Skip to content

MACsec/ MKA model reworked (on dev_macsec branch) based on review comments from PR #408 (on macsec branch) #412

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
apratimmukherjee merged 46 commits into from
Mar 7, 2025
Merged

MACsec/ MKA model reworked (on dev_macsec branch) based on review comments from PR #408 (on macsec branch) #412

apratimmukherjee merged 46 commits into from
Mar 7, 2025

Conversation

@sasubrata
Copy link
Contributor

@sasubrata sasubrata commented Mar 4, 2025
edited by apratimmukherjee
Loading

MACsec/ MKA model reworked (on dev_macsec brnach ) based on review comments from PR #408 (on macsec branch)

Redocli view : https://redocly.github.io/redoc/?url=https://raw.githubusercontent.com/open-traffic-generator/models/dev_macsec/artifacts/openapi.yaml&nocors#tag/Configuration/operation/set_config

Config Changes:

  • MKA

    • moved inside MACsec
    • Tx SC property restuctured
    • kay name changed to mka for easy understanding
    • eapol ethernet type, PSK key chain start time added to basic

  • MACsec

    • encapsulation choice in MACsec:
    • secy renamed to secure_channel
    • crypto engine type names changed to: encrypt_only and encrypt_decrypt
    • all hex string min/ max lengths corrected

Metric: changes:

  • MACsec

    • secy_names renamed to secure_entity_names

  • MKA

    • kay_names renamed to peer_names

Changes not done

  • key start time field string format HH:MM kept as it is instead of splitting into sub fields hh and mm
  • PSK key chain start time field kept as DD-MM-YYYY HH:MM:SS. Shall we split into 6 sub fields - dd, mm, yyyy, hh, mm, ss too?

Open items:

  1. How do we add IP over MACsec?

    • This is allowed only for encrypt_decrypt crypto engine type.
    • If MACsec is configured on an emulated ethernet interface, any protocol (e.g. IP) except (MKA) configured on the ethernet will be added on MACsec.

  2. Can we add IP over ethernet and IP over MACsec for same emulated ethernet interface?

  • No, we cannot do. It will always be IP over MACsec as mentioned in item 1) above.
  • We cannot send mix of MACsec and non-MACsec IP packets from same ethernet address.
  • However we can send non-MACsec IP packet from one ethernet address and MACsec IP packet from another ethernet address.
  1. Additional metrics for hardware acceleration
  • One set of stats will include stats for all crypo engine variants. snappi or other model user should validate if unsupported stat is fetched for a variant i.e. hardware acceleration specific metric e.g. multicast MACsec bytes/ packets Tx cannot be fetched when hardware acceleration is off.

@sasubrata sasubrata changed the title Dev macsec MACsec/ MKA model reworked (on dev_macsec brnach ) based on review comments from PR #408 (on macsec branch) Mar 4, 2025
@sasubrata sasubrata changed the title MACsec/ MKA model reworked (on dev_macsec brnach ) based on review comments from PR #408 (on macsec branch) MACsec/ MKA model reworked (on dev_macsec branch ) based on review comments from PR #408 (on macsec branch) Mar 4, 2025
@apratimmukherjee

This comment was marked as resolved.

Sign in to view
@apratimmukherjee apratimmukherjee added the enhancement New feature or request label Mar 5, 2025
apratimmukherjee

This comment was marked as resolved.

Sign in to view

sasubrata and others added 18 commits March 5, 2025 20:17
@sasubrata
Split time offset and key chain start time into subfields
d79bb26
@actions-user
Update auto generated content
54a0890
@sasubrata
Fix time fields
58c9d55
@actions-user
Update auto generated content
8ec997e
@sasubrata
Fix time fields
3b8f846
@sasubrata
Merge branch 'dev_macsec' of https://github.com/open-traffic-generato…
4f18748 
…r/models into dev_macsec
@actions-user
Update auto generated content
468460f
@sasubrata
Add integer format to time subfields
6c143f5
@sasubrata
Change class name from Macsec to SecureEntity to match field name sec…
2a97b27 
…ure_entity
@actions-user
Update auto generated content
17a822e
@sasubrata
Change description of psk_chain_start_time
988a37d
@actions-user
Update auto generated content
584f994
@sasubrata
Try to set psk chain start time description from the field descriptio…
5ad62b2 
…n itself
@actions-user
Update auto generated content
97eb41d
@sasubrata
Move re-shared key(PSK) chain start time description
ab0a006
@actions-user
Update auto generated content
938bb1d
@sasubrata
Add lifetime validity information
d2d4a90
@actions-user
Update auto generated content
1799329
apratimmukherjee
apratimmukherjee approved these changes Mar 7, 2025
View reviewed changes
@apratimmukherjee apratimmukherjee merged commit 740a2d1 into master Mar 7, 2025
@apratimmukherjee apratimmukherjee deleted the dev_macsec branch March 7, 2025 15:29
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@apratimmukherjee apratimmukherjee apratimmukherjee approved these changes

@SuryyaKrJana SuryyaKrJana SuryyaKrJana approved these changes

@dkrabort dkrabort dkrabort approved these changes

@alakendu alakendu Awaiting requested review from alakendu

@kamalsahu0001 kamalsahu0001 Awaiting requested review from kamalsahu0001

@arkajyoti-cloud arkajyoti-cloud Awaiting requested review from arkajyoti-cloud

Assignees

No one assigned

Labels

enhancement New feature or request

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

6 participants

@sasubrata @apratimmukherjee @SuryyaKrJana @dkrabort @actions-user