Message ID | 1503679232-11135-11-git-send-email-ian.stokes@intel.com |
---|---|
State | Changes Requested |
Headers | show |
Regards _Sugesh > -----Original Message----- > From: ovs-dev-bounces@openvswitch.org [mailto:ovs-dev- > bounces@openvswitch.org] On Behalf Of Ian Stokes > Sent: Friday, August 25, 2017 5:41 PM > To: dev@openvswitch.org > Subject: [ovs-dev] [RFC PATCH v2 10/10] Docs: Update releases with IPsec > feature support. > > This commit adds details to the releases doc regarding the support provided > for IPsec functionality. It is not intended to be upstreamed, simply to solicit > feedback regarding the basic IPsec functionality required to secure vxlan > traffic as described in the cover letter usecase for the patch series. > > The modifications include the addition of IPsec to the OVS feature support > table, supported algorithms for encryption/authentication, supported > protocols and modes for ESP as well as support for SW/HW encryption. > > Signed-off-by: Ian Stokes <ian.stokes@intel.com> > --- > Documentation/faq/releases.rst | 51 > ++++++++++++++++++++++++++++++++++++++++ > 1 files changed, 51 insertions(+), 0 deletions(-) > > diff --git a/Documentation/faq/releases.rst > b/Documentation/faq/releases.rst index 2ecc24c..2896841 100644 > --- a/Documentation/faq/releases.rst > +++ b/Documentation/faq/releases.rst > @@ -121,6 +121,7 @@ Q: Are all features available with all datapaths? > Set action YES YES YES PARTIAL > NIC Bonding YES YES YES YES > Multiple VTEPs YES YES YES YES > + IPsec NO NO PARTIAL No > ===================== ============== ============== > ========= ======= > > Do note, however: > @@ -164,6 +165,56 @@ Q: What DPDK version does each Open vSwitch > release work with? > 2.8.x 17.05.1 > ============ ======= > > +Q: What IPsec features are available in OVS Userspace? > + > + A: IPsec supports the following IPsec features in userspace. > + > + =============== ========= > + IPsec Protocols Supported > + =============== ========= > + ESP YES > + AH NO > + =============== ========= > + > + ========== ========= > + IPsec Mode Supported > + ========== ========= > + Transport YES > + Tunnel NO > + ========== ========= > + > + ========================= ========= > + ESP Encryption Algorithms Supported > + ========================= ========= > + NULL YES > + AES_CBC YES > + AES_GCM_16 YES > + ========================= ========= > + > + ============================= ========= > + ESP Authentication Algorithms Supported > + ============================= ========= > + NULL YES > + HMAC_SHA2_256_128 YES > + ============================= ========= > + > + ================= ========= > + SA Key generation Supported > + ================= ========= > + User generated YES > + IKEv2 NO > + ================= ========= > + > + The following is specific to the use of DPDK crypto devices for IPsec > + encryption/decryption operations. > + > + =============== ========= > + Crypto Dev Type Supported > + =============== ========= > + Virtual YES > + Hardware NO > + =============== ========= > + > Q: I get an error like this when I configure Open vSwitch: > > configure: error: Linux kernel in <dir> is version <x>, but > -- [Sugesh] I feel the dependency on openipsec lib should be mentioned here as well for a reference. What do you think? > 1.7.0.7 > > _______________________________________________ > dev mailing list > dev@openvswitch.org > https://mail.openvswitch.org/mailman/listinfo/ovs-dev
diff --git a/Documentation/faq/releases.rst b/Documentation/faq/releases.rst index 2ecc24c..2896841 100644 --- a/Documentation/faq/releases.rst +++ b/Documentation/faq/releases.rst @@ -121,6 +121,7 @@ Q: Are all features available with all datapaths? Set action YES YES YES PARTIAL NIC Bonding YES YES YES YES Multiple VTEPs YES YES YES YES + IPsec NO NO PARTIAL No ===================== ============== ============== ========= ======= Do note, however: @@ -164,6 +165,56 @@ Q: What DPDK version does each Open vSwitch release work with? 2.8.x 17.05.1 ============ ======= +Q: What IPsec features are available in OVS Userspace? + + A: IPsec supports the following IPsec features in userspace. + + =============== ========= + IPsec Protocols Supported + =============== ========= + ESP YES + AH NO + =============== ========= + + ========== ========= + IPsec Mode Supported + ========== ========= + Transport YES + Tunnel NO + ========== ========= + + ========================= ========= + ESP Encryption Algorithms Supported + ========================= ========= + NULL YES + AES_CBC YES + AES_GCM_16 YES + ========================= ========= + + ============================= ========= + ESP Authentication Algorithms Supported + ============================= ========= + NULL YES + HMAC_SHA2_256_128 YES + ============================= ========= + + ================= ========= + SA Key generation Supported + ================= ========= + User generated YES + IKEv2 NO + ================= ========= + + The following is specific to the use of DPDK crypto devices for IPsec + encryption/decryption operations. + + =============== ========= + Crypto Dev Type Supported + =============== ========= + Virtual YES + Hardware NO + =============== ========= + Q: I get an error like this when I configure Open vSwitch: configure: error: Linux kernel in <dir> is version <x>, but
This commit adds details to the releases doc regarding the support provided for IPsec functionality. It is not intended to be upstreamed, simply to solicit feedback regarding the basic IPsec functionality required to secure vxlan traffic as described in the cover letter usecase for the patch series. The modifications include the addition of IPsec to the OVS feature support table, supported algorithms for encryption/authentication, supported protocols and modes for ESP as well as support for SW/HW encryption. Signed-off-by: Ian Stokes <ian.stokes@intel.com> --- Documentation/faq/releases.rst | 51 ++++++++++++++++++++++++++++++++++++++++ 1 files changed, 51 insertions(+), 0 deletions(-)