Performance Test Procedure
Rev 1.2
13
Mellanox Technologies
Step 4.
Check the IPsec counters before processing offloaded traffic on both gateways:
4.1.4 Setting up IPsec Tunnel
Step 1.
Set up the IPsec tunnels between the two gateway servers using the script provided with the
Innova IPsec software package. Replace gateway-d with the management DNS name or IP
address of Gateway D server:
Step 2.
Verify forwarding connectivity between the two servers. At this point, traffic should be encap-
sulated and encrypted:
[root@gateway-c ~]# ethtool -S ens2 | grep ipsec
ipsec_dec_in_packets: 0
ipsec_dec_out_packets: 0
ipsec_dec_bypass_packets: 6
ipsec_enc_in_packets: 0
ipsec_enc_out_packets: 0
ipsec_enc_bypass_packets: 6
ipsec_dec_drop_packets: 0
ipsec_dec_auth_fail_packets: 0
ipsec_enc_drop_packets: 0
ipsec_add_sa_success: 0
ipsec_add_sa_fail: 0
ipsec_del_sa_success: 0
ipsec_del_sa_fail: 0
ipsec_cmd_drop: 0
[root@gateway-d ~]# ethtool -S ens2 | grep ipsec
...
[root@gateway-c ~]# ./xfrm-offload-tunnel.sh -both -256 192.168.7.2 ens2 192.168.7.9
ens2 gateway-d 192.168.8.2 192.168.9.2
[root@gateway-c ~]# ./xfrm-offload-tunnel.sh -both -a -256 192.168.7.2 ens2 192.168.7.9
ens2 gateway-d 192.168.8.3 192.168.9.3
[root@gateway-c ~]# ./xfrm-offload-tunnel.sh -both -a -256 192.168.7.2 ens2 192.168.7.9
ens2 gateway-d 192.168.8.4 192.168.9.4
[root@server-a ~]# ping 192.168.9.2
[root@server-b ~]# ping 192.168.8.2
