aboutsummaryrefslogtreecommitdiffstats
path: root/dpdk
AgeCommit message (Expand)AuthorFilesLines
2017-11-20dpdk: add support for DPDK 17.11Damjan Marion1-1/+6
2017-11-13Reduce number of parallel buildsDamjan Marion1-1/+1
2017-11-05dpdk: build nasm from sourceSergio Gonzalez Monroy1-1/+21
2017-10-10dpdk: patch to support bonded interface for MLX NICSteve Shin2-1/+64
2017-10-05dpdk/ipsec: rework plus improved cli commandsSergio Gonzalez Monroy1-2/+2
2017-09-12Add option to build without multi-buffer crypto.Thomas F Herbert1-2/+3
2017-09-11Improved arm64 chip detectionBrian Brooks1-11/+46
2017-08-31Native arm64 build: dpdk/Makefile changeBrian Brooks1-2/+11
2017-08-25dpdk: bump to dpdk 17.08, remove support for dpdk 17.02Damjan Marion1-3/+2
2017-08-25dpdk: required changes for 17.08Sergio Gonzalez Monroy1-14/+33
2017-08-22dpdk: define MACHINE before it is usedDamjan Marion1-2/+1
2017-08-21dpdk: disable tun/tap PMDDamjan Marion1-0/+1
2017-08-15Previous version was still downloading, unpacking and building IPSEC / AESMarco Varlese1-6/+12
2017-08-14dpdk: force libdir for isa-l crypto librarySergio Gonzalez Monroy1-1/+2
2017-08-14Added MD5SUM for DPDK 17.08 tarball as a first step towards migrationMarco Varlese1-0/+1
2017-08-09dpdk: only build SW crypto for x86_64 platformsSergio Gonzalez Monroy1-3/+10
2017-07-14dpdk: update buildSergio Gonzalez Monroy1-28/+31
2017-06-24make: Fix parallel building with some container platforms (VPP-880)Chris Luke1-1/+7
2017-05-31Revert "dpdk: build sw cryptodev support with make verify"Peter Mikus1-9/+4
2017-05-30dpdk: build sw cryptodev support with make verifySergio Gonzalez Monroy1-4/+9
2017-05-17dpdk: disable 16-bit descriptors for X710/XL710Damjan Marion1-2/+1
2017-05-15dpdk: revert dpdk 17.05 change which causes virtio issuesDamjan Marion5-244/+59
2017-05-11dpdk: bump to dpdk 17.05Damjan Marion1-4/+5
2017-04-25Add support for 32-bit x86 compilation in MakefilesDamjan Marion1-3/+5
2017-03-31dpdk: add support for Mellanox ConnectX-5 devicesDamjan Marion9-1/+1703
2017-03-22dpdk: fix plugin linking with sw crypto librariesSergio Gonzalez Monroy1-19/+26
2017-02-28dpdk: retire support for dpdk 16.07Damjan Marion12-41832/+0
2017-02-21cryptodev: Automatically download and build ISA-L Crypto libraryRadu Nicolau1-1/+20
2017-02-20dpdk: updated build to automatically download Intel(R) Multi-Buffer Crypto fo...Radu Nicolau1-0/+22
2017-02-17dpdk: bump to DPDK 17.02Damjan Marion1-2/+3
2017-02-07Multiple platofrm support for dpdk/Makefile, fix optimizationsDamjan Marion1-27/+25
2017-02-02ENIC driver patch to fix MAC address add and removeSteve Shin2-1/+123
2017-01-31Bump up PKG_SUFFIX to vpp3Steve Shin1-1/+1
2017-01-30This patch fixes a bug in replaying MAC address to the hardwareSteve Shin1-0/+83
2017-01-27dpdk: rework cryptodev ipsec build and setupSergio Gonzalez Monroy1-5/+5
2017-01-21Fix cosmetic issue in dpdk/MakefileDamjan Marion1-1/+1
2017-01-20Add dpdk development packagingDamjan Marion8-32/+213
2017-01-02dpdk: do not build igb_uio moduleDamjan Marion1-0/+1
2016-12-26dpdk: Add support for Mellanox ConnectX-4 devicesDamjan Marion1-1/+3
2016-11-30dpdk patch: virtio: tx with can_push when VERSION_1 is setPierre Pfister1-0/+38
2016-11-28dpdk: add ipsec cryptodev supportSergio Gonzalez Monroy1-0/+4
2016-11-24dpdk: remove old patchesDamjan Marion65-50996/+0
2016-11-23dpdk: switch to 16.11Damjan Marion2-2/+1
2016-11-14dpdk: add build support for DPDK 16.11 releaseDamjan Marion1-1/+1
2016-11-09dpdk: bump to 16.11-rc3 releaseDamjan Marion1-1/+1
2016-10-26dpdk: enable building with dpdk 16.11-rc1Damjan Marion1-0/+1
2016-09-12DPDK virtio patch: Enable indirect descriptor featuresPierre Pfister1-0/+34
2016-08-25VPP-345: pull in upstream checksum patch for ICMP packetsSean Chandler1-0/+18
2016-08-12VPP: NXP dpaa2 platform porting to dpdk-16.07Sachin1-0/+40106
2016-08-11Rename DPDK-16.07 patch file from 0007... to 0008... to avoid conflictJohn Lo1-0/+0
pan class="k">- Example to enable iOAM data insertion for all the packets towards IPv6 address db06::06: vpp# classify table miss-next node ip6-lookup mask l3 ip6 dst vpp# classify session acl-hit-next node ip6-add-hop-by-hop table-index 0 match l3 ip6 dst db06::06 vpp# set int input acl intfc GigabitEthernet0/0/0 ip6-table 0 - **Enable tracing** : Specify node ID, maximum number of nodes for which trace data should be recorded, type of data to be included for recording, optionally application data to be included - Example to enable tracing with a maximum of 4 nodes recorded and the data to be recorded to include - hop limit, node id, ingress and egress interface IDs, timestamp (millisecond precision), application data (0x1234): vpp# set ioam rewrite trace-type 0x1f trace-elts 4 trace-tsp 1 node-id 0x1 app-data 0x1234 #### On in-band OAM transit node - The transit node requires trace type, timestamp precision, node ID and optionally application data to be configured, to update its node data in the trace option. Example: vpp# set ioam rewrite trace-type 0x1f trace-elts 4 trace-tsp 1 node-id 0x2 app-data 0x1234 #### On the In-band OAM decapsulating node - The decapsulating node similar to encapsulating node requires **classification** of the packets to remove iOAM data from. - Example to decapsulate iOAM data for packets towards db06::06, configure classifier and enable it as an ACL as follows: vpp# classify table miss-next node ip6-lookup mask l3 ip6 dst vpp# classify session acl-hit-next node ip6-lookup table-index 0 match l3 ip6 dst db06::06 opaque-index 100 vpp# set int input acl intfc GigabitEthernet0/0/0 ip6-table 0 - Decapsulating node requires trace type, timestamp precision, node ID and optionally application data to be configured, to update its node data in the trace option before it is decapsulated. Example: vpp# set ioam rewrite trace-type 0x1f trace-elts 4 trace-tsp 1 node-id 0x3 app-data 0x1234 ### Proof of Transit configuration For details on proof-of-transit, see the IETF draft [iOAM-ietf-proof-of-transit]. To enable Proof of Transit all the nodes that participate and hence are verified for transit need a proof of transit profile. A script to generate a proof of transit profile as per the mechanism described in [iOAM-ietf-proof-of-transit] will be available at [iOAM-Devnet]. The Proof of transit mechanism implemented here is based on Shamir's Secret Sharing algorithm. The overall algorithm uses two polynomials POLY-1 and POLY-2. The degree of polynomials depends on number of nodes to be verified for transit. POLY-1 is secret and constant. Each node gets a point on POLY-1 at setup-time and keeps it secret. POLY-2 is public, random and per packet. Each node is assigned a point on POLY-1 and POLY-2 with the same x index. Each node derives its point on POLY-2 each time a packet arrives at it. A node then contributes its points on POLY-1 and POLY-2 to construct POLY-3 (POLY-3 = POLY-1 + POLY-2) using lagrange extrapolation and forwards it towards the verifier by updating POT data in the packet. The verifier constructs POLY-3 from the accumulated value from all the nodes and its own points on POLY-1 and POLY-2 and verifies whether POLY-3 = POLY-1 + POLY-2. Only the verifier knows POLY-1. The solution leverages finite field arithmetic in a field of size "prime number" for reasons explained in description of Shamir's secret sharing algorithm. Here is an explanation of POT profile list and profile configuration CLI to realize the above mechanism. It is best to use the script provided at [iOAM-Devnet] to generate this configuration. - **Create POT profile** : set pot profile name <string> id [0-1] [validator-key 0xu64] prime-number 0xu64 secret_share 0xu64 lpc 0xu64 polynomial2 0xu64 bits-in-random [0-64] - name : Profile list name. - id : Profile id, it can be 0 or 1. A maximum of two profiles can be configured per profile list. - validator-key : Secret key configured only on the verifier/decapsulating node used to compare and verify proof of transit. - prime-number : Prime number for finite field arithmetic as required by the proof of transit mechanism. - secret_share : Unique point for each node on the secret polynomial POLY-1. - lpc : Lagrange Polynomial Constant(LPC) calculated per node based on its point (x value used for evaluating the points on the polynomial) on the polynomial used in lagrange extrapolation for reconstructing polynomial (POLY-3). - polynomial2 : Is the pre-evaluated value of the point on 2nd polynomial(POLY-2). This is unique for each node. It is pre-evaluated for all the coefficients of POLY-2 except for the constant part of the polynomial that changes per packet and is received as part of the POT data in the packet. - bits-in-random : To control the size of the random number to be generated. This number has to match the other numbers generated and used in the profile as per the algorithm. - **Set a configured profile as active/in-use** : set pot profile-active name <string> ID [0-1] - name : Name of the profile list to be used for computing POT data per packet. - ID : Identifier of the profile within the list to be used. #### On In-band OAM encapsulating node - Configure the classifier and apply ACL to select packets for iOAM data insertion. - Example to enable iOAM data insertion for all the packet towards IPv6 address db06::06 - vpp# classify table miss-next node ip6-lookup mask l3 ip6 dst vpp# classify session acl-hit-next node ip6-add-hop-by-hop table-index 0 match l3 ip6 dst db06::06 vpp# set int input acl intfc GigabitEthernet0/0/0 ip6-table 0 - Configure the proof of transit profile list with profiles. Each profile list referred to by a name can contain 2 profiles, only one is in use for updating proof of transit data at any time. - Example profile list example with a profile generated from the script to verify transit through 3 nodes is: vpp# set pot profile name example id 0 prime-number 0x7fff0000fa884685 secret_share 0x6c22eff0f45ec56d lpc 0x7fff0000fa884682 polynomial2 0xffb543d4a9c bits-in-random 63 - Enable one of the profiles from the configured profile list as active so that is will be used for calculating proof of transit Example enable profile ID 0 from profile list example configured above: vpp# set pot profile-active name example ID 0 - Enable POT option to be inserted vpp# set ioam rewrite pot #### On in-band OAM transit node - Configure the proof of transit profile list with profiles for transit node. Example: vpp# set pot profile name example id 0 prime-number 0x7fff0000fa884685 secret_share 0x564cdbdec4eb625d lpc 0x1 polynomial2 0x23f3a227186a bits-in-random 63 #### On in-band OAM decapsulating node / verifier - The decapsulating node, similar to the encapsulating node requires classification of the packets to remove iOAM data from. - Example to decapsulate iOAM data for packets towards db06::06 configure classifier and enable it as an ACL as follows: vpp# classify table miss-next node ip6-lookup mask l3 ip6 dst vpp# classify session acl-hit-next node ip6-lookup table-index 0 match l3 ip6 dst db06::06 opaque-index 100 vpp# set int input acl intfc GigabitEthernet0/0/0 ip6-table 0 - To update and verify the proof of transit, POT profile list should be configured. - Example POT profile list configured as follows: vpp# set pot profile name example id 0 validate-key 0x7fff0000fa88465d prime-number 0x7fff0000fa884685 secret_share 0x7a08fbfc5b93116d lpc 0x3 polynomial2 0x3ff738597ce bits-in-random 63 ## Operational data Following CLIs are available to check iOAM operation: - To check iOAM configuration that are effective use "show ioam summary" Example: vpp# show ioam summary REWRITE FLOW CONFIGS - Not configured HOP BY HOP OPTIONS - TRACE CONFIG - Trace Type : 0x1f (31) Trace timestamp precision : 1 (Milliseconds) Num of trace nodes : 4 Node-id : 0x2 (2) App Data : 0x1234 (4660) POT OPTION - 1 (Enabled) Try 'show ioam pot and show pot profile' for more information - To find statistics about packets for which iOAM options were added (encapsulating node) and removed (decapsulating node) execute *show errors* Example on encapsulating node: vpp# show error Count Node Reason 1208804706 ip6-inacl input ACL hits 1208804706 ip6-add-hop-by-hop Pkts w/ added ip6 hop-by-hop options Example on decapsulating node: vpp# show error Count Node Reason 69508569 ip6-inacl input ACL hits 69508569 ip6-pop-hop-by-hop Pkts w/ removed ip6 hop-by-hop options - To check the POT profiles use "show pot profile" Example: vpp# show pot profile Profile list in use : example POT Profile at index: 0 ID : 0 Validator : False (0) Secret share : 0x564cdbdec4eb625d (6218586935324795485) Prime number : 0x7fff0000fa884685 (9223090566081300101) 2nd polynomial(eval) : 0x23f3a227186a (39529304496234) LPC : 0x1 (1) Bit mask : 0x7fffffffffffffff (9223372036854775807) Profile index in use: 0 Pkts passed : 0x36 (54) - To get statistics of POT for packets use "show ioam pot" Example at encapsulating or transit node: vpp# show ioam pot Pkts with ip6 hop-by-hop POT options - 54 Pkts with ip6 hop-by-hop POT options but no profile set - 0 Pkts with POT in Policy - 0 Pkts with POT out of Policy - 0 Example at decapsulating/verification node: vpp# show ioam pot Pkts with ip6 hop-by-hop POT options - 54 Pkts with ip6 hop-by-hop POT options but no profile set - 0 Pkts with POT in Policy - 54 Pkts with POT out of Policy - 0 - Tracing - enable trace of IPv6 packets to view the data inserted and collected. Example when the nodes are receiving data over a DPDK interface: Enable tracing using "trace add dpdk-input 20" and execute "show trace" to view the iOAM data collected: vpp# trace add dpdk-input 20 vpp# show trace ------------------- Start of thread 0 vpp_main ------------------- Packet 1 00:00:19:294697: dpdk-input GigabitEthernetb/0/0 rx queue 0 buffer 0x10e6b: current data 0, length 214, free-list 0, totlen-nifb 0, trace 0x0 PKT MBUF: port 0, nb_segs 1, pkt_len 214 buf_len 2176, data_len 214, ol_flags 0x0, data_off 128, phys_addr 0xe9a35a00 packet_type 0x0 IP6: 00:50:56:9c:df:72 -> 00:50:56:9c:be:55 IP6_HOP_BY_HOP_OPTIONS: db05::2 -> db06::6 tos 0x00, flow label 0x0, hop limit 63, payload length 160 00:00:19:294737: ethernet-input IP6: 00:50:56:9c:df:72 -> 00:50:56:9c:be:55 00:00:19:294753: ip6-input IP6_HOP_BY_HOP_OPTIONS: db05::2 -> db06::6 tos 0x00, flow label 0x0, hop limit 63, payload length 160 00:00:19:294757: ip6-lookup fib 0 adj-idx 15 : indirect via db05::2 flow hash: 0x00000000 IP6_HOP_BY_HOP_OPTIONS: db05::2 -> db06::6 tos 0x00, flow label 0x0, hop limit 63, payload length 160 00:00:19:294802: ip6-hop-by-hop IP6_HOP_BY_HOP: next index 5 len 96 traced 96 Trace Type 0x1f , 1 elts left [0] ttl 0x0 node ID 0x0 ingress 0x0 egress 0x0 ts 0x0 app 0x0 [1] ttl 0x3e node ID 0x3 ingress 0x1 egress 0x2 ts 0xb68c2213 app 0x1234 [2] ttl 0x3f node ID 0x2 ingress 0x1 egress 0x2 ts 0xb68c2204 app 0x1234 [3] ttl 0x40 node ID 0x1 ingress 0x5 egress 0x6 ts 0xb68c2200 app 0x1234 POT opt present random = 0x577a916946071950, Cumulative = 0x10b46e78a35a392d, Index = 0x0 00:00:19:294810: ip6-rewrite tx_sw_if_index 1 adj-idx 14 : GigabitEthernetb/0/0 IP6: 00:50:56:9c:be:55 -> 00:50:56:9c:df:72 flow hash: 0x00000000 IP6: 00:50:56:9c:be:55 -> 00:50:56:9c:df:72 IP6_HOP_BY_HOP_OPTIONS: db05::2 -> db06::6 tos 0x00, flow label 0x0, hop limit 62, payload length 160 00:00:19:294814: GigabitEthernetb/0/0-output GigabitEthernetb/0/0 IP6: 00:50:56:9c:be:55 -> 00:50:56:9c:df:72 IP6_HOP_BY_HOP_OPTIONS: db05::2 -> db06::6 tos 0x00, flow label 0x0, hop limit 62, payload length 160 00:00:19:294820: GigabitEthernetb/0/0-tx GigabitEthernetb/0/0 tx queue 0 buffer 0x10e6b: current data 0, length 214, free-list 0, totlen-nifb 0, trace 0x0 IP6: 00:50:56:9c:be:55 -> 00:50:56:9c:df:72 IP6_HOP_BY_HOP_OPTIONS: db05::2 -> db06::6 tos 0x00, flow label 0x0, hop limit 62, payload length 160 [iOAM-Devnet]: <https://github.com/ciscodevnet/iOAM> [iOAM-ietf-requirements]:<https://tools.ietf.org/html/draft-brockners-inband-oam-requirements-01> [iOAM-ietf-transport]:<https://tools.ietf.org/html/draft-brockners-inband-oam-transport-01> [iOAM-ietf-data]:<https://tools.ietf.org/html/draft-brockners-inband-oam-data-01> [iOAM-ietf-proof-of-transit]:<https://tools.ietf.org/html/draft-brockners-proof-of-transit-01>