- Proposed title of this feature request
AES-128-GCM Algorithm Support for IPSec tunneling in Openshift
2. What is the nature and description of the request?
Currently our customers are using 10G NICs like Intel 82599 for supporting the high speed traffic. These NICs are used by fastpath applications which are very performance sensitive. When any fastpath application running on these 10G NICs tries to do the IPSec tunneling support, it impacts heavily to the performance. So customer wants to do the Offloading of IPSec tunneling to NIC. As per data sheet, 10G NICs like Intel 82599 supports the IPSec offloading for the Algorithm like AES-128-GCM. Although Openshift supports the configuration of IPSec tunneling, but it allows ONLY for the AES-GCM-16-256(refer the OCP 4.7 doc). So customer is seriously looking for the IPSec harware offload support for Intel 82599. So please support it. Also OpenShift document should clearly specify how to select the different IPSec tunneling Algorithms like AES-128-GCM or AES-GCM-16-256 as per the need of the customer.
3. Why does the customer need this? (List the business requirements here)
As discussed above, it is very much essential, for the fastpath application support. It is the need of the hour mostly for the telecom customers .
The case associated with this RFE is #02884421
OCP Document for IPSec Support:
4. List any affected packages or components.
OpenShift