[strongSwan] Strong swan support for IPSEC on Cavium

Mukesh Yadav write2mukesh84 at gmail.com
Wed Feb 22 18:36:57 CET 2012


Thanks Martin for quick reply..


>> I have question about how to use IPSEC on Cavium blade where IKE will
> >> done on Cavium blade with Linux running core and encryption/decryption
> >> of packet will be done on Cavium accelarater's core's designed for
> >> IPSEC performance running with simple executive.
>
> >For crypto primitives used for the IKE protocol, we have a crypto API in
> >strongSwan than can use different backends, including OpenSSL.
>
> >Encryption and authentication of ESP packets is usually done in the
> >kernel. We have an abstraction layer to configure negotiated SAD/SPD
> >information and provide backends for the Linux specific XFRM interface
> >and a more generic PF_KEY interface.
>

Since I have very little and past few months experience in security area...
My initial study and prototyping with strongswan give me impression that
 strongswan module(like charon), configure SAD/SPD information and it is
used by Ipsec stack in kernel for encryption/decryption.

In Cavium main ipsec encryption/decryption will be done on core(not having
full fledged kernel), instead it will be  done on  network processor with
highly optimized micro-code with h/w instruction with intent of
performance. Obviously it will use IKE setup via s/swan...My question is
whether Strongswan is compatible with such functionality to support SA
information to such processor?

Thanks
Mukesh
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.strongswan.org/pipermail/users/attachments/20120222/3ab9f842/attachment.html>


More information about the Users mailing list