RDMA Encryption on BlueField-3

Continuing the discussion from IPSec RDMA using Bluefield-3: IPSec RDMA using Bluefield-3

I am facing exactly the same issues as described by the original post in the thread cited above. I am already following the step-by-step guide given in the reply, but still have the same performance problem. While my RDMA bandwidth and latency performance worsen a lot with the ip xfrm rules in place for HW-offload of IPSec encryption / decryption, I can still see plaintext RDMA messages in my tcpdumps taken on the BlueField ARM-cores. Are there any further steps that are required for the crypto-offload?

Besides that: What is the expected throughput of the HW-offloaded crypto-module? Does it match the line rate speed of the RDMA network traffic (i.e. 100G in a correctly configured network)?

Thanks a lot for your support!

If you require more in-depth assistance after reading the below, and you have a valid NVIDIA Enterprise Support Entitlement, we highly recommend opening a support ticket with NVIDIA Enterprise Experience for further triage and assistance.

https://docs.nvidia.com/networking/display/bluefielddpubspv403/ipsec-functionality

IPsec Functionality

Transparent IPsec Encryption and Decryption

IPsec Hardware Offload: Crypto Offload

IPsec Hardware Offload: Full Offload

Enabling IPsec Full Offload

Configuring IPsec Rules with iproute2

IPsec Full Offload strongSwan Support

Setting IPSec Full Offload Using strongSwan

Running strongSwan Example

Building strongSwan

IPsec Full Offload and OVS Offload

OVS IPsec

Configuring IPsec Tunnel

Authentication Methods

Ensuring IPsec is Configured

Troubleshooting