IPSec Offload in ConnectX-6 NIC

subitshatlk2001 · January 11, 2024, 3:49am

Hi,

I am currently using nodes from the CloudLab portal. I installed the MLNX_OFED Version as follows MLNX_OFED_LINUX-5.8-3.0.7.0.
When I try to check the NICS that are there using the following command lspci | grep Mellanox
I can see this as an output :
0000:51:00.0 Ethernet controller: Mellanox Technologies MT2892 Family [ConnectX-6 Dx]
0000:51:00.1 Ethernet controller: Mellanox Technologies MT2892 Family [ConnectX-6 Dx]
0000:8a:00.0 Ethernet controller: Mellanox Technologies MT2894 Family [ConnectX-6 Lx]
0000:8a:00.1 Ethernet controller: Mellanox Technologies MT2894 Family [ConnectX-6 Lx]

I found from the Nvidia website that in order to enable IPSec Crypto offload we can have either ConnectX-6 Dx or ConnectX-6 Lx .
In order to check if my firmware is updated and latest with that mentioned in the NVIDIA website - Firmware for ConnectX®-6 Lx | NVIDIA

I tried the following commands and here is the output. This verifies that my PSID is DEL0000000031. But The Nvidia website does not have an option for DEL0000000031 as PSID. They have only listed the MT versions, eg : MT_0000000532 .

$ ethtool -i ens1f0np0
driver: mlx5_core
version: 5.8-3.0.7
firmware-version: 26.32.2004 (DEL0000000031)
expansion-rom-version:
bus-info: 0000:8a:00.0
supports-statistics: yes
supports-test: yes
supports-eeprom-access: no
supports-register-dump: no
supports-priv-flags: yes

subitsha@node0:~$ sudo mstflint -d 0000:8a:00.0 query
Image type: FS4
FW Version: 26.32.2004
FW Release Date: 13.1.2022
Product Version: 26.32.2004
Rom Info: type=UEFI version=14.25.18 cpu=AMD64,AARCH64
type=PXE version=3.6.502 cpu=AMD64
Description: UID GuidsNumber
Base GUID: b83fd2030077fe32 4
Base MAC: b83fd277fe32 4
Image VSD: N/A
Device VSD: N/A
PSID: DEL0000000031
Security Attributes: secure-fw

By using the ifconfig command, I found out that my interface that is currently being used is the ens1f0np0 as it is denoted by <UP,BROADCAST,RUNNING,MULTICAST> . I have attached the screenshot below.

Here is to show that esp-hw-offload and esp-tx-csum-hw-offload are marked as `off [fixed].

subitsha@node0:~$ sudo ethtool -k ens1f0np0 | grep offload
tcp-segmentation-offload: on
generic-segmentation-offload: on
generic-receive-offload: on
large-receive-offload: off
rx-vlan-offload: on
tx-vlan-offload: on
l2-fwd-offload: off [fixed]
hw-tc-offload: off
esp-hw-offload: off [fixed]
esp-tx-csum-hw-offload: off [fixed]
rx-udp_tunnel-port-offload: on
tls-hw-tx-offload: off [fixed]
tls-hw-rx-offload: off [fixed]
macsec-hw-offload: off [fixed]
hsr-tag-ins-offload: off [fixed]
hsr-tag-rm-offload: off [fixed]
hsr-fwd-offload: off [fixed]
hsr-dup-offload: off [fixed]

Kindly help me setup IPsec cryto offload on my ConnectX-6 NIC.

ssimcoejr · January 11, 2024, 3:20pm

Hello subitshatlk2001,

Thank you for posting your inquiry to the NVIDIA Developer forums.

The PSID you have provided is a Dell OEM adapter.
Support for this adapter is out of our scope. We can only support NVIDIA/Mellanox adapters - OEM equipment is customized, and support needs to come from the OEM (Dell, in this case).

Please do reach out to Dell for further assistance.
If they require our input to debug this issue, they have the ability to engage us directly.

Thanks, and best regards,
NVIDIA Enterprise Support

subitshatlk2001 · January 11, 2024, 3:36pm

Hi I have a new query now. After a careful reconfiguration, I can see that my hca Id : mlx5_1 is also active. This corresponds to this device : 0000:51:00.1 Ethernet controller: Mellanox Technologies MT2892 Family [ConnectX-6 Dx] . I want to do an IPSec crypto offload on the NIC. I read from the Nvidia website that ConnectX-6 Dx and Lx versions do support this feature. However, when I tried to do it , I can see that the TLS-offload, esp-hw offload are all turned OFF and FIXED. I have attached a screenshot for it. The PSID of my NIC is MT_0000000437 . This is not Dell now. However, I see these features are still off.

I used ip route to find out the interface that I am using. and turns out to be ens1f0np0 . Kindly help me in configuring ipsec offload in my NIC.

system · January 25, 2024, 3:36pm

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
How to flash a generic firmware to ConnectX6-DX board? Mellanox OFED	8	1394	December 16, 2023
ConnectX-6 NIC driver loading failed Linux	1	574	August 10, 2022
MCX512A-ACAT problems with link status and ethtool on Centos 7 Ethernet Adapter Cards	1	1795	October 29, 2021
mlx5_0 port is Down ! InfiniBand/VPI Adapter Cards	9	3560	April 12, 2024
Mixing OFED 1.5.3 and 2.2 in the same network? Mellanox OFED	4	435	June 18, 2017
Connectx-6DX Flow Hardware Offload Ethernet Adapter Cards	4	966	February 2, 2024
Issue with Mellanox ConnectX-5 100Gbit Card and Driver Installation Mellanox OFED	2	929	March 20, 2024
Kernel Oops in rdma_disconnect [rdma_cm] / MLX_OFED drivers / ConnectX-4 Lx EN Software And Drivers	1	309	October 21, 2020
link down and ip address lost with mellanox ofed 100G card Ethernet Adapter Cards	4	399	July 11, 2017
Use RoCE with ovs hardware offload Mellanox OFED	3	1137	June 14, 2023

IPSec Offload in ConnectX-6 NIC

Related topics