[ovs-dev] [RFC PATCH v1 3/3] Docs: Update releases with IPsec feature support info.
Chandran, Sugesh
sugesh.chandran at intel.com
Fri May 26 10:50:09 UTC 2017
LGTM
Regards
_Sugesh
> -----Original Message-----
> From: ovs-dev-bounces at openvswitch.org [mailto:ovs-dev-
> bounces at openvswitch.org] On Behalf Of Ian Stokes
> Sent: Thursday, May 18, 2017 10:16 AM
> To: dev at openvswitch.org
> Subject: [ovs-dev] [RFC PATCH v1 3/3] Docs: Update releases with IPsec
> feature support info.
>
> This commit adds details to the releases doc regarding the support provided
> for IPsec functionality. It is not intended to be upstreamed, simply to solicit
> feedback regarding the basic IPsec functionality required to secure vxlan
> traffic as described in the cover letter usecase for the patch series.
>
> The modifications include the addition of IPsec to the OVS feature support
> table, supported algorithms for encryption/authentication, supported
> protocols and modes for ESP as well as support for SW/HW encryption.
>
> Signed-off-by: Ian Stokes <ian.stokes at intel.com>
> ---
> Documentation/faq/releases.rst | 51
> ++++++++++++++++++++++++++++++++++++++++
> 1 files changed, 51 insertions(+), 0 deletions(-)
>
> diff --git a/Documentation/faq/releases.rst
> b/Documentation/faq/releases.rst index c85eff8..1bad2b0 100644
> --- a/Documentation/faq/releases.rst
> +++ b/Documentation/faq/releases.rst
> @@ -121,6 +121,7 @@ Q: Are all features available with all datapaths?
> Set action YES YES YES PARTIAL
> NIC Bonding YES YES YES YES
> Multiple VTEPs YES YES YES YES
> + IPsec NO NO PARTIAL No
> ===================== ============== ==============
> ========= =======
>
> Do note, however:
> @@ -163,6 +164,56 @@ Q: What DPDK version does each Open vSwitch
> release work with?
> 2.7.x 16.11.1
> ============ =======
>
> +Q: What IPsec features are available in OVS Userspace?
> +
> + A: IPsec supports the following IPsec features in userspace.
> +
> + =============== =========
> + IPsec Protocols Supported
> + =============== =========
> + ESP YES
> + AH NO
> + =============== =========
> +
> + ========== =========
> + IPsec Mode Supported
> + ========== =========
> + Transport YES
> + Tunnel NO
> + ========== =========
> +
> + ========================= =========
> + ESP Encryption Algorithms Supported
> + ========================= =========
> + NULL YES
> + AES_CBC YES
> + AES_GCM_16 YES
> + ========================= ========
> +
> + ============================= =========
> + ESP Authentication Algorithms Supported
> + ============================= =========
> + NULL YES
> + HMAC_SHA2_256_128 YES
> + ============================= =========
> +
> + ================= =========
> + SA Key generation Supported
> + ================= =========
> + User generated YES
> + IKEv2 NO
> + ================= =========
> +
> + The following is specific to the use of DPDK crypto devices for IPsec
> + encryption/decryption operations.
> +
> + =============== =========
> + Crypto Dev Type Supported
> + =============== =========
> + Virtual YES
> + Hardware NO
> + =============== =========
> +
> Q: I get an error like this when I configure Open vSwitch:
>
> configure: error: Linux kernel in <dir> is version <x>, but
> --
> 1.7.0.7
>
> _______________________________________________
> dev mailing list
> dev at openvswitch.org
> https://mail.openvswitch.org/mailman/listinfo/ovs-dev
More information about the dev
mailing list