I was able to offload IPsec through both strongswan and ip xfrm. I can observe ESP frames through tcpdump in both approaches with iperf and jumbo frames. However:
there is a significant performance impact with the offload, Is this expected? any way to tune this further?
RoCE V2 does not seem to get encrypted after setting IPsec on the NIC. Is there any extra step to getting RDMA to use IPsec?
Can you provide more details on your environment? Are you using OFED or Upstream kernel drivers? If upstream which kernel version are you using? Is this IPSec Full Offload? We had a bug with IPSec offload in our kernel driver which was fixed upstream in kernel 6.15. Its been merged to OFED 25.07 which hasn’t been released yet. This is the patch series: Making sure you're not a bot!