Community discussions

MikroTik App
 
mikruser
Long time Member
Long time Member
Topic Author
Posts: 578
Joined: Wed Jan 16, 2013 6:28 pm

Why Fast Path not supported with hardware accelerated IPsec?

Fri Feb 08, 2019 5:01 pm

Hello,

Why Fast Path not supported with hardware accelerated IPsec?
 
User avatar
sebastia
Forum Guru
Forum Guru
Posts: 1782
Joined: Tue Oct 12, 2010 3:23 am
Location: Antwerp, BE

Re: Why Fast Path not supported with hardware accelerated IPsec?

Fri Feb 08, 2019 7:01 pm

Packets of a fast-track-ed connection bypasses a lot of packet processing which is needed for ipsec.
IPSec processes (de- & encapsulation) each packet as it traverses the router, something that fast-track tries to avoid.
 
mikruser
Long time Member
Long time Member
Topic Author
Posts: 578
Joined: Wed Jan 16, 2013 6:28 pm

Re: Why Fast Path not supported with hardware accelerated IPsec?

Sat Nov 13, 2021 12:49 am

EoIP, GRE, IPIP, L2TP, PPPoE also do (de- & encapsulation), but FastPath/FastTrack supported
SNAT, DNAT also do packet processing, but FastPath/FastTrack supported

In that case, why not support FastTrack with hardware accelerated IPsec?
 
kblazewicz
just joined
Posts: 9
Joined: Sun Mar 22, 2020 3:39 pm
Location: Warsaw, Poland

Re: Why Fast Path not supported with hardware accelerated IPsec?

Sun Nov 14, 2021 10:17 pm

I don't know if anything changed since 2019, but on my hAP ac^2, ROS v6.49 Fast Path and IPsec with hw. offload seems to work.

> ip ipsec installed-sa print brief 
Flags: H - hw-aead, A - AH, E - ESP 
 #           SPI SRC-ADDRESS      DST-ADDRESS      AUTH-ALGORITHM ENC-ALGORITHM ENC-KEY-SIZE 
 0 HE  0xB9B496E xx.xx.xx.xx:4500 yy.yy.yy.yy:4500 sha256         aes-cbc       256 
 1 HE 0xCA97F92B yy.yy.yy.yy:4500 xx.xx.xx.xx:4500 sha256         aes-cbc       256
 
> interface bridge settings print 
              use-ip-firewall: no
     use-ip-firewall-for-vlan: no
    use-ip-firewall-for-pppoe: no
              allow-fast-path: yes
      bridge-fast-path-active: yes
     bridge-fast-path-packets: 13523898
       bridge-fast-path-bytes: 10433833975
  bridge-fast-forward-packets: 0
    bridge-fast-forward-bytes: 0

Who is online

Users browsing this forum: anav, intania, patrikg, SlotTech and 102 guests