diff options
Diffstat (limited to 'src/vnet')
-rw-r--r-- | src/vnet/classify/classify.api | 5 | ||||
-rw-r--r-- | src/vnet/classify/vnet_classify.c | 10 | ||||
-rw-r--r-- | src/vnet/classify/vnet_classify.h | 1 | ||||
-rw-r--r-- | src/vnet/ip/ip_input_acl.c | 2 | ||||
-rw-r--r-- | src/vnet/srv6/sr_steering.md | 24 |
5 files changed, 41 insertions, 1 deletions
diff --git a/src/vnet/classify/classify.api b/src/vnet/classify/classify.api index de9de773858..9d666ee35a5 100644 --- a/src/vnet/classify/classify.api +++ b/src/vnet/classify/classify.api @@ -90,8 +90,13 @@ define classify_add_del_table_reply 2: Classified IP packets will be looked up from the specified ipv6 fib table (configured by metadata as VRF id). Only valid for L3 input ACL node + 3: Classified packet will be steered to source routig policy + of given index (in metadata). + This is only valid for IPv6 packets redirected to a source + routing node. @param metadata - valid only if action != 0 VRF id if action is 1 or 2. + sr policy index if action is 3. @param match[] - for add, match value for session, required */ autoreply define classify_add_del_session diff --git a/src/vnet/classify/vnet_classify.c b/src/vnet/classify/vnet_classify.c index f2fe23b3231..d634550bafd 100644 --- a/src/vnet/classify/vnet_classify.c +++ b/src/vnet/classify/vnet_classify.c @@ -373,6 +373,8 @@ vnet_classify_entry_claim_resource (vnet_classify_entry_t *e) case CLASSIFY_ACTION_SET_IP6_FIB_INDEX: fib_table_lock (e->metadata, FIB_PROTOCOL_IP6, FIB_SOURCE_CLASSIFY); break; + case CLASSIFY_ACTION_SET_SR_POLICY_INDEX: + break; } } @@ -387,6 +389,8 @@ vnet_classify_entry_release_resource (vnet_classify_entry_t *e) case CLASSIFY_ACTION_SET_IP6_FIB_INDEX: fib_table_unlock (e->metadata, FIB_PROTOCOL_IP6, FIB_SOURCE_CLASSIFY); break; + case CLASSIFY_ACTION_SET_SR_POLICY_INDEX: + break; } } @@ -2104,6 +2108,8 @@ int vnet_classify_add_del_session (vnet_classify_main_t * cm, e->metadata = fib_table_find_or_create_and_lock (FIB_PROTOCOL_IP6, metadata, FIB_SOURCE_CLASSIFY); + else if (e->action == CLASSIFY_ACTION_SET_SR_POLICY_INDEX) + e->metadata = metadata; else e->metadata = 0; @@ -2172,6 +2178,8 @@ classify_session_command_fn (vlib_main_t * vm, action = 1; else if (unformat (input, "action set-ip6-fib-id %d", &metadata)) action = 2; + else if (unformat (input, "action set-sr-policy-index %d", &metadata)) + action = 3; else { /* Try registered opaque-index unformat fns */ @@ -2217,7 +2225,7 @@ VLIB_CLI_COMMAND (classify_session_command, static) = { "classify session [hit-next|l2-hit-next|" "acl-hit-next <next_index>|policer-hit-next <policer_name>]" "\n table-index <nn> match [hex] [l2] [l3 ip4] [opaque-index <index>]" - "\n [action set-ip4-fib-id <n>] [action set-ip6-fib-id <n>] [del]", + "\n [action set-ip4-fib-id|set-ip6-fib-id|set-sr-policy-index <n>] [del]", .function = classify_session_command_fn, }; diff --git a/src/vnet/classify/vnet_classify.h b/src/vnet/classify/vnet_classify.h index 1eb5b14d024..c4a5a61364c 100644 --- a/src/vnet/classify/vnet_classify.h +++ b/src/vnet/classify/vnet_classify.h @@ -66,6 +66,7 @@ typedef enum vnet_classify_action_t_ { CLASSIFY_ACTION_SET_IP4_FIB_INDEX = 1, CLASSIFY_ACTION_SET_IP6_FIB_INDEX = 2, + CLASSIFY_ACTION_SET_SR_POLICY_INDEX = 3, } __attribute__ ((packed)) vnet_classify_action_t; struct _vnet_classify_main; diff --git a/src/vnet/ip/ip_input_acl.c b/src/vnet/ip/ip_input_acl.c index b0b52ab11c3..1dd5317ee24 100644 --- a/src/vnet/ip/ip_input_acl.c +++ b/src/vnet/ip/ip_input_acl.c @@ -288,6 +288,8 @@ ip_inacl_inline (vlib_main_t * vm, if (e0->action == CLASSIFY_ACTION_SET_IP4_FIB_INDEX || e0->action == CLASSIFY_ACTION_SET_IP6_FIB_INDEX) vnet_buffer (b0)->sw_if_index[VLIB_TX] = e0->metadata; + else if (e0->action == CLASSIFY_ACTION_SET_SR_POLICY_INDEX) + vnet_buffer (b0)->ip.adj_index[VLIB_TX] = e0->metadata; } else { diff --git a/src/vnet/srv6/sr_steering.md b/src/vnet/srv6/sr_steering.md index cf446f8171e..7e91892e0bc 100644 --- a/src/vnet/srv6/sr_steering.md +++ b/src/vnet/srv6/sr_steering.md @@ -1,5 +1,7 @@ # Steering packets into a SR Policy {#srv6_steering_doc} +## steer packets uging the sr steering policy + To steer packets in Transit into an SR policy (T.Insert, T.Encaps and T.Encaps.L2 behaviors), the user needs to create an 'sr steering policy'. sr steer l3 2001::/64 via sr policy index 1 @@ -9,3 +11,25 @@ To steer packets in Transit into an SR policy (T.Insert, T.Encaps and T.Encaps.L sr steer l2 TenGE0/1/0 via sr policy bsid cafe::1 Disclaimer: The T.Encaps.L2 will steer L2 frames into an SR Policy. Notice that creating an SR steering policy for L2 frames will actually automatically *put the interface into promiscous mode*. + +## steer packets using the classifier + +Another way to steer packet is to use the classifier. + +First the user need to manually add the source routing node to the list of the +ip6-inacl next nodes. +Using the python api this can be donne with: + + # jsonfiles = get list of json api files + vpp = VPP(jsonfiles) + vpp.add_node_next(node_name='ip6-inacl', next_name='sr-pl-rewrite-insert') + +Below is a classifier mask filtering all the packets from the interface +TenGigabitEthernet5/0/0 on ip version and moving all ipv6 packets to the +sr-pl-rewrite-insert node (dropping the others) and applying the source routing +index 2. +In essence, this means "apply this sr policy to all the packets from this interface) + + vpp# classify table miss-next 0 current-data-flag 1 mask hex f000000000000000 skip 0 + vpp# classify session acl-hit-next 1 table-index 0 match hex 6000000000000000 action set-sr-policy-index 2 + vpp# set interface input acl intfc TenGigabitEthernet5/0/0 ip6-table 0 |