diff options
author | Gabriel Ganne <gabriel.ganne@enea.com> | 2017-10-02 11:41:24 +0200 |
---|---|---|
committer | Damjan Marion <dmarion.lists@gmail.com> | 2017-11-10 20:25:10 +0000 |
commit | 8527f12b525181b47cc7c0c9e943a743b1a3b19e (patch) | |
tree | a4a407a2d1b25fc42f80ff06b952271a72f60025 | |
parent | f616d10d04d5c444e20e617841a54cfb2c58d07d (diff) |
add classify session action set-sr-policy-index
This allows to use the classifier to steer source routing packets instead
of using the "sr steer" command.
This way we can steer on anything instead of only the dst ip address.
test:
* add add_node_next function to the VppPapiProvider class.
* add simple test scenario using the classifier to steer packets with
dest ip addr == a7::/8 to the source routing insert node.
* use new interface indexes (3,4) instead of (0,1) to prevent a cleanup
conflict with the other tests which attach a specific fib to the
interface.
The test creates interfaces sepsrated from the other tests to prevent a
conflict in the cleaning of the ip6 fib index 1 which causes vpp not to
be able to find a default route on this table.
Change-Id: Ibacb30fab3ce53f0dfe848ca6a8cdf0d111d8336
Signed-off-by: Gabriel Ganne <gabriel.ganne@enea.com>
-rw-r--r-- | src/vnet/classify/classify.api | 5 | ||||
-rw-r--r-- | src/vnet/classify/vnet_classify.c | 10 | ||||
-rw-r--r-- | src/vnet/classify/vnet_classify.h | 1 | ||||
-rw-r--r-- | src/vnet/ip/ip_input_acl.c | 2 | ||||
-rw-r--r-- | src/vnet/srv6/sr_steering.md | 24 | ||||
-rw-r--r-- | test/test_srv6.py | 145 | ||||
-rw-r--r-- | test/vpp_papi_provider.py | 10 |
7 files changed, 196 insertions, 1 deletions
diff --git a/src/vnet/classify/classify.api b/src/vnet/classify/classify.api index de9de773858..9d666ee35a5 100644 --- a/src/vnet/classify/classify.api +++ b/src/vnet/classify/classify.api @@ -90,8 +90,13 @@ define classify_add_del_table_reply 2: Classified IP packets will be looked up from the specified ipv6 fib table (configured by metadata as VRF id). Only valid for L3 input ACL node + 3: Classified packet will be steered to source routig policy + of given index (in metadata). + This is only valid for IPv6 packets redirected to a source + routing node. @param metadata - valid only if action != 0 VRF id if action is 1 or 2. + sr policy index if action is 3. @param match[] - for add, match value for session, required */ autoreply define classify_add_del_session diff --git a/src/vnet/classify/vnet_classify.c b/src/vnet/classify/vnet_classify.c index f2fe23b3231..d634550bafd 100644 --- a/src/vnet/classify/vnet_classify.c +++ b/src/vnet/classify/vnet_classify.c @@ -373,6 +373,8 @@ vnet_classify_entry_claim_resource (vnet_classify_entry_t *e) case CLASSIFY_ACTION_SET_IP6_FIB_INDEX: fib_table_lock (e->metadata, FIB_PROTOCOL_IP6, FIB_SOURCE_CLASSIFY); break; + case CLASSIFY_ACTION_SET_SR_POLICY_INDEX: + break; } } @@ -387,6 +389,8 @@ vnet_classify_entry_release_resource (vnet_classify_entry_t *e) case CLASSIFY_ACTION_SET_IP6_FIB_INDEX: fib_table_unlock (e->metadata, FIB_PROTOCOL_IP6, FIB_SOURCE_CLASSIFY); break; + case CLASSIFY_ACTION_SET_SR_POLICY_INDEX: + break; } } @@ -2104,6 +2108,8 @@ int vnet_classify_add_del_session (vnet_classify_main_t * cm, e->metadata = fib_table_find_or_create_and_lock (FIB_PROTOCOL_IP6, metadata, FIB_SOURCE_CLASSIFY); + else if (e->action == CLASSIFY_ACTION_SET_SR_POLICY_INDEX) + e->metadata = metadata; else e->metadata = 0; @@ -2172,6 +2178,8 @@ classify_session_command_fn (vlib_main_t * vm, action = 1; else if (unformat (input, "action set-ip6-fib-id %d", &metadata)) action = 2; + else if (unformat (input, "action set-sr-policy-index %d", &metadata)) + action = 3; else { /* Try registered opaque-index unformat fns */ @@ -2217,7 +2225,7 @@ VLIB_CLI_COMMAND (classify_session_command, static) = { "classify session [hit-next|l2-hit-next|" "acl-hit-next <next_index>|policer-hit-next <policer_name>]" "\n table-index <nn> match [hex] [l2] [l3 ip4] [opaque-index <index>]" - "\n [action set-ip4-fib-id <n>] [action set-ip6-fib-id <n>] [del]", + "\n [action set-ip4-fib-id|set-ip6-fib-id|set-sr-policy-index <n>] [del]", .function = classify_session_command_fn, }; diff --git a/src/vnet/classify/vnet_classify.h b/src/vnet/classify/vnet_classify.h index 1eb5b14d024..c4a5a61364c 100644 --- a/src/vnet/classify/vnet_classify.h +++ b/src/vnet/classify/vnet_classify.h @@ -66,6 +66,7 @@ typedef enum vnet_classify_action_t_ { CLASSIFY_ACTION_SET_IP4_FIB_INDEX = 1, CLASSIFY_ACTION_SET_IP6_FIB_INDEX = 2, + CLASSIFY_ACTION_SET_SR_POLICY_INDEX = 3, } __attribute__ ((packed)) vnet_classify_action_t; struct _vnet_classify_main; diff --git a/src/vnet/ip/ip_input_acl.c b/src/vnet/ip/ip_input_acl.c index b0b52ab11c3..1dd5317ee24 100644 --- a/src/vnet/ip/ip_input_acl.c +++ b/src/vnet/ip/ip_input_acl.c @@ -288,6 +288,8 @@ ip_inacl_inline (vlib_main_t * vm, if (e0->action == CLASSIFY_ACTION_SET_IP4_FIB_INDEX || e0->action == CLASSIFY_ACTION_SET_IP6_FIB_INDEX) vnet_buffer (b0)->sw_if_index[VLIB_TX] = e0->metadata; + else if (e0->action == CLASSIFY_ACTION_SET_SR_POLICY_INDEX) + vnet_buffer (b0)->ip.adj_index[VLIB_TX] = e0->metadata; } else { diff --git a/src/vnet/srv6/sr_steering.md b/src/vnet/srv6/sr_steering.md index cf446f8171e..7e91892e0bc 100644 --- a/src/vnet/srv6/sr_steering.md +++ b/src/vnet/srv6/sr_steering.md @@ -1,5 +1,7 @@ # Steering packets into a SR Policy {#srv6_steering_doc} +## steer packets uging the sr steering policy + To steer packets in Transit into an SR policy (T.Insert, T.Encaps and T.Encaps.L2 behaviors), the user needs to create an 'sr steering policy'. sr steer l3 2001::/64 via sr policy index 1 @@ -9,3 +11,25 @@ To steer packets in Transit into an SR policy (T.Insert, T.Encaps and T.Encaps.L sr steer l2 TenGE0/1/0 via sr policy bsid cafe::1 Disclaimer: The T.Encaps.L2 will steer L2 frames into an SR Policy. Notice that creating an SR steering policy for L2 frames will actually automatically *put the interface into promiscous mode*. + +## steer packets using the classifier + +Another way to steer packet is to use the classifier. + +First the user need to manually add the source routing node to the list of the +ip6-inacl next nodes. +Using the python api this can be donne with: + + # jsonfiles = get list of json api files + vpp = VPP(jsonfiles) + vpp.add_node_next(node_name='ip6-inacl', next_name='sr-pl-rewrite-insert') + +Below is a classifier mask filtering all the packets from the interface +TenGigabitEthernet5/0/0 on ip version and moving all ipv6 packets to the +sr-pl-rewrite-insert node (dropping the others) and applying the source routing +index 2. +In essence, this means "apply this sr policy to all the packets from this interface) + + vpp# classify table miss-next 0 current-data-flag 1 mask hex f000000000000000 skip 0 + vpp# classify session acl-hit-next 1 table-index 0 match hex 6000000000000000 action set-sr-policy-index 2 + vpp# set interface input acl intfc TenGigabitEthernet5/0/0 ip6-table 0 diff --git a/test/test_srv6.py b/test/test_srv6.py index a31b30eb619..4a2ef016039 100644 --- a/test/test_srv6.py +++ b/test/test_srv6.py @@ -1,6 +1,7 @@ #!/usr/bin/env python import unittest +import binascii from socket import AF_INET6 from framework import VppTestCase, VppTestRunner @@ -1165,6 +1166,150 @@ class TestSRv6(VppTestCase): # cleanup interfaces self.teardown_interfaces() + def test_SRv6_T_Insert_Classifier(self): + """ Test SRv6 Transit.Insert behavior (IPv6 only). + steer packets using the classifier + """ + # send traffic to one destination interface + # source and destination are IPv6 only + self.setup_interfaces(ipv6=[False, False, False, True, True]) + + # configure FIB entries + route = VppIpRoute(self, "a4::", 64, + [VppRoutePath(self.pg4.remote_ip6, + self.pg4.sw_if_index, + proto=DpoProto.DPO_PROTO_IP6)], + is_ip6=1) + route.add_vpp_config() + + # configure encaps IPv6 source address + # needs to be done before SR Policy config + # TODO: API? + self.vapi.cli("set sr encaps source addr a3::") + + bsid = 'a3::9999:1' + # configure SRv6 Policy + # Note: segment list order: first -> last + sr_policy = VppSRv6Policy( + self, bsid=bsid, + is_encap=0, + sr_type=SRv6PolicyType.SR_POLICY_TYPE_DEFAULT, + weight=1, fib_table=0, + segments=['a4::', 'a5::', 'a6::c7'], + source='a3::') + sr_policy.add_vpp_config() + self.sr_policy = sr_policy + + # log the sr policies + self.logger.info(self.vapi.cli("show sr policies")) + + # add classify table + # mask on dst ip address prefix a7::/8 + mask = '{:0<16}'.format('ff') + r = self.vapi.classify_add_del_table( + 1, + binascii.unhexlify(mask), + match_n_vectors=(len(mask) - 1) // 32 + 1, + current_data_flag=1, + skip_n_vectors=2) # data offset + self.assertIsNotNone(r, msg='No response msg for add_del_table') + table_index = r.new_table_index + + # add the source routign node as a ip6 inacl netxt node + r = self.vapi.add_node_next('ip6-inacl', + 'sr-pl-rewrite-insert') + inacl_next_node_index = r.node_index + + match = '{:0<16}'.format('a7') + r = self.vapi.classify_add_del_session( + 1, + table_index, + binascii.unhexlify(match), + hit_next_index=inacl_next_node_index, + action=3, + metadata=0) # sr policy index + self.assertIsNotNone(r, msg='No response msg for add_del_session') + + # log the classify table used in the steering policy + self.logger.info(self.vapi.cli("show classify table")) + + r = self.vapi.input_acl_set_interface( + is_add=1, + sw_if_index=self.pg3.sw_if_index, + ip6_table_index=table_index) + self.assertIsNotNone(r, + msg='No response msg for input_acl_set_interface') + + # log the ip6 inacl + self.logger.info(self.vapi.cli("show inacl type ip6")) + + # create packets + count = len(self.pg_packet_sizes) + dst_inner = 'a7::1234' + pkts = [] + + # create IPv6 packets without SRH + packet_header = self.create_packet_header_IPv6(dst_inner) + # create traffic stream pg3->pg4 + pkts.extend(self.create_stream(self.pg3, self.pg4, packet_header, + self.pg_packet_sizes, count)) + + # create IPv6 packets with SRH + # packets with segments-left 1, active segment a7:: + packet_header = self.create_packet_header_IPv6_SRH( + sidlist=['a8::', 'a7::', 'a6::'], + segleft=1) + # create traffic stream pg3->pg4 + pkts.extend(self.create_stream(self.pg3, self.pg4, packet_header, + self.pg_packet_sizes, count)) + + # send packets and verify received packets + self.send_and_verify_pkts(self.pg3, pkts, self.pg4, + self.compare_rx_tx_packet_T_Insert) + + # remove the interface l2 input feature + r = self.vapi.input_acl_set_interface( + is_add=0, + sw_if_index=self.pg3.sw_if_index, + ip6_table_index=table_index) + self.assertIsNotNone(r, + msg='No response msg for input_acl_set_interface') + + # log the ip6 inacl after cleaning + self.logger.info(self.vapi.cli("show inacl type ip6")) + + # log the localsid counters + self.logger.info(self.vapi.cli("show sr localsid")) + + # remove classifier SR steering + # classifier_steering.remove_vpp_config() + self.logger.info(self.vapi.cli("show sr steering policies")) + + # remove SR Policies + self.sr_policy.remove_vpp_config() + self.logger.info(self.vapi.cli("show sr policies")) + + # remove classify session and table + r = self.vapi.classify_add_del_session( + 0, + table_index, + binascii.unhexlify(match)) + self.assertIsNotNone(r, msg='No response msg for add_del_session') + + r = self.vapi.classify_add_del_table( + 0, + binascii.unhexlify(mask), + table_index=table_index) + self.assertIsNotNone(r, msg='No response msg for add_del_table') + + self.logger.info(self.vapi.cli("show classify table")) + + # remove FIB entries + # done by tearDown + + # cleanup interfaces + self.teardown_interfaces() + def compare_rx_tx_packet_T_Encaps(self, tx_pkt, rx_pkt): """ Compare input and output packet after passing T.Encaps diff --git a/test/vpp_papi_provider.py b/test/vpp_papi_provider.py index 893ef0d89b9..66126c599ae 100644 --- a/test/vpp_papi_provider.py +++ b/test/vpp_papi_provider.py @@ -2753,3 +2753,13 @@ class VppPapiProvider(object): return self.api( self.papi.bier_disp_entry_dump, {'bde_tbl_id': bdti}) + + def add_node_next(self, node_name, next_name): + """ Set the next node for a given node request + + :param node_name: + :param next_name: + """ + return self.api(self.papi.add_node_next, + {'node_name': node_name, + 'next_name': next_name}) |