starlingx/docs
Code Issues Proposed changes

Add warning to alert customers on the CPU impact due to IPSec policies

Browse Source 
Story: 2011127
Task: 52808

Change-Id: Ib04943a119b807912e55314b168f381c6644c3c2
Signed-off-by: Ngairangbam Mili <ngairangbam.mili@windriver.com>
This commit is contained in:
Ngairangbam Mili
2025-09-15 02:56:38 +00:00
parent 6c4689af7f
commit 99b33d0aa2
2 changed files with 42 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

24
doc/source/security/kubernetes/configure-ipsec-for-selected-inter-host-pod-to-pod-traffic-usi-8cb9b4342b5d.rst
View File

@@ -7,6 +7,30 @@
Configure IPsec for Selected Inter-host Pod-to-pod Traffic using IPsec Policies Configure IPsec for Selected Inter-host Pod-to-pod Traffic using IPsec Policies
=============================================================================== ===============================================================================
.. note::
Configuring IPSec policies on podtopod traffic may degrade the CPU
performance. Refer to the following approximate pod and node impacts for
both transmitting and receiving sides based on the traffic rate between 25
Mbps and 500 Mbps.
+-----+--------------+-------------+
| | Transmit | Receive |
+-----+--------------+-------------+
| Pod | 50-100% | 0% |
+-----+--------------+-------------+
| Node| 30-90% | 5-40% |
+-----+--------------+-------------+
Ensure that adequate resources are available to support sustained and peak
internode traffic.
.. rubric:: |prereq|
The ipsec-policy-operator application must be installed and in the applied
state before configuring the IPsec policies |CRD|. To apply the application,
see :ref:`install-ipsec-policy-operator-system-application-95ae437a67e2`.
.. rubric:: |proc| .. rubric:: |proc|
#. Create the IPsec policy. #. Create the IPsec policy.

18
doc/source/security/kubernetes/install-ipsec-policy-operator-system-application-95ae437a67e2.rst
View File

@@ -18,3 +18,21 @@ the following command:
Once the system application is installed, ``ipsecpolicies.starlingx.io`` |CRD| Once the system application is installed, ``ipsecpolicies.starlingx.io`` |CRD|
will be created. will be created.
.. note::
Configuring IPSec policies on podtopod traffic may degrade the CPU
performance. Refer to the following approximate pod and node impacts for
both transmitting and receiving sides based on the traffic rate between 25
Mbps and 500 Mbps.
+-----+--------------+-------------+
| | Transmit | Receive |
+-----+--------------+-------------+
| Pod | 50-100% | 0% |
+-----+--------------+-------------+
| Node| 30-90% | 5-40% |
+-----+--------------+-------------+
Ensure that adequate resources are available to support sustained and peak
internode traffic.