docs/report/introduction/methodology_ipsec.rst

   1 Internet Protocol Security (IPsec)
   2 ----------------------------------
   3
   4 VPP IPsec performance tests are executed for the following crypto
   5 plugins:
   6
   7 - `crypto_native`, used for software based crypto leveraging CPU
   8   platform optimizations e.g. Intel's AES-NI instruction set.
   9 - `crypto_ipsecmb`, used for hardware based crypto with Intel QAT PCIe
  10   cards.
  11
  12 IPsec with VPP Native SW Crypto
  13 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  14
  15 Currently |csit-release| implements following IPsec test cases relying
  16 on VPP native crypto (`crypto_native` plugin):
  17
  18 +-------------------+------------------+----------------+------------------+
  19 | VPP Crypto Engine | ESP Encryption   | ESP Integrity  | Scale Tested     |
  20 +===================+==================+================+==================+
  21 | crypto_native     | AES[128|256]-GCM | GCM            | 1 to 60k tunnels |
  22 +-------------------+------------------+----------------+------------------+
  23 | crypto_native     | AES128-CBC       | SHA[256|512]   | 1 to 60k tunnels |
  24 +-------------------+------------------+----------------+------------------+
  25
  26 VPP IPsec with SW crypto are executed in both tunnel and policy modes,
  27 with tests running on 3-node testbeds: 3n-skx.
  28
  29 IPsec with Intel QAT HW
  30 ^^^^^^^^^^^^^^^^^^^^^^^
  31
  32 Currently |csit-release| implements following IPsec test cases relying
  33 on ipsecmb library (`crypto_ipsecmb` plugin) and Intel QAT 8950 (50G HW
  34 crypto card):
  35
  36 dpdk_cryptodev
  37
  38 +-------------------+---------------------+------------------+----------------+------------------+
  39 | VPP Crypto Engine | VPP Crypto Workers  | ESP Encryption   | ESP Integrity  | Scale Tested     |
  40 +===================+=====================+==================+================+==================+
  41 | crypto_ipsecmb    | sync/all workers    | AES[128|256]-GCM | GCM            | 1, 1k tunnels    |
  42 +-------------------+---------------------+------------------+----------------+------------------+
  43 | crypto_ipsecmb    | sync/all workers    | AES[128]-CBC     | SHA[256|512]   | 1, 1k tunnels    |
  44 +-------------------+---------------------+------------------+----------------+------------------+
  45 | crypto_ipsecmb    | async/crypto worker | AES[128|256]-GCM | GCM            | 1, 4, 1k tunnels |
  46 +-------------------+---------------------+------------------+----------------+------------------+
  47 | crypto_ipsecmb    | async/crypto worker | AES[128]-CBC     | SHA[256|512]   | 1, 4, 1k tunnels |
  48 +-------------------+---------------------+------------------+----------------+------------------+
  49