FAQs
English (US) 日本語 | Japanese 中文 | Chinese (Simplified)

IPSec Demo in LX2160ARDB

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

IPSec Demo in LX2160ARDB

‎03-27-2024 10:44 AM
1,752 Views
lucasgm
Contributor II

Hello,

I have acquired two LX2160ARDB dev board and I'm trying to setup an IPSec demo, following the instruction in `Running IPSec gateway application with 16 Cores on LX2 platform` section in this guide: https://docs.nxp.com/bundle/GUID-1441E561-3EAD-47FD-A50D-72E1A4E4D69E/page/GUID-9B14728A-B012-48BC-8...

However, when I run the following command:

 

dpdk-ipsec-secgw -c 0xFFFF -n 1 -- -p 0xf -P -u 0xa --config="(0,0,0),(0,1,1),(0,2,2),(0,3,3),(1,0,4),(1,1,5),(1,2,6),(1,3,7),(2,0,8),(2,1,9),(2,2,10),(2,3,11),(3,0,12),(3,1,13),(3,2,14),(3,3,15)" -f /usr/local/dpdk/ipsec/ep0_64X64_sha256_proto.cfg

 


I get the following error:

 

EAL: Detected 16 lcore(s)
EAL: Detected 1 NUMA nodes
EAL: Detected static linkage of DPDK
EAL: Multi-process socket /var/run/dpdk/rte/mp_socket
EAL: Selected IOVA mode 'VA'
EAL: No available hugepages reported in hugepages-32768kB
EAL: No available hugepages reported in hugepages-64kB
EAL: No available hugepages reported in hugepages-1048576kB
EAL: Probing VFIO support...
EAL: VFIO support initialized
EAL: No legacy callbacks, legacy socket not created
Promiscuous mode selected
librte_ipsec usage: disabled
replay window size: 0
ESN: disabled
SA flags: 0
Frag TTL: 10000000000 ns
port 0 is not present on the board
EAL: Error - exiting with code: 1
Cause: check_poll_mode_params failed

 


I also tried to use the DPDK test example that comes in the DPDK repository, here: https://github.com/nxp-qoriq/dpdk/tree/LSDK-21.08/examples/ipsec-secgw/test
In that case, I get the following error:

 

+ stdbuf -o0 /usr/local/bin/dpdk-ipsec-secgw --lcores=0 -n 4 --vdev=crypto_aesni_mb0 --vdev=net_tap0,mac=fixed eth0 -- -p 0x3 -u 1 -P '--config=(0,0,0),(1,0,0)' -f /tmp/tmp.kPgZZI7hsi
EAL: Detected 16 lcore(s)
EAL: Detected 1 NUMA nodes
EAL: Detected static linkage of DPDK
EAL: failed to parse device "crypto_aesni_mb0"
EAL: Unable to parse device 'crypto_aesni_mb0'
EAL: Error - exiting with code: 1
Cause: Invalid EAL parameters

 


I have found out in the DPDK documentation (here https://doc.dpdk.org/guides/cryptodevs/aesni_mb.html), section 2.5, that it requires intel code: https://github.com/intel/intel-ipsec-mb which I was not able to build for ARM64.

I tried to change the `CRYPTO_DEV` environment variable to `crypto_openssl` or `crypto_null`, but without success. In that case, I get the same erros as the first example.

Someone have any idea how to setup this demo?

I'm using LSDK 21.08 and the kernel config is attached.

Preview file
250 KB
0 Kudos
Reply
3 Replies

‎03-31-2024 07:42 PM
1,711 Views
yipingwang
NXP TechSupport
NXP TechSupport

Linux CAAM driver has been built as a kernel module, it must be loaded with command "insmod caam_jr.ko" in kernel before running DPDK application.

0 Kudos
Reply

‎10-26-2024 09:43 AM
1,289 Views
lucasgm
Contributor II

I've rebuild the LX2160ARDB image using the SDK 21.08 flexbuild, including only the dpdk package and leaving all other default configurations.

Following the PoC Userguide and other manuals, I was able to run the dpdk-ipsec-secgw in both boards . However, I cant find how to generate the traffic to test the performance.

My setup is the following:


| GE0 | --- | EP0 | --- | EP1 | --- | GE1 |


GE are traffic generators, and EP are LX2160 ARDB baords. GE0 and GE1 are connected to EP0 and EP1 port 2 (10 Gbps, dpmac.4). EP0 and EP1 are connect through port 0 (40 Gbps, dpmac.2)


The script I'm using to setup EP0 and EP1 is the following (using the correct cfg file for ep0 and ep1):

 

sudo su

# Ubind eth0/dpni.1/dpmac.2 interface from fsl_dpaa2_eth network driver
echo dpni.1 > /sys/bus/fsl-mc/drivers/fsl_dpaa2_eth/unbind
restool dpni destroy dpni.1

# Bind dpmac.2,3,4,5,6 to dpni.1, dpni.2,3,4,5,6
chmod +x /usr/local/dpdk/dpaa2/dynamic_dpl.sh
source /usr/local/dpdk/dpaa2/dynamic_dpl.sh dpmac.2 dpmac.3 dpmac.4 dpmac.5 dpmac.6
dpdk-ipsec-secgw -c 0xFFFF -n 1 -- -p 0x5 -P -u 0x1 --config="(0,0,0),(0,1,1),(0,2,2),(0,3,3),(0,4,4),(0,5,5),(0,6,6),(0,7,7),(2,0,8),(2,1,9),(2,2,10),(2,3,11),(2,4,12),(2,5,13),(2,6,14),(2,7,15)" -f /usr/local/dpdk/ipsec/ep0_64X64_sha256_proto.cfg

 


The ipsec-secgw runs without errors on both endpoints, showing both interfaces as "UP".


I've set the IP 192.168.102.2/24 for GE0 and IP 192.168.2.2 for GE1. I've also set the corresponding MAC addresses in the ARP table (mapping GE1 in GE0 and vice-versa). Then, I run ipsec sending packets from GE1 to GE0. When I do that, EP1 ipsec-secgw crash with segmentation fault.

 

I know the packages are going from GE to EP because if I try to ping GE1 from GE0 without setting the MAC address, I see a message in EP0 ipsec-secgw saying the packet has an unsupported protocol (I believe it is the ARP messages).

 

I'm missing something? How can I debug this?

0 Kudos
Reply

‎10-26-2024 12:57 PM
1,276 Views
lucasgm
Contributor II
I run iperf3** sending packets from GE1 to GE0. When I do that, EP1 ipsec-secgw crash with segmentation fault.
0 Kudos
Reply