Age | Commit message (Collapse) | Author | Files | Lines |
|
Change-Id: Ic86617c9c3217122043656ce2ea70bb106df5b2d
Signed-off-by: Neale Ranns <nranns@cisco.com>
|
|
there are, intentionally, no validation checks in the ARP/ND code to prevent an ARP/ND entry from being installed for an address that is not local to the interface's sub-net. This is ok, since the adjacency/FIB code is designed to handle this case using the 'refinement' criteria - i.e. only installing a FIB entry for the address if the address 'refines' (i.e. is more specific than) the interface's sub-net.
However, the refinement criteria currently operates on the FIB entry's prefix (which is a /32, so on the address) and not on the next-hop in the path.
So, enter multiple ARP entries for the same address on different links, and this refinement criteria uses only the last added path, and so will remove the FIB entry should the ARP entries be added in the 'wrong' order.
This fix updates the refinement criteria to work on each path of the FIB entry. The entry is installed if one of the paths refines the covers and only paths refining the cover contribute forwarding.
Per-path refinement checks are stored in path-extensions. The patch is rather large as path-extension, which were previously used only for out-going MPLS labels, have been generalized.
Change-Id: I00be359148cb948c32c52109e832a70537a7920a
Signed-off-by: Neale Ranns <nranns@cisco.com>
|
|
Change-Id: Ia91c3e8cb27b9e4c1cccefc0a4857dd9995450ab
Signed-off-by: Neale Ranns <nranns@cisco.com>
|
|
Change-Id: I961685a2a0e4c314049444c64eb6ccf877c278dd
Signed-off-by: Pablo Camarillo <pcamaril@cisco.com>
|
|
Change-Id: If088e75801831befc6bddb77ea20abe9288b93c4
Signed-off-by: Neale Ranns <nranns@cisco.com>
|
|
- the flow hash config is (and was) cached on the load-balance object so the fib_table_t struct is not used a switch time. Therefore changes to the table's flow hash config need to be propagated to all load-balances and hance all FIB entries in the table.
- enable API for setting the IPv6 table flow hash config
- use only the hash config in the fib_table_t object and not on the ipX_fib_t
- add tests.
Change-Id: Ib804c11162c6d4972c764957562c372f663e05d4
Signed-off-by: Neale Ranns <nranns@cisco.com>
|
|
- only build them for popular path-lists (where popular means more than 64 children)
the reason to have a map is to improve convergence speed for recursive prefixes - if there are only a few this technique is not needed
- only build them when there is at least one path that has recursive constraints, i.e. a path that can 'fail' in a PIC scenario.
- Use the MAPS in the switch path.
- PIC test cases for functionality (not convergence performance)
Change-Id: I70705444c8469d22b07ae34be82cfb6a01358e10
Signed-off-by: Neale Ranns <nranns@cisco.com>
|
|
Change-Id: Iec67ae1232e346d5e0000e0b4c997fdc31865bc6
Signed-off-by: Neale Ranns <nranns@cisco.com>
|
|
tests). The DPO was incorrectly initialised with FIB_PROTO_MAX
Change-Id: I962df9e162e4dfb6837a5ce79ea795d5ff2d7315
Signed-off-by: Neale Ranns <nranns@cisco.com>
|
|
Change-Id: Ic07ec5d4c2560a414d5f4f7eb37e10faf591664a
Signed-off-by: Neale Ranns <nranns@cisco.com>
|
|
Change-Id: Ic16bc10d0b2877b2afdf052615f9334f31b9519f
Signed-off-by: Neale Ranns <nranns@cisco.com>
|
|
1 - interface-DPO
Used in the Data-plane to change a packet's input interface
2 - MPLS multicast FIB entry
Same as a unicast entry but it links to a replicate not a load-balance DPO
3 - Multicast MPLS tunnel
Update MPLS tunnels to use a FIB path-list to describe the endpoint[s]. Use the path-list to generate the forwarding chain (DPOs) to link to .
4 - Resolve a path via a local label (of an mLDP LSP)
For IP multicast entries to use an LSP in the replication list, we need to decribe the 'resolve-via-label' where the label is that of a multicast LSP.
5 - MPLS disposition path sets RPF-ID
For a interface-less LSP (i.e. mLDP not RSVP-TE) at the tail of the LSP we still need to perform an RPF check. An MPLS disposition DPO performs the MPLS pop validation checks and sets the RPF-ID in the packet.
6 - RPF check with per-entry RPF-ID
An RPF-ID is used instead of a real interface SW if index in the case the IP traffic arrives from an LSP that does not have an associated interface.
Change-Id: Ib92e177be919147bafeb599729abf3d1abc2f4b3
Signed-off-by: Neale Ranns <nranns@cisco.com>
|
|
- single-hop BFD: attach a delegate to the appropriate adjacency
- multi-hop BFD [not supported yet]: attach a delegate to the FIB entry.
adjacency/fib_entry state tracks the BFD session state. when the state is down the object does not contribute forwarding hence and hence dependent objects will not use it.
For example, if a route is ECMP via two adjacencies and one of them is BFD down, then only the other is used to forward (i.e. we don't drop half the traffic).
Change-Id: I0ef53e20e73b067001a132cd0a3045408811a822
Signed-off-by: Neale Ranns <nranns@cisco.com>
|
|
1) 16-8-8 stride. Reduce trie depth walk traded with increased memory in the top PLY.
2) separate the vector of protocol-independent (PI) fib_table_t with the vector of protocol dependent (PD) FIBs. PD FIBs are large structures, we don't want to burn the memory for ech PD type
3) Go straight to the PD FIB in the data-path thus avoiding an indirection through, e.g., a PLY pool.
Change-Id: I800d1ed0b2049040d5da95213f3ed6b12bdd78b7
Signed-off-by: Neale Ranns <nranns@cisco.com>
|
|
Change-Id: If1c68fc63fa71fab198f2bf4f79bdd7a9841c2e8
Signed-off-by: shwethab <shwetha.bhandari@gmail.com>
Signed-off-by: Pablo Camarillo <pcamaril@cisco.com>
|
|
1 - make the default route non-special, i.e. like any other less specific route. Consequently, all buckets have a valid valid index of either a leaf or a ply. Checks for special indeices in the data-path can thus be removed.
2 - since all leaves are now 'real' i.e. they represent a real load-balance object, to tell if a ply slot is 'empty' requeirs chekcing that the prefix length of the leaf occupying the slot is slot than the minium value for that ply.
3 - when removing a leaf find the cover first, then recurse down the ply and replace the old leaf with the cover. This saves us a ply walk.
Change-Id: Idd523019e8bb1b6ef527b1f5279a5e24bcf18332
Signed-off-by: Neale Ranns <nranns@cisco.com>
|
|
Change-Id: Ib2189d01e8bc61de57404159690fb70f89c47277
Signed-off-by: Neale Ranns <nranns@cisco.com>
|
|
allow this config to function:
set int ip address loop0 169.254.1.1/32 (the default GW address for attached hosts)
set int unnumbered af_packet0 use loop0 ('enable' IP on the host interface)
ip route add 192.168.1.1/32 via af_packet0 (where to find the host)
repeat for each host and host interface.
Inter-host communication is throught the /32 routes.
To allow this:
1 - attached host routes have the ATTACHED flag set, so the ARP code accepts then as legitimate sources
2 - unnumbered interfaces inherit the source address from the IP interface
Change-Id: Ib66c5f0e848c528f79372813adc3a0c11b50717f
Signed-off-by: Neale Ranns <nranns@cisco.com>
|
|
Change-Id: I3fa2f35056b74e479288bb956f2713f727a81c72
Signed-off-by: Neale Ranns <nranns@cisco.com>
|
|
Change-Id: I7e8556af833ca0e00fadc96dcd2077ff1104541b
Signed-off-by: Neale Ranns <nranns@cisco.com>
|
|
Change-Id: I9ea16881caf7aee57f0daf4ac2e8b82c672f87e9
Signed-off-by: Neale Ranns <nranns@cisco.com>
|
|
bridging. That is hosts in one sub-net reachable via differenet interfaces.
Introducate a new API command:
ip6 nd proxy <host-address> <interface>
this indicates 2 things;
1) that host <host-address> is reachable out of interface <interface>. VPP will thus install that route.
2) NS requests sent to <host-address> will be responeded to (i.e. proxied).
Change-Id: I863f967fdb5097ab3b574769c70afdbfc8d5478a
Signed-off-by: Neale Ranns <nranns@cisco.com>
|
|
Change-Id: I6d2afda991d771fb4a89fc3f6544f8e940a9b9f0
Signed-off-by: Shwetha Bhandari <shwethab@cisco.com>
|
|
Change-Id: I063d85200d12b09545ae1c373c7fc69112ae3b34
Signed-off-by: Neale Ranns <nranns@cisco.com>
|
|
the path-extension vector
Change-Id: I8bd8f6917ace089edb1f65bd017b478ee198c03f
Signed-off-by: Neale Ranns <nranns@cisco.com>
|
|
Change-Id: I0ccb337eb0ed50ccc64193533cd816f6e36e6db5
Signed-off-by: Neale Ranns <nranns@cisco.com>
|
|
the lock count on the entry did not drop to zero
Change-Id: I6e2dff8c3c7976fd1c2e4c5258f5dc73123aa9b7
Signed-off-by: Neale Ranns <nranns@cisco.com>
|
|
Add IP[46] MFIB dump.
Change-Id: I4a2821f65e67a5416b291e4912c84f64989883b8
Signed-off-by: Neale Ranns <nranns@cisco.com>
|
|
File vnet/fib/fib_urpf_list.h was included in vnet/fib/ip6_fib.h but was
exported to be installed in /usr/include/vnet. So out-of-tree builds
relying on an installed package was failing.
Fix is to inlcude fib_urpf_list.h in source file rather than including
it in header file.
Change-Id: Iae39c1d9417dbd31ee67fa1bd2d1915d5e813c73
Signed-off-by: AkshayaNadahalli <anadahal@cisco.com>
|
|
Change-Id: I97fedb0f70dd18ed9bbe985407cc5fe714e8a2e2
Signed-off-by: Florin Coras <fcoras@cisco.com>
|
|
Currently ip6 local check fails with error - source lookup miss if
route to source of packet is over a dpo object such as load balance -
recurssive route, tunnel adj - GRE, SR etc.
So unless packet source is of a directly connected neibhor or has
route with both interface and nexthop specified, it will be dropped.
Fix is to check urpf list and if at least one link exists in the list,
then allow packets to be processed, else drop.
Change-Id: Id426311bb63bab506754a79409c602fdb6d0f190
Signed-off-by: AkshayaNadahalli <anadahal@cisco.com>
|
|
- IPv[46] mfib tables with support for (*,G/m), (*,G) and (S,G) exact and longest prefix match
- Replication represented via a new replicate DPO.
- RPF configuration and data-plane checking
- data-plane signals sent to listening control planes.
The functions of multicast forwarding entries differ from their unicast conterparts, so we introduce a new mfib_table_t and mfib_entry_t objects. However, we re-use the fib_path_list to resolve and build the entry's output list. the fib_path_list provides the service to construct a replicate DPO for multicast.
'make tests' is added to with two new suites; TEST=mfib, this is invocation of the CLI command 'test mfib' which deals with many path add/remove, flag set/unset scenarios, TEST=ip-mcast, data-plane forwarding tests.
Updated applications to use the new MIFB functions;
- IPv6 NS/RA.
- DHCPv6
unit tests for these are undated accordingly.
Change-Id: I49ec37b01f1b170335a5697541c8fd30e6d3a961
Signed-off-by: Neale Ranns <nranns@cisco.com>
|
|
Change-Id: I8ec6d53fa9c0790f85802663f70a6b3630239f8d
Signed-off-by: Neale Ranns <neale.ranns@cisco.com>
|
|
1) vec_free the fe_srcs of a fib_entry_t when the fib_entry_t is itself reed
2) in the load-balance fixup if a drop path is required add this to a new vector of next-hops 'fixed_nhs'. This vector is managed by the load-balance function. The caller continues to manage its own set. The function is now const implying that the caller is safe to assume the next-hops do not change.
Change-Id: I0f29203ee16b9a270f40edf237488fa99ba65320
Signed-off-by: Neale Ranns <nranns@cisco.com>
Signed-off-by: Neale Ranns <neale.ranns@cisco.com>
|
|
Change-Id: I7b51f88292e057c6443b12224486f2d0c9f8ae23
Signed-off-by: Damjan Marion <damarion@cisco.com>
|