IPSec Slow Path Data Plane

This chapter describes the following topics:

Feature Summary and Revision History

Summary Data

Applicable Product(s) or Functional Area

IPSec (ACL Mode)

Applicable Platform(s)

VPC-SI

Feature Default

Disabled - Configuration Required

Related Changes in This Release

Not applicable

Related Documentation

  • Command Line Interface Reference

  • IPSec Administration Guide

Revision History

Revision Details

Release

First introduced.

21.9

Feature Description

Once this feature is enabled which is CLI controlled, IPSec data plane operations are handled in slow path IPSec Manager. For each IKEv1/IKEv2 Crypto Map one IPsec Manager is spawned. Once maximum limit is reached, the new Crypto Map starts reusing existing IPSec Manager. The CLI command controlling this feature must be configured during the boot time.

Limitations

This section describes the known limitations for IPSec Software Data Path feature

  • Transport mode IPsec is not supported.

  • Associating IPSec Software Data Path to Virtual Routing and Forwarding (VRF) is not supported.

Configuring IPSec Software Data Path

This section provides information on CLI commands available in support of this feature.

Configuring IPSec Software Data Path

Use the following configuration to enable IPSec Software Data Path for IKEv1/IKEv2 Maps.

configure  
 [ no ] require crypto { ikev1-acl software | ikev2-acl software }  
 end 

NOTES:

  • require crypto : Enables Crypto related parameters.

  • ikev1-acl : Configures IKEv1-ACL IPSec sessions.

  • ikev2-acl : Configures IKEv2-ACL IPSec sessions.

  • software : IPSec Manager performs encryption, decryption and DH calculations.

  • no : Disables IPSEC Manager from encryption, decryption and DH calculations.

Monitoring and Troubleshooting

This section provides information on the show commands available to support IPSec Software Data Path for IKEv1/IKEv2 Maps.

Show Commands and Outputs

This section provides information on show commands and their corresponding outputs for the IPSec Software Data Path for IKEv1/IKEv2 Maps:

show configuration

The output of this command includes the following fields:

  • require ikev1-acl software

  • require ikev2-acl software