Overview¶

Fast Path IPsec IPv6 provides IPv6 IPsec processing in the fast path.

Features¶

FPN-SDK crypto API support to enable crypto processor
AH and ESP support
Transport, tunnel and BEET modes support
Classifier, hash tables to improve IPsec lookup
Linux stack originated packets handover to fast path IPsec
Per SA parameter to control copy of DSCP
Partial dump of SAD
Anti replay window and output sequence number synchronization (multiple fast paths only)
Extended Sequence Number (ESN) and large anti-replay window as described by RFCs 4302, 4303 and 4304.
IPsec 6in4/4in6 tunnel support.
IPsec nat-t (nat traversal) support.
Offload of cryptographic operations to idle fast path cores.

The following algorithms are supported by the fast path stack using ip xfrm commands or during the IKE phase 2:

Encryption algorithm	Generic soft.	Intel Multi Buffer	Intel QAT	Cavium Octeon
NULL	Supported	Supported	Supported	Supported
DES-CBC	Supported	Software fallback	Supported	Supported
3DES-CBC	Supported	Software fallback	Supported	Supported
AES-CBC (128/192/256)	Supported	Supported	Supported	Supported
AES-GCM-128 (128/192/256)	Supported	Supported	Supported	Not supported

Authentication algorithm	Generic soft.	Intel Multi Buffer	Intel QAT	Cavium Octeon
NULL	Supported	Supported	Supported	Supported
HMAC-MD5-96	Supported	Supported	Supported	Supported
HMAC-SHA1-96	Supported	Supported	Supported	Supported
HMAC-SHA2-256-128	Supported	Supported	Supported	Supported
HMAC-SHA2-384-192	Supported	Supported	Supported	Supported
HMAC-SHA2-512-256	Supported	Supported	Supported	Supported
AES-XCBC-96	Supported	Supported	Supported	Supported
AES-GMAC-128	Supported	Supported	Supported	Not supported