summaryrefslogtreecommitdiffstats
path: root/test/vpp_bond_interface.py
AgeCommit message (Collapse)AuthorFilesLines
2021-05-13tests: move test source to vpp/testDave Wallace1-0/+52
- Generate copyright year and version instead of using hard-coded data Type: refactor Signed-off-by: Dave Wallace <dwallacelf@gmail.com> Change-Id: I6058f5025323b3aa483f5df4a2c4371e27b5914e
2021-01-08tests: move bond tests to src/vnet/bonding/testDave Wallace1-52/+0
- Refactor make test code to be co-located with the vpp feature source code. Type: test Signed-off-by: Dave Wallace <dwallacelf@gmail.com> Change-Id: I056717261553f6449f5fcd3611b6ae3895a00ba6
2020-09-02bonding: add bond_create2 API to include gso optionSteven Luong1-7/+11
gso option is available for the debug CLI version of bond create. This patch is to create a new API to have the corresponding option in the binary API. The old binary API bond_create is marked deprecated. Type: improvement Signed-off-by: Steven Luong <sluong@cisco.com> Change-Id: Id9501b8e6d267ae09e2b411957f181343da459c0
2020-07-28bonding lacp: replace slave string with memberSteven Luong1-9/+9
- Replace textual string slave with member except APIs. - For APIs, mark the existing APIs as deprecated and introduce new APIs - While introducing sw_bond_interface_dump, add the optional filter by sw_if_index and enhance the testcases to make use of it. Type: improvement Signed-off-by: Steven Luong <sluong@cisco.com> Change-Id: Ib6626c514e45350308aeeda0decb70f3aba2f63e
2019-09-06bonding: add weight support for active-backup modeSteven Luong1-2/+2
Not all interfaces have the same characteristics within the bonding group. For active-backup mode, we should do our best to select the slave that performs the best as the primary slave. We already did that by preferring the slave that is local numa. Sometimes, this is not enough. For example, when all are local numas, the selection is arbitrary. Some slave interfaces may have higher speed or better qos than the others. But this is hard to infer. One rule does not fit all. So we let the operator to optionally specify the weight for each slave interface. Our primary slave selection rule is now 1. biggest weight 2. is local numa 3. current primary slave (to avoid churn) 4. lowest sw_if_index (for deterministic behavior) This selection rule only applies to active-backup mode which only one slave is used for forwarding traffic until it becomes unreachable. At that time, the next "best" slave candidate is automatically promoted. The slaves are sorted according to the preference rule when they are up. So there is no need to find the next best candidate when the primary slave goes down. Another good thing about this rule is when the down slave comes back up, it is selected as the primary slave again unless there is indeed a "better" slave than this down slave that were added during that period. To set the weight for the slave interface, do this after the interface is enslaved set interface bond <interface-name> weight <value> Type: feature Signed-off-by: Steven Luong <sluong@cisco.com> Change-Id: I59ced6d20ce1dec532e667dbe1afd1b4243e04f9
2019-07-19bonding: add support for numa-only in lacp modeZhiyong Yang1-1/+3
If numa-only is set, Only slaves on local numa node transmit pkts if have at least one, otherwise the bond interface works as usual. CLI change: create bond mode lacp [load-balance { l2 | l23 | l34 } {numa-only}] [hw-addr <mac-address>] [id <if-id>] The new member "u8 numa_only;" is also added to bond_create_if_args_t. Type: feature Change-Id: Icdccedafb0738d8c9d4a5acce909ce562428c071 Signed-off-by: Zhiyong Yang <zhiyong.yang@intel.com>
2018-06-24Revert "Revert "make test: fix broken interfaces""Klement Sekera1-3/+2
This reverts commit c8efa29b6f9a91381897b54f1147daf922ed7164. Change-Id: I1d5c5773d5f86a63073e255336bd9de628e26179 Signed-off-by: Klement Sekera <ksekera@cisco.com>
2018-06-22Revert "make test: fix broken interfaces"Ole Troan1-2/+3
This reverts commit d5c60b96a3fd93916fc4af5c8d6d25625c28242e. Change-Id: I3632b9c3f76c615aee897f28f76d094e7031e689 Signed-off-by: Ole Troan <ot@cisco.com>
2018-06-22make test: fix broken interfacesKlement Sekera1-3/+2
Change-Id: I2e092774f81503e04b53cc6c6b5d357fe3fc52ab Signed-off-by: Klement Sekera <ksekera@cisco.com>
2018-05-23make test: VPP-1288 fix from sw_if_index valuesKlement Sekera1-2/+1
Change-Id: I80297e78d93d8cf0d347863e4d2fdb12ea9294ac Signed-off-by: Klement Sekera <ksekera@cisco.com>
2018-03-21bond: Add bonding driver and LACP protocolSteven1-0/+48
Add bonding driver to support creation of bond interface which composes of multiple slave interfaces. The slave interfaces could be physical interfaces, or just any virtual interfaces. For example, memif interfaces. The syntax to create a bond interface is create bond mode <lacp | xor | acitve-backup | broadcast | round-robin> To enslave an interface to the bond interface, enslave interface TenGigabitEthernet6/0/0 to BondEthernet0 Please see src/plugins/lacp/lacp_doc.md for more examples and additional options. LACP is a control plane protocol which manages and monitors the status of the slave interfaces. The protocol is part of 802.3ad standard. This patch implements LACPv1. LACPv2 is not supported. To enable LACP on the bond interface, specify "mode lacp" when the bond interface is created. The syntax to enslave a slave interface is the same as other bonding modes. Change-Id: I06581d3b87635972f9f0e1ec50b67560fc13e26c Signed-off-by: Steven <sluong@cisco.com>
88 } /* Name.Builtin.Pseudo */ .highlight .fm { color: #0066bb; font-weight: bold } /* Name.Function.Magic */ .highlight .vc { color: #336699 } /* Name.Variable.Class */ .highlight .vg { color: #dd7700 } /* Name.Variable.Global */ .highlight .vi { color: #3333bb } /* Name.Variable.Instance */ .highlight .vm { color: #336699 } /* Name.Variable.Magic */ .highlight .il { color: #0000DD; font-weight: bold } /* Literal.Number.Integer.Long */ }
/*
 * ipsec_if_in.c : IPSec interface input node
 *
 * Copyright (c) 2015 Cisco and/or its affiliates.
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
 * You may obtain a copy of the License at:
 *
 *     http://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS,
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 * See the License for the specific language governing permissions and
 * limitations under the License.
 */

#include <vnet/vnet.h>
#include <vnet/api_errno.h>
#include <vnet/ip/ip.h>

#include <vnet/ipsec/ipsec.h>
#include <vnet/ipsec/esp.h>

/* Statistics (not really errors) */
#define foreach_ipsec_if_input_error    \
_(RX, "good packets received")

static char *ipsec_if_input_error_strings[] = {
#define _(sym,string) string,
  foreach_ipsec_if_input_error
#undef _
};

typedef enum
{
#define _(sym,str) IPSEC_IF_INPUT_ERROR_##sym,
  foreach_ipsec_if_input_error
#undef _
    IPSEC_IF_INPUT_N_ERROR,
} ipsec_if_input_error_t;

typedef enum
{
  IPSEC_IF_INPUT_NEXT_ESP_DECRYPT,
  IPSEC_IF_INPUT_NEXT_DROP,
  IPSEC_IF_INPUT_N_NEXT,
} ipsec_if_input_next_t;

typedef struct
{
  u32 spi;
  u32 seq;
} ipsec_if_input_trace_t;


u8 *
format_ipsec_if_input_trace (u8 * s, va_list * args)
{
  CLIB_UNUSED (vlib_main_t * vm) = va_arg (*args, vlib_main_t *);
  CLIB_UNUSED (vlib_node_t * node) = va_arg (*args, vlib_node_t *);
  ipsec_if_input_trace_t *t = va_arg (*args, ipsec_if_input_trace_t *);

  s = format (s, "IPSec: spi %u seq %u", t->spi, t->seq);
  return s;
}

static uword
ipsec_if_input_node_fn (vlib_main_t * vm, vlib_node_runtime_t * node,
			vlib_frame_t * from_frame)
{
  ipsec_main_t *im = &ipsec_main;
  u32 *from, *to_next = 0, next_index;
  u32 n_left_from;

  from = vlib_frame_vector_args (from_frame);
  n_left_from = from_frame->n_vectors;
  next_index = node->cached_next_index;

  while (n_left_from > 0)
    {
      u32 n_left_to_next;

      vlib_get_next_frame (vm, node, next_index, to_next, n_left_to_next);

      while (n_left_from > 0 && n_left_to_next > 0)
	{
	  u32 bi0, next0;
	  vlib_buffer_t *b0;
	  ip4_header_t *ip0;
	  esp_header_t *esp0;
	  uword *p;

	  bi0 = to_next[0] = from[0];
	  from += 1;
	  n_left_from -= 1;
	  to_next += 1;
	  n_left_to_next -= 1;
	  b0 = vlib_get_buffer (vm, bi0);
	  ip0 = vlib_buffer_get_current (b0);
	  esp0 = (esp_header_t *) ((u8 *) ip0 + ip4_header_bytes (ip0));

	  next0 = IPSEC_IF_INPUT_NEXT_DROP;

	  u64 key = (u64) ip0->src_address.as_u32 << 32 |
	    (u64) clib_net_to_host_u32 (esp0->spi);

	  p = hash_get (im->ipsec_if_pool_index_by_key, key);

	  if (p)
	    {
	      ipsec_tunnel_if_t *t;
	      t = pool_elt_at_index (im->tunnel_interfaces, p[0]);
	      vnet_buffer (b0)->ipsec.sad_index = t->input_sa_index;
	      vnet_buffer (b0)->ipsec.flags =
		t->hw_if_index == ~0 ? IPSEC_FLAG_IPSEC_GRE_TUNNEL : 0;
	      vlib_buffer_advance (b0, ip4_header_bytes (ip0));
	      next0 = IPSEC_IF_INPUT_NEXT_ESP_DECRYPT;
	    }

	  if (PREDICT_FALSE (b0->flags & VLIB_BUFFER_IS_TRACED))
	    {
	      ipsec_if_input_trace_t *tr =
		vlib_add_trace (vm, node, b0, sizeof (*tr));
	      tr->spi = clib_host_to_net_u32 (esp0->spi);
	      tr->seq = clib_host_to_net_u32 (esp0->seq);
	    }

	  vlib_validate_buffer_enqueue_x1 (vm, node, next_index, to_next,
					   n_left_to_next, bi0, next0);
	}
      vlib_put_next_frame (vm, node, next_index, n_left_to_next);
    }

  vlib_node_increment_counter (vm, ipsec_if_input_node.index,
			       IPSEC_IF_INPUT_ERROR_RX,
			       from_frame->n_vectors);

  return from_frame->n_vectors;
}

/* *INDENT-OFF* */
VLIB_REGISTER_NODE (ipsec_if_input_node) = {
  .function = ipsec_if_input_node_fn,
  .name = "ipsec-if-input",
  .vector_size = sizeof (u32),
  .format_trace = format_ipsec_if_input_trace,
  .type = VLIB_NODE_TYPE_INTERNAL,

  .n_errors = ARRAY_LEN(ipsec_if_input_error_strings),
  .error_strings = ipsec_if_input_error_strings,

  .n_next_nodes = IPSEC_IF_INPUT_N_NEXT,

  .next_nodes = {
        [IPSEC_IF_INPUT_NEXT_ESP_DECRYPT] = "esp-decrypt",
        [IPSEC_IF_INPUT_NEXT_DROP] = "error-drop",
  },
};
/* *INDENT-ON* */

VLIB_NODE_FUNCTION_MULTIARCH (ipsec_if_input_node, ipsec_if_input_node_fn)
/*
 * fd.io coding-style-patch-verification: ON
 *
 * Local Variables:
 * eval: (c-set-style "gnu")
 * End:
 */