19. L2 Forwarding MACsec Sample Application
The L2 forwarding MACsec application is an example of packet processing using the Data Plane Development Kit (DPDK) to encrypt/decrypt packets based on rte_security MACsec sessions.
19.1. Overview
The L2 forwarding MACsec application performs L2 forwarding for each packet that is received on an Rx port after encrypting/decrypting the packets based on rte_security sessions using inline protocol mode.
The destination port is the adjacent port from the enabled portmask
if the first four ports are enabled (portmask 0xf
),
ports 1 and 2 forward into each other, and ports 3 and 4 forward into each other.
This application can be used to benchmark performance using a traffic-generator.
19.2. Compiling the Application
To compile the sample application, see Compiling the Sample Applications.
The application is located in the l2fwd-macsec
sub-directory.
19.3. Running the Application
The application requires a number of command line options:
./<build_dir>/examples/dpdk-l2fwd-macsec [EAL options] -- -p PORTMASK
[-q NQ]
--mcs-tx-portmask OUTBOUND_PORTMASK
--mcs-rx-portmask INBOUND_PORTMASK
--mcs-port-config '(port,src_mac,dst_mac)[,(port,src_mac,dst_mac)]'
[--portmap="(port, port)[,(port, port)]"]
[-T STAT_INTERVAL]
where,
p PORTMASK
Hexadecimal bitmask of the ports to configure.
q NQ
Number of queues (=ports) per lcore (default is 1).
T STAT_INTERVAL
Time interval in seconds for refreshing the stats (default is 1 sec). Value 0 disables stats display.
--mcs-tx-portmask OUTBOUND_PORTMASK
Hexadecimal bitmask of the ports to configure encryption flows.
--mcs-rx-portmask INBOUND_PORTMASK
Hexadecimal bitmask of the ports to configure decryption flows.
--mcs-port-config '(port,src_mac,dst_mac)[,(port,src_mac,dst_mac)]'
Source and destination MAC addresses of incoming packets on a port for which MACsec processing is to be done.
--portmap="(port,port)[,(port,port)]"
Forwarding ports mapping.
To run the application in Linux environment with 4 lcores, 4 ports with 2 ports for outbound and 2 ports for outbound, issue the command:
$ ./<build_dir>/examples/dpdk-l2fwd-macsec -a 0002:04:00.0 -a 0002:05:00.0 \
-a 0002:06:00.0 -a 0002:07:00.0 -c 0x1E -- -p 0xf \
--mcs-tx-portmask 0x5 --mcs-rx-portmask 0xA \
--mcs-port-config '(0,02:03:04:05:06:07,01:02:03:04:05:06), \
(1,02:03:04:05:06:17,01:02:03:04:05:16), \
(2,02:03:04:05:06:27,01:02:03:04:05:26), \
(3,02:03:04:05:06:37,01:02:03:04:05:36)' -T 10
To run the application in Linux environment with 4 lcores, 4 ports, to forward Rx traffic of ports 0 & 1 on ports 2 & 3 respectively and vice versa, issue the command:
$ ./<build_dir>/examples/dpdk-l2fwd-macsec -a 0002:04:00.0 -a 0002:05:00.0 \
-a 0002:06:00.0 -a 0002:07:00.0 -c 0x1E -- -p 0xf \
--mcs-tx-portmask 0x5 --mcs-rx-portmask 0xA \
--mcs-port-config="(0,02:03:04:05:06:07,01:02:03:04:05:06), \
(1,02:03:04:05:06:17,01:02:03:04:05:16), \
(2,02:03:04:05:06:27,01:02:03:04:05:26), \
(3,02:03:04:05:06:37,01:02:03:04:05:36)" -T 10 \
--portmap="(0,2)(1,3)"
Refer to the DPDK Getting Started Guide for general information on running applications and the Environment Abstraction Layer (EAL) options.