diff options
author | Neale Ranns <neale.ranns@cisco.com> | 2018-02-05 01:13:38 -0800 |
---|---|---|
committer | Damjan Marion <dmarion.lists@gmail.com> | 2018-02-09 13:17:54 +0000 |
commit | bc27d1be24815e1371dcce3bff2d3075a532acba (patch) | |
tree | c17db02fefb19ce593de5ddb2444f4c97e074492 /src/plugins/gbp/gbp.h | |
parent | ef56fae51a8683ec6ceeb01e1374cde2ba30c1e5 (diff) |
GBP plugin
Group Base Policy (GBP) defines:
- endpoints: typically a VM or container that is connected to the
virtual switch/router (i.e. to VPP)
- endpoint-group: (EPG) a collection of endpoints
- policy: rules determining which traffic can pass between EPGs a.k.a
a 'contract'
Here, policy is implemented via an ACL.
EPG classification for transit packets is determined by:
- source EPG: from the packet's input interface
- destination EPG: from the packet's destination IP address.
Change-Id: I7b983844826b5fc3d49e21353ebda9df9b224e25
Signed-off-by: Neale Ranns <neale.ranns@cisco.com>
Diffstat (limited to 'src/plugins/gbp/gbp.h')
-rw-r--r-- | src/plugins/gbp/gbp.h | 135 |
1 files changed, 135 insertions, 0 deletions
diff --git a/src/plugins/gbp/gbp.h b/src/plugins/gbp/gbp.h new file mode 100644 index 00000000000..334a7438f53 --- /dev/null +++ b/src/plugins/gbp/gbp.h @@ -0,0 +1,135 @@ +/* + * Copyright (c) 2013 Cisco and/or its affiliates. + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at: + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +/** + * Group Base Policy (GBP) defines: + * - endpoints: typically a VM or container that is connected to the + * virtual switch/router (i.e. to VPP) + * - endpoint-group: (EPG) a collection of endpoints + * - policy: rules determining which traffic can pass between EPGs a.k.a + * a 'contract' + * + * Here, policy is implemented via an ACL. + * EPG classification for transit packets is determined by: + * - source EPG: from the packet's input interface + * - destination EPG: from the packet's destination IP address. + * + */ + +#ifndef included_vnet_gbp_h +#define included_vnet_gbp_h + +#include <vlib/vlib.h> +#include <vnet/vnet.h> +#include <vnet/ip/ip.h> + +typedef u32 epg_id_t; +#define EPG_INVALID (~0) + +/** + * The key for an Endpoint + */ +typedef struct gbp_endpoint_key_t_ +{ + /** + * The interface on which the EP is connected + */ + u32 gek_sw_if_index; + + /** + * The IP[46] address of the endpoint + */ + ip46_address_t gek_ip; +} gbp_endpoint_key_t; + +/** + * A Group Based Policy Endpoint. + * This is typcially a VM on the local compute node for which policy must be + * locally applied + */ +typedef struct gbp_endpoint_t_ +{ + /** + * The endpoint's interface and IP address + */ + gbp_endpoint_key_t *ge_key; + + /** + * The endpoint's designated EPG + */ + epg_id_t ge_epg_id; +} gbp_endpoint_t; + +extern void gbp_endpoint_update (u32 sw_if_index, + const ip46_address_t * ip, epg_id_t epg_id); +extern void gbp_endpoint_delete (u32 sw_if_index, const ip46_address_t * ip); + +typedef int (*gbp_endpoint_cb_t) (gbp_endpoint_t * gbpe, void *ctx); +extern void gbp_endpoint_walk (gbp_endpoint_cb_t bgpe, void *ctx); + + +/** + * The key for an Contract + */ +typedef struct gbp_contract_key_t_ +{ + union + { + struct + { + /** + * source and destination EPGs for which the ACL applies + */ + epg_id_t gck_src; + epg_id_t gck_dst; + }; + u64 as_u64; + }; +} gbp_contract_key_t; + +/** + * A Group Based Policy Contract. + * Determines the ACL that applies to traffic pass between two endpoint groups + */ +typedef struct gbp_contract_t_ +{ + /** + * source and destination EPGs + */ + gbp_contract_key_t gc_key; + + /** + * The ACL to apply for packets from the source to the destination EPG + */ + u32 gc_acl_index;; +} gbp_contract_t; + + +extern void gbp_contract_update (epg_id_t src_epg, + epg_id_t dst_epg, u32 acl_index); +extern void gbp_contract_delete (epg_id_t src_epg, epg_id_t dst_epg); + +typedef int (*gbp_contract_cb_t) (gbp_contract_t * gbpe, void *ctx); +extern void gbp_contract_walk (gbp_contract_cb_t bgpe, void *ctx); + +#endif + +/* + * fd.io coding-style-patch-verification: ON + * + * Local Variables: + * eval: (c-set-style "gnu") + * End: + */ |