diff options
| author |   Tibor Frank <tifrank@cisco.com> | 2023-05-03 13:53:27 +0000 |
|---|---|---|
| committer | Tibor Frank <tifrank@cisco.com> | 2023-05-09 05:56:22 +0000 |
| commit | 374954b9d648f503f6783325a1266457953a998d (patch) | |
| tree | 5514dee6af2a2e069189efe39d4e929dd25721f7 /docs/content/methodology/access_control_lists.md | |
| parent | 46eac7bb697e8261dba5b439a15f5a6125f31760 (diff) | |
C-Docs: New structure
Change-Id: I73d107f94b28b138f3350a9e1eedb0555583a9ca
Signed-off-by: Tibor Frank <tifrank@cisco.com>
Diffstat (limited to 'docs/content/methodology/access_control_lists.md')
| -rw-r--r-- | docs/content/methodology/access_control_lists.md | 70 |
1 files changed, 0 insertions, 70 deletions
diff --git a/docs/content/methodology/access_control_lists.md b/docs/content/methodology/access_control_lists.md deleted file mode 100644 index 9767d3f86a..0000000000 --- a/docs/content/methodology/access_control_lists.md +++ /dev/null @@ -1,70 +0,0 @@ ---- -title: "Access Control Lists" -weight: 12 ---- - -# Access Control Lists - -VPP is tested in a number of data plane feature configurations across -different forwarding modes. Following sections list features tested. - -## ACL Security-Groups - -Both stateless and stateful access control lists (ACL), also known as -security-groups, are supported by VPP. - -Following ACL configurations are tested for MAC switching with L2 -bridge-domains: - -- *l2bdbasemaclrn-iacl{E}sl-{F}flows*: Input stateless ACL, with {E} - entries and {F} flows. -- *l2bdbasemaclrn-oacl{E}sl-{F}flows*: Output stateless ACL, with {E} - entries and {F} flows. -- *l2bdbasemaclrn-iacl{E}sf-{F}flows*: Input stateful ACL, with {E} - entries and {F} flows. -- *l2bdbasemaclrn-oacl{E}sf-{F}flows*: Output stateful ACL, with {E} - entries and {F} flows. - -Following ACL configurations are tested with IPv4 routing: - -- *ip4base-iacl{E}sl-{F}flows*: Input stateless ACL, with {E} entries - and {F} flows. -- *ip4base-oacl{E}sl-{F}flows*: Output stateless ACL, with {E} entries - and {F} flows. -- *ip4base-iacl{E}sf-{F}flows*: Input stateful ACL, with {E} entries and - {F} flows. -- *ip4base-oacl{E}sf-{F}flows*: Output stateful ACL, with {E} entries - and {F} flows. - -ACL tests are executed with the following combinations of ACL entries -and number of flows: - -- ACL entry definitions - - - flow non-matching deny entry: (src-ip4, dst-ip4, src-port, dst-port). - - flow matching permit ACL entry: (src-ip4, dst-ip4). - -- {E} - number of non-matching deny ACL entries, {E} = [1, 10, 50]. -- {F} - number of UDP flows with different tuple (src-ip4, dst-ip4, - src-port, dst-port), {F} = [100, 10k, 100k]. -- All {E}x{F} combinations are tested per ACL type, total of 9. - -## ACL MAC-IP - -MAC-IP binding ACLs are tested for MAC switching with L2 bridge-domains: - -- *l2bdbasemaclrn-macip-iacl{E}sl-{F}flows*: Input stateless ACL, with - {E} entries and {F} flows. - -MAC-IP ACL tests are executed with the following combinations of ACL -entries and number of flows: - -- ACL entry definitions - - - flow non-matching deny entry: (dst-ip4, dst-mac, bit-mask) - - flow matching permit ACL entry: (dst-ip4, dst-mac, bit-mask) - -- {E} - number of non-matching deny ACL entries, {E} = [1, 10, 50] -- {F} - number of UDP flows with different tuple (dst-ip4, dst-mac), - {F} = [100, 10k, 100k] -- All {E}x{F} combinations are tested per ACL type, total of 9. |