[ovs-dev] [PATCH 0/3] IPsec support for tunneling

Ian Stokes ian.stokes at intel.com
Thu Jul 5 20:29:12 UTC 2018


On 6/27/2018 6:58 PM, Qiuyu Xiao wrote:
> This patch series reintroduce IPsec support for OVS tunneling and adds new
> features to prepare for the OVN IPsec support. The new features are:
> 
> 1) Add CA-cert based authentication support to ovs-monitor-ipsec.
> 2) Enable ovs-pki to generate x.509 version 3 certificate.
> 

Thanks for working on the series.

Just had a general query as regards IPsec in userspace.

I had previously looked at implementing a *rough* IPsec Tunnel interface 
for userspace last year for OVS DPDK. I had put the work on hold as DPDK 
has begun working on a general IPsec library which would make 
implementation simpler and cleaner/simpler to maintain in the future. 
Targeted for DPDK 18.11 (November this year).

Would the introduction of a specific IPsec tunnel interface still be 
acceptable in light of this patch?

There are other libraries such as macsec that DPDK has libraries for as 
well that could be introduced in the future for user space.

I'm just aware of the divergence of approaches between whats available 
in kernel vs userspace so thought it was worth raising for discussion at 
this point?

Appreciate any input.

Thanks
Ian



More information about the dev mailing list