ipsec: fast path outbound policy matching implementation for ipv6
With this patch fast path for ipv6 policy lookup is enabled.
This impelentation scales and outperforms original implementation when
the number of defined flows is higher thatn 100k.
Type: feature
Signed-off-by: Piotr Bronowski <piotrx.bronowski@intel.com>
Change-Id: I9364b5b8db4fc708790d48c538add272c7cea400
diff --git a/src/vnet/ipsec/ipsec_spd.c b/src/vnet/ipsec/ipsec_spd.c
index aecb50d..22dddfd 100644
--- a/src/vnet/ipsec/ipsec_spd.c
+++ b/src/vnet/ipsec/ipsec_spd.c
@@ -46,22 +46,30 @@
#define _(s,v) vec_free(spd->policies[IPSEC_SPD_POLICY_##s]);
foreach_ipsec_spd_policy_type
#undef _
- if (im->fp_spd_is_enabled)
+ if (im->ipv4_fp_spd_is_enabled)
{
ipsec_spd_fp_t *fp_spd = &spd->fp_spd;
clib_bihash_free_16_8 (&fp_spd->fp_ip4_lookup_hash);
}
+
+ if (im->ipv6_fp_spd_is_enabled)
+ {
+ ipsec_spd_fp_t *fp_spd = &spd->fp_spd;
+
+ clib_bihash_free_40_8 (&fp_spd->fp_ip6_lookup_hash);
+ }
+
pool_put (im->spds, spd);
}
- else /* create new SPD */
+ else /* create new SPD */
{
pool_get (im->spds, spd);
clib_memset (spd, 0, sizeof (*spd));
spd_index = spd - im->spds;
spd->id = spd_id;
hash_set (im->spd_index_by_spd_id, spd_id, spd_index);
- if (im->fp_spd_is_enabled)
+ if (im->ipv4_fp_spd_is_enabled)
{
ipsec_spd_fp_t *fp_spd = &spd->fp_spd;
@@ -70,6 +78,16 @@
im->fp_lookup_hash_buckets,
im->fp_lookup_hash_buckets * IPSEC_FP_IP4_HASH_MEM_PER_BUCKET);
}
+ if (im->ipv6_fp_spd_is_enabled)
+ {
+ ipsec_spd_fp_t *fp_spd = &spd->fp_spd;
+
+ clib_bihash_init_40_8 (
+ &fp_spd->fp_ip6_lookup_hash, "SPD_FP ip6 rules lookup bihash",
+ im->fp_lookup_hash_buckets,
+ im->fp_lookup_hash_buckets * IPSEC_FP_IP6_HASH_MEM_PER_BUCKET);
+ fp_spd->fp_ip6_lookup_hash_initialized = 1;
+ }
}
return 0;
}