Thanks Martin for quick reply..<div><br><br><div class="gmail_quote"><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div class="im">>> I have question about how to use IPSEC on Cavium blade where IKE will<br>
>> done on Cavium blade with Linux running core and encryption/decryption<br>>> of packet will be done on Cavium accelarater's core's designed for<br>>> IPSEC performance running with simple executive.<br>
<br>
</div>>For crypto primitives used for the IKE protocol, we have a crypto API in<br>>strongSwan than can use different backends, including OpenSSL.<br>
<br>>Encryption and authentication of ESP packets is usually done in the<br>>kernel. We have an abstraction layer to configure negotiated SAD/SPD<br>>information and provide backends for the Linux specific XFRM interface<br>
>and a more generic PF_KEY interface.<br></blockquote><div><br></div><div>Since I have very little and past few months experience in security area...</div><div>My initial study and prototyping with strongswan give me impression that strongswan module(like charon), configure SAD/SPD information and it is used by Ipsec stack in kernel for encryption/decryption.</div>
<div><br></div><div>In Cavium main ipsec encryption/decryption will be done on core(not having full fledged kernel), instead it will be done on network processor with highly optimized micro-code with h/w instruction with intent of performance. Obviously it will use IKE setup via s/swan...My question is whether Strongswan is compatible with such functionality to support SA information to such processor?</div>
<div><br></div><div>Thanks</div><div>Mukesh</div></div></div>