IPSec demo on T1040RDB

Document created by Ugendreshwar Kudupudi Employee on Apr 15, 2015Last modified by Ugendreshwar Kudupudi Employee on Oct 5, 2015
Version 5Show Document
  • View in full screen mode

IPSec Performance Reproducibility Procedure on T1040RDB platform

 

1. Enable ASF in Linux Kernel

    

     Step 1: Launch the kernel menu using the command: bitbake -c menuconfig virtual/kernel


     Step 2: Enable ASF under Device Driver -> Networking device support -> Application Specific Fastpath



Capture.GIF.gif


     Step 3: Build the final binaries that needs to be loaded on T1040RDB using the command : bitbake fsl-image-core


NOTE: The ASF modules are compiled as dynamically loadable modules and placed in the ROOTFS under the path /usr/driver/asf/min and /usr/driver/asf/full


2. Steps to boot the board with 2 cores:  (optional)

 

=> cpu 2 disable

=> cpu 3 disable

 

=> boot

Board configuration after Linux is up

 

A. Enable ip_forwarding and Linux performance parameters

 

  • echo 1 > /proc/sys/net/ipv4/ip_forward
  • echo 9000 > /proc/sys/net/netfilter/nf_conntrack_udp_timeout
  • echo 9000 >/proc/sys/net/netfilter/nf_conntrack_udp_timeout_stream

 

 

B. Insmod ASF ko’s

 

  • cd /usr/driver/asf/min
  • insmod asf.ko
  • insmod asfctrl.ko
  • insmod asfipsec.ko
  • insmod asfctrl_ipsec.ko

 

C. Run fmc command :

 

  • cd /usr/driver/asf/scripts/fmc/
  • fmc -s Soft_FragParser.xml -p asf-fman-perf-policy.xml -c asf-cfg-perf-2041.xml -a

 

D. Assign interface IP addresses and routes according to setup.

 

  • Left DUT:

 

  • ifconfig fm1-gb0 172.18.18.10 netmask 255.255.0.0 up
  • ifconfig fm1-gb3 200.200.200.10/24 up
  • ifconfig fm1-gb1 172.20.20.10 netmask 255.255.0.0 up
  • ifconfig fm1-gb4 20.20.20.10/24 up
  • route add -net 192.168.1.0/24 gw 172.18.18.2
  • route add default gw 200.200.200.20
  • route add -net 172.168.1.0/24 gw 172.20.20.2
  • route add -net 172.168.2.0/24 gw 20.20.20.20
  • arp -s 172.18.18.2 00:00:00:00:00:01 (optional)
  • arp -s 172.20.20.2 00:00:00:00:00:02 (optional)

 

 

  • Right DUT:

 

  • ifconfig fm1-gb0 172.19.19.10 netmask 255.255.0.0 up
  • ifconfig fm1-gb3 200.200.200.20/24 up
  • ifconfig fm1-gb1 172.21.21.10 netmask 255.255.0.0 up
  • ifconfig fm1-gb4 20.20.20.20/24 up
  • route add -net 192.168.2.0/24 gw 172.19.19.2
  • route add default gw 200.200.200.10
  • route add -net 172.168.2.0/24 gw 172.21.21.2
  • route add -net 172.168.1.0/24 gw 20.20.20.10
  • arp -s 172.19.19.2 00:00:00:00:00:02 (optional)
  • arp -s 172.21.21.2 00:00:00:00:00:04 (optional)

 

E. Configure IPSec policies and SAs (attached below that needs to be downloaded to the box via tftp or sftp)

 

  • Left DUT:
    • ./left_tun-4port-v1.txt

 

  • Right DUT:
    • ./right_tun-4port-v1.txt

 

F. Switch settings

    • killall -9 l2sw_bin
    • l2sw_bin

Using UIO: /dev/uio0

Mapped register memory @ 0xb7b3f000

Chipid: 099530e9

fsl_dpa ethernet.17 fm1-gb0: Err FD status = 0x00040000

fsl_dpa ethernet.18 fm1-gb1: Err FD status = 0x00040000

l2switch>

l2switch>mac add 00:00:00:00:00:01 3 [MAC 00:00...00:01 is reachable on port 3]

m2switch>mac add 00:00:00:00:00:03 7

l2switch>mac add 00:04:9f:03:30:f6 8 [MAC of fm1-gb0]

l2switch>mac add 00:04:9f:03:30:f7 9 [MAC of fm1-gb1]

l2switch>mac dump [Displays MACDB of switch (static & Dynamic)]

Type VID MAC Address Ports

------ --- ----------------- -----

Static 1 00:00:00:00:00:01 3

Static 1 00:00:00:00:00:03 7

Static 1 00:04:9f:03:30:f6 8

Static 1 00:04:9f:03:30:f7 9

Static entries: 4

Dynamic entries: 0

l2switch> l2switch>^Z [Press ctrl+z to stop the process]

[1]+ Stopped(SIGTSTP) l2sw_bin

root@t1040rdb:/mnt/sridhar/asf-bins/qos/bin/full#

  • killall -9 l2sw_bin

 

G. Configure IXIA/STC to generate the traffic with 128 flows.

New Picture.png

 

H. Start the traffic from both end and verify all the flows are offloaded and packet is going through IPSec ASF.

 

Note: Except switch settings everything is similar to previous performance releases by IDC.


I. The ASF flow can be observed using the following command

 

  • cat /proc/asf/flow_debug

 

 

Script files

 

PFA in attachment

Outcomes