aboutsummaryrefslogtreecommitdiffstats
path: root/docs/report/introduction/methodology_acls.rst
diff options
context:
space:
mode:
authorTibor Frank <tifrank@cisco.com>2023-05-03 13:53:27 +0000
committerTibor Frank <tifrank@cisco.com>2023-05-09 05:56:22 +0000
commit374954b9d648f503f6783325a1266457953a998d (patch)
tree5514dee6af2a2e069189efe39d4e929dd25721f7 /docs/report/introduction/methodology_acls.rst
parent46eac7bb697e8261dba5b439a15f5a6125f31760 (diff)
C-Docs: New structure
Change-Id: I73d107f94b28b138f3350a9e1eedb0555583a9ca Signed-off-by: Tibor Frank <tifrank@cisco.com>
Diffstat (limited to 'docs/report/introduction/methodology_acls.rst')
-rw-r--r--docs/report/introduction/methodology_acls.rst68
1 files changed, 0 insertions, 68 deletions
diff --git a/docs/report/introduction/methodology_acls.rst b/docs/report/introduction/methodology_acls.rst
deleted file mode 100644
index 512532fead..0000000000
--- a/docs/report/introduction/methodology_acls.rst
+++ /dev/null
@@ -1,68 +0,0 @@
-Access Control Lists
---------------------
-
-VPP is tested in a number of data plane feature configurations across
-different forwarding modes. Following sections list features tested.
-
-ACL Security-Groups
-~~~~~~~~~~~~~~~~~~~
-
-Both stateless and stateful access control lists (ACL), also known as
-security-groups, are supported by VPP.
-
-Following ACL configurations are tested for MAC switching with L2
-bridge-domains:
-
-- *l2bdbasemaclrn-iacl{E}sl-{F}flows*: Input stateless ACL, with {E}
- entries and {F} flows.
-- *l2bdbasemaclrn-oacl{E}sl-{F}flows*: Output stateless ACL, with {E}
- entries and {F} flows.
-- *l2bdbasemaclrn-iacl{E}sf-{F}flows*: Input stateful ACL, with {E}
- entries and {F} flows.
-- *l2bdbasemaclrn-oacl{E}sf-{F}flows*: Output stateful ACL, with {E}
- entries and {F} flows.
-
-Following ACL configurations are tested with IPv4 routing:
-
-- *ip4base-iacl{E}sl-{F}flows*: Input stateless ACL, with {E} entries
- and {F} flows.
-- *ip4base-oacl{E}sl-{F}flows*: Output stateless ACL, with {E} entries
- and {F} flows.
-- *ip4base-iacl{E}sf-{F}flows*: Input stateful ACL, with {E} entries and
- {F} flows.
-- *ip4base-oacl{E}sf-{F}flows*: Output stateful ACL, with {E} entries
- and {F} flows.
-
-ACL tests are executed with the following combinations of ACL entries
-and number of flows:
-
-- ACL entry definitions
-
- - flow non-matching deny entry: (src-ip4, dst-ip4, src-port, dst-port).
- - flow matching permit ACL entry: (src-ip4, dst-ip4).
-
-- {E} - number of non-matching deny ACL entries, {E} = [1, 10, 50].
-- {F} - number of UDP flows with different tuple (src-ip4, dst-ip4,
- src-port, dst-port), {F} = [100, 10k, 100k].
-- All {E}x{F} combinations are tested per ACL type, total of 9.
-
-ACL MAC-IP
-~~~~~~~~~~
-
-MAC-IP binding ACLs are tested for MAC switching with L2 bridge-domains:
-
-- *l2bdbasemaclrn-macip-iacl{E}sl-{F}flows*: Input stateless ACL, with
- {E} entries and {F} flows.
-
-MAC-IP ACL tests are executed with the following combinations of ACL
-entries and number of flows:
-
-- ACL entry definitions
-
- - flow non-matching deny entry: (dst-ip4, dst-mac, bit-mask)
- - flow matching permit ACL entry: (dst-ip4, dst-mac, bit-mask)
-
-- {E} - number of non-matching deny ACL entries, {E} = [1, 10, 50]
-- {F} - number of UDP flows with different tuple (dst-ip4, dst-mac),
- {F} = [100, 10k, 100k]
-- All {E}x{F} combinations are tested per ACL type, total of 9.