| Message ID | 1495098956-18012-4-git-send-email-ian.stokes@intel.com |
|---|---|
| State | Changes Requested |
| Headers | show |
LGTM Regards _Sugesh > -----Original Message----- > From: ovs-dev-bounces@openvswitch.org [mailto:ovs-dev- > bounces@openvswitch.org] On Behalf Of Ian Stokes > Sent: Thursday, May 18, 2017 10:16 AM > To: dev@openvswitch.org > Subject: [ovs-dev] [RFC PATCH v1 3/3] Docs: Update releases with IPsec > feature support info. > > This commit adds details to the releases doc regarding the support provided > for IPsec functionality. It is not intended to be upstreamed, simply to solicit > feedback regarding the basic IPsec functionality required to secure vxlan > traffic as described in the cover letter usecase for the patch series. > > The modifications include the addition of IPsec to the OVS feature support > table, supported algorithms for encryption/authentication, supported > protocols and modes for ESP as well as support for SW/HW encryption. > > Signed-off-by: Ian Stokes <ian.stokes@intel.com> > --- > Documentation/faq/releases.rst | 51 > ++++++++++++++++++++++++++++++++++++++++ > 1 files changed, 51 insertions(+), 0 deletions(-) > > diff --git a/Documentation/faq/releases.rst > b/Documentation/faq/releases.rst index c85eff8..1bad2b0 100644 > --- a/Documentation/faq/releases.rst > +++ b/Documentation/faq/releases.rst > @@ -121,6 +121,7 @@ Q: Are all features available with all datapaths? > Set action YES YES YES PARTIAL > NIC Bonding YES YES YES YES > Multiple VTEPs YES YES YES YES > + IPsec NO NO PARTIAL No > ===================== ============== ============== > ========= ======= > > Do note, however: > @@ -163,6 +164,56 @@ Q: What DPDK version does each Open vSwitch > release work with? > 2.7.x 16.11.1 > ============ ======= > > +Q: What IPsec features are available in OVS Userspace? > + > + A: IPsec supports the following IPsec features in userspace. > + > + =============== ========= > + IPsec Protocols Supported > + =============== ========= > + ESP YES > + AH NO > + =============== ========= > + > + ========== ========= > + IPsec Mode Supported > + ========== ========= > + Transport YES > + Tunnel NO > + ========== ========= > + > + ========================= ========= > + ESP Encryption Algorithms Supported > + ========================= ========= > + NULL YES > + AES_CBC YES > + AES_GCM_16 YES > + ========================= ======== > + > + ============================= ========= > + ESP Authentication Algorithms Supported > + ============================= ========= > + NULL YES > + HMAC_SHA2_256_128 YES > + ============================= ========= > + > + ================= ========= > + SA Key generation Supported > + ================= ========= > + User generated YES > + IKEv2 NO > + ================= ========= > + > + The following is specific to the use of DPDK crypto devices for IPsec > + encryption/decryption operations. > + > + =============== ========= > + Crypto Dev Type Supported > + =============== ========= > + Virtual YES > + Hardware NO > + =============== ========= > + > Q: I get an error like this when I configure Open vSwitch: > > configure: error: Linux kernel in <dir> is version <x>, but > -- > 1.7.0.7 > > _______________________________________________ > dev mailing list > dev@openvswitch.org > https://mail.openvswitch.org/mailman/listinfo/ovs-dev
diff --git a/Documentation/faq/releases.rst b/Documentation/faq/releases.rst index c85eff8..1bad2b0 100644 --- a/Documentation/faq/releases.rst +++ b/Documentation/faq/releases.rst @@ -121,6 +121,7 @@ Q: Are all features available with all datapaths? Set action YES YES YES PARTIAL NIC Bonding YES YES YES YES Multiple VTEPs YES YES YES YES + IPsec NO NO PARTIAL No ===================== ============== ============== ========= ======= Do note, however: @@ -163,6 +164,56 @@ Q: What DPDK version does each Open vSwitch release work with? 2.7.x 16.11.1 ============ ======= +Q: What IPsec features are available in OVS Userspace? + + A: IPsec supports the following IPsec features in userspace. + + =============== ========= + IPsec Protocols Supported + =============== ========= + ESP YES + AH NO + =============== ========= + + ========== ========= + IPsec Mode Supported + ========== ========= + Transport YES + Tunnel NO + ========== ========= + + ========================= ========= + ESP Encryption Algorithms Supported + ========================= ========= + NULL YES + AES_CBC YES + AES_GCM_16 YES + ========================= ======== + + ============================= ========= + ESP Authentication Algorithms Supported + ============================= ========= + NULL YES + HMAC_SHA2_256_128 YES + ============================= ========= + + ================= ========= + SA Key generation Supported + ================= ========= + User generated YES + IKEv2 NO + ================= ========= + + The following is specific to the use of DPDK crypto devices for IPsec + encryption/decryption operations. + + =============== ========= + Crypto Dev Type Supported + =============== ========= + Virtual YES + Hardware NO + =============== ========= + Q: I get an error like this when I configure Open vSwitch: configure: error: Linux kernel in <dir> is version <x>, but
This commit adds details to the releases doc regarding the support provided for IPsec functionality. It is not intended to be upstreamed, simply to solicit feedback regarding the basic IPsec functionality required to secure vxlan traffic as described in the cover letter usecase for the patch series. The modifications include the addition of IPsec to the OVS feature support table, supported algorithms for encryption/authentication, supported protocols and modes for ESP as well as support for SW/HW encryption. Signed-off-by: Ian Stokes <ian.stokes@intel.com> --- Documentation/faq/releases.rst | 51 ++++++++++++++++++++++++++++++++++++++++ 1 files changed, 51 insertions(+), 0 deletions(-)