IPSec-secgw Limitation in current design • Synchronous Design • Crypto enqueue/dequeue APIs are defined to be used asynchronously but is getting used synchronously in the same thread. • Hardware crypto PMD may work slower on synchronous jobs – hence wasting cycles for empty dequeues • Continuous polling on the ethernet/crypto dev for dequeue • No free CPU Where event can help • When All (cryptodev/ethdev) queues are assigned to an eventdev, and we do dequeue from event device, • Segregate crypto/eth packets based on event type • Able to process both crypto and ethernet packets • So no more synchronous processing.  • If the underneath Event PMD support interrupt mode, dequeue will happen only in case packets are available. • Free CPU at low traffic rates.
  • 10. 10 Proposed Changes • Attach all crypto/ethernet queue to event device • From Each thread, Instead of dequeue from ethernet/crypto device, dequeue from event device • Segregate packets from ethernet/crypto queues based on event type • Packets from Crypto queues -> enqueue to ethernet device • Inbound packets will be plain packet • Outbound packets will be ESP packets • Packets from Ethernet queues -> enqueue to crypto device • Inbound packets will be ESP packet coming for decryption • Outbound packets will be Plain packets for Encryption.
  • 11. 11 Proposed Execution changes From each lcore thread Eth-EnqueueEth-dequeue Find SA Crypto-Enqueue Crypto-Dequeue Find Route From each lcore thread Event-dequeue Event type Crypto Eth Next Header type Next header type ESP Outbound pre- processing Crypto-Enqueue Non-ESP Inbound pre- processing Inbound post- processing Eth-Enqueue Non-ESP Outbound post- processing ESP Existing Model Event Driven Model
  • 12. 12 Challenges and Mitigation • Target is for 20.02. • Plan to send RFC in 19.11 timeframe • Main challenge is to co-exist with various crypto/security modes in the app. • Packet re-ordering • Use Atomic queues (for order preservation) • Use ordered queues (for order restoration) depending on available support in PMD • Cannot hold packets at any point to wait for next iteration • Process all packets from a burst and enqueue to next stage(crypto/eth) in the same context.
  • 14. 14 Supported_processing_modes NIC L2 Application L3 librte_ipsec cryptodev Crypto Accelerator NET PMD HW CRYPTO PMD ethdev NIC L2 Application L3 librte_ipsec cryptodev lcore NET PMD SW CRYPTO PMD ethdev Lookaside Hardware Crypto Processing Core based Crypto Processing SmartNIC L2 Application L3 librte_ipsec NET PMD ethdev/flow/security SADB crypto IO based Inline Crypto Processing NIC L2 Application L3 Security cryptodev Crypto Accelerator NET PMD HW CRYPTO PMD ethdev Lookaside Hardware Security Processing lib_ipsec
  • 15. 15 IPSEC - Encrypt Packet Processing Packet Received Flow and SPD/SA Lookup Pre-Protocol Processing •Sequence Number •Random IV generation •Block Cipher Padding •Tunnel Header Preparations (TOS/ECN/DF etc) Crypto Processing •Encryption •Authentication Post-Protocol Processing IP Header Addition L2 process and transmission Lookaside Acceleration