Overview

Fast Path IPsec IPv4 provides IPv4 IPsec processing in the fast path.

Features

  • FPN-SDK crypto API support to enable crypto processor
  • AH and ESP support
  • Transport, tunnel and BEET modes support
  • Classifier, hash tables to improve IPsec lookup
  • Linux stack originated packets handover to fast path IPsec
  • Per SA parameter to control copy of DSCP
  • Partial dump of SAD
  • Anti replay window and output sequence number synchronization (multiple fast paths only)
  • Extended Sequence Number (ESN) and large anti-replay window as described by RFCs 4302, 4303 and 4304.
  • IPsec 6in4/4in6 tunnel support.
  • IPsec nat-t (nat traversal) support.
  • Offload of cryptographic operations to idle fast path cores.

Supported algorithms

The following algorithms are supported by the fast path stack using ip xfrm commands or during the IKE phase 2:

Encryption algorithm Intel software Intel Multi Buffer Intel QAT Cavium Octeon
NULL Supported Supported Supported Supported
DES-CBC Supported Software fallback Supported Supported
3DES-CBC Supported Software fallback Supported Supported
AES-CBC (128/192/256) Supported Supported Supported Supported
AES-GCM-128 (128/192/256) Supported Supported Supported Not supported
Authentication algorithm Intel software Intel Multi Buffer Intel QAT Cavium Octeon
NULL Supported Supported Supported Supported
HMAC-MD5-96 Supported Supported Supported Supported
HMAC-SHA1-96 Supported Supported Supported Supported
HMAC-SHA2-256-128 Supported Supported Supported Supported
HMAC-SHA2-384-192 Supported Supported Supported Supported
HMAC-SHA2-512-256 Supported Supported Supported Supported
AES-XCBC-96 Supported Supported Supported Supported
AES-GMAC-128 Supported Supported Supported Not supported

Dependencies

6WINDGate modules

Linux