2. AESN-NI Multi Buffer Crytpo Poll Mode Driver

The AESNI MB PMD (librte_pmd_aesni_mb) provides poll mode crypto driver support for utilizing Intel multi buffer library, see the white paper Fast Multi-buffer IPsec Implementations on IntelĀ® Architecture Processors.

The AES-NI MB PMD has current only been tested on Fedora 21 64-bit with gcc.

2.1. Features

AESNI MB PMD has support for:

Cipher algorithms:

  • RTE_CRYPTO_SYM_CIPHER_AES128_CBC
  • RTE_CRYPTO_SYM_CIPHER_AES192_CBC
  • RTE_CRYPTO_SYM_CIPHER_AES256_CBC
  • RTE_CRYPTO_SYM_CIPHER_AES128_CTR
  • RTE_CRYPTO_SYM_CIPHER_AES192_CTR
  • RTE_CRYPTO_SYM_CIPHER_AES256_CTR

Hash algorithms:

  • RTE_CRYPTO_SYM_HASH_SHA1_HMAC
  • RTE_CRYPTO_SYM_HASH_SHA256_HMAC
  • RTE_CRYPTO_SYM_HASH_SHA512_HMAC

2.2. Limitations

  • Chained mbufs are not supported.
  • Hash only is not supported.
  • Cipher only is not supported.
  • Only in-place is currently supported (destination address is the same as source address).
  • Only supports session-oriented API implementation (session-less APIs are not supported).
  • Not performance tuned.

2.3. Installation

To build DPDK with the AESNI_MB_PMD the user is required to download the mult- buffer library from here and compile it on their user system before building DPDK. When building the multi-buffer library it is necessary to have YASM package installed and also requires the overriding of YASM path when building, as a path is hard coded in the Makefile of the release package.

make YASM=/usr/bin/yasm

2.4. Initialization

In order to enable this virtual crypto PMD, user must:

  • Export the environmental variable AESNI_MULTI_BUFFER_LIB_PATH with the path where the library was extracted.
  • Build the multi buffer library (explained in Installation section).
  • Set CONFIG_RTE_LIBRTE_PMD_AESNI_MB=y in config/common_base.

To use the PMD in an application, user must:

  • Call rte_eal_vdev_init(“cryptodev_aesni_mb_pmd”) within the application.
  • Use –vdev=”cryptodev_aesni_mb_pmd” in the EAL options, which will call rte_eal_vdev_init() internally.

The following parameters (all optional) can be provided in the previous two calls:

  • socket_id: Specify the socket where the memory for the device is going to be allocated (by default, socket_id will be the socket where the core that is creating the PMD is running on).
  • max_nb_queue_pairs: Specify the maximum number of queue pairs in the device (8 by default).
  • max_nb_sessions: Specify the maximum number of sessions that can be created (2048 by default).

Example:

./l2fwd-crypto -c 40 -n 4 --vdev="cryptodev_aesni_mb_pmd,socket_id=1,max_nb_sessions=128"