Age | Commit message (Collapse) | Author | Files | Lines |
|
DPDK Cryptodev support and related IPsec ESP nodes using DPDK Cryptodev APIs.
When DPDK Cryptodev support is enabled, the node graph is modified by adding
and replacing some of the nodes.
The following nodes are replaced:
* esp-encrypt -> dpdk-esp-encrypt
* esp-decrypt -> dpdk-esp-decrypt
The following nodes are added:
* dpdk-crypto-input : polling input node
* dpdk-esp-encrypt-post : internal node
* dpdk-esp-decrypt-post : internal node
Change-Id: I6dca9a890abaf4fb2a4fffce3fd08ac013e4d701
Signed-off-by: Zhang, Roy Fan <roy.fan.zhang@intel.com>
Signed-off-by: Sergio Gonzalez Monroy <sergio.gonzalez.monroy@intel.com>
|
|
*Changed configure files to say DPDK instead of Intel DPDK
*Changed rpm and deb config files to say DPDK instead of Intel DPDK
*Changed vnet Makefile to say DPDK instead of Intel DPDK
Change-Id: Ic6e3eacf2341af873d4bd2e036d5afa857ca6355
Signed-off-by: Padraig Connolly <padraig.connolly@intel.com>
|
|
Change-Id: I0f7cbf06b5a5acd745d13c9f5c761ea18132107b
Signed-off-by: marek <mazavods@gmail.com>
Signed-off-by: Damjan Marion <damarion@cisco.com>
Signed-off-by: Pavel Kotucek <pkotucek@cisco.com>
Signed-off-by: Damjan Marion <damarion@cisco.com>
|
|
device-input feature arc requires that all input-nodes have
nexts in sync. packet-generator tends to call vlib_node_add_next
when new stream is created and that puts nexts out of sync.
With this change all input node are siblings of device-input
node so call to vlib_node_add_next(...) will install same next
to the whole family.
Change-Id: I33d79492e5f30f348af19e527f36fe0222c524d7
Signed-off-by: Damjan Marion <damarion@cisco.com>
|
|
It works with and without DPDK so it allws us to enable
lawful-intercept code in vpp_lite images.
Change-Id: I08f234cbc652c3ff47a6123a43b9e7f8bdcd5534
Signed-off-by: Damjan Marion <damarion@cisco.com>
|
|
Change-Id: Ie4c820933114af2269c99531856c45b0271a4a3e
Signed-off-by: Damjan Marion <damarion@cisco.com>
|
|
Signed-off-by: Damjan Marion <damarion@cisco.com>
Change-Id: I010ecde93863dbdad84b993cd3680a5446db59b5
|
|
Change-Id: Ie4a0ba57d5c672ab04fe37801836f65d8731a90a
Signed-off-by: Damjan Marion <damarion@cisco.com>
|
|
This also removes old DPDK vhost-user code which doesn't help
much with DPDK 16.07 or newer.
Change-Id: Ic996df1eaccc33acd3fa6cabeaf7381a672c2a90
Signed-off-by: Damjan Marion <damarion@cisco.com>
|
|
Add support for special routes to send ICMP unreachable or admin prohibited.
Change-Id: Ia1ac65b0e5e925c0f9ebc7824141833b4e18f05e
Signed-off-by: Neale Ranns <nranns@cisco.com>
|
|
Change-Id: Idf68266f705b0455e5ab0ac73d23c7e0f4120d5b
Signed-off-by: Dave Barach <dave@barachs.net>
Signed-off-by: Damjan Marion <damarion@cisco.com>
|
|
In order to have meaningfull IPFIX implementation we should be able
to classify all packets flowing through vpp. But existing IPv4 and IPv6
classifier nodes are called only if destination IP address is local
to vpp. This commit adds new IPv4 and IPv6 classifier nodes that should
be used for collecting flow statistics.
Change-Id: I60e60105663ba15b5200862a23bb817047fe4d1a
Signed-off-by: Juraj Sloboda <jsloboda@cisco.com>
|
|
In a heirarchical FIB performing a unicast RPF check would require the traversal of the data-plane graph to seek out all the adjacency objects and then read those to find their interface. This is not efficient. Instead, for each path-list we construct a list of unique input interfaces and link this uRPF-list against the entry in the prefix table. In the data-plane the uRPF list can be retrieved from the load-balance lookup result and the RPF check is a simple and efficient walk across the minimal interface list. The uRPF-list is maintained as the routing heirarchy changes, in a similar way to the data-plane object graph.
We also provide a knob to allow an arbitrary prefix to pass the loose check.
Change-Id: Ie7c0ae3c4483ef467cfd5b136ee0315ff98ec15b
Signed-off-by: Neale Ranns <nranns@cisco.com>
|
|
Uses existing UDP local API in order to register
requested UDP port punt to the host.
CLI: set punt udp [del] <port>
API: punt protocol <l4-protocol> [ip <ver>] [port <l4-port>] [del]
* Only UDP (l4-protocol = 17) is supported at this time
Change-Id: I9232af1c891d1ed174d77f3e0dfe60c4b9d85e40
Signed-off-by: Alex Popovsky <apopovsk@cisco.com>
|
|
add two new CLI commands:
show fib memory
show dpo memory
to display the memory usage of the FIB and DPO object types respectively.
Change-Id: I759e149a0b6fbb58d59c139362221dc33531cffa
Signed-off-by: Neale Ranns <nranns@cisco.com>
|
|
Change-Id: I0d7f9c7f41a9f9e0acb0950adedb90d45df08c2a
Signed-off-by: Neale Ranns <nranns@cisco.com>
|
|
This commit extends the vpp framework with new thread type "hqos-threads" that
runs the Hierarchical Quality of Service (HQoS) scheduler associted with output
interface. HQoS Scheduler prioritize the packets from different users and
ensures sufficient bandwidth to pass the more important traffic.
At high level, HQoS scheduler is a buffer that can temporarily store a
large number of packets. In otherwords, it is a collection of large number
of queues organized into hierarchy of 5 levels; the port (i.e. the physical
interface) is at the root of the hierarchy followed by the subport (a set
of users), the pipes (individual users), the traffic classes (each with a
strict priority) and at the leaves, the queues.
In each HQoS scheduler, three operations are performed; classification
(setting HQoS port, subport, pipe, traffic class and queue within traffic
class from packet fields), enqueue (selecting HQoS queue for the packet,
and to drop the packet if the queue is full) and dequeue (schedule the
packet based on its length and available credits, and handover the scheduled
packet to the output interface).
In vpp, the number of hqos threads will be equal to cpu cores specified in
corelist-hqos-threads parameter cpu section of the vpp configuration file.
One hqos thread can run HQoS for multiple output interfaces. A particular HQoS
instance is initialised with default parameters required to configure hqos port,
subport, pipe and queues. Some of them can be re-configured in run-time
through CLI commands as well binary APIs.
Following illustrates the sample startup configuration file with 4x worker
threads feeding 2x hqos threads that handle each HQoS for 1x output interface.
For more details on HQoS configuration please refer to DPDK Programmer's Guide.
dpdk {
socket-mem 16384,16384
dev 0000:02:00.0 {
num-rx-queues 2
hqos
}
dev 0000:06:00.0 {
num-rx-queues 2
hqos
}
num-mbufs 1000000
}
cpu {
main-core 0
corelist-workers 1, 2, 3, 4
corelist-hqos-threads 5, 6
}
Change-Id: I635c3395a7c4ddf0a239ef77b0b0a31a6dfc4767
Signed-off-by: Cristian Dumitrescu <cristian.dumitrescu@intel.com>
Signed-off-by: Jasvinder Singh <jasvinder.singh@intel.com>
|
|
Main Enhancements:
- Protocol Independent FIB API
- Hierarchical FIB entries. Dynamic recursive route resolution.
- Extranet Support.
- Integration of IP and MPLS forwarding.
- Separation of FIB and Adjacency databases.
- Data-Plane Object forwarding model.
Change-Id: I52dc815c0d0aa8b493e3cf6b978568f3cc82296c
Signed-off-by: Neale Ranns <nranns@cisco.com>
|
|
Change-Id: Iac96773e7f9028c0f09c3388893e69f67177439d
Signed-off-by: Klement Sekera <ksekera@cisco.com>
|
|
Change-Id: Id53797c795c17fbacce3659c945f5126dc9dee86
Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com>
|
|
Change-Id: If03162d328c1ea179249e734537ebb01bade3331
Signed-off-by: Dave Barach <dave@barachs.net>
|
|
Mapping of IPv4 prefixes ended up writing past IPv6 prefix + EA bits
length.
(Added some unit testing code).
Change-Id: I59893b44eea5cebf00a23afc405832741f84cf4f
Signed-off-by: Ole Troan <ot@cisco.com>
|
|
VPP-349
Change-Id: I774bab98e43d55678a67a7708ca50edbbd4cbb06
Signed-off-by: Damjan Marion <damarion@cisco.com>
|
|
GRE encapsulate layer 2 traffic and IPSec encrypt what is encapsulated by GRE.
The whole point of L2-GRE over IPSec is to tunnel layer 2 over GRE and IPSec by
bridging the physical interface with IPSec-GRE tunnel interface.
Change-Id: Ia4cf9ed407bf663770e0d8905c0ad44ce73bd23b
Signed-off-by: Matus Fabian <matfabia@cisco.com>
|
|
Change-Id: I1f82e74977de8879dec9859275afc791f0a55606
Signed-off-by: Juraj Sloboda <jsloboda@cisco.com>
|
|
Change-Id: Ia251e9d7d53e894a5666109f69e9626d27ea74cb
Signed-off-by: Dave Barach <dave@barachs.net>
Signed-off-by: Keith Burns (alagalah) <alagalah@gmail.com>
|
|
JIRA: VPP-114
If the classifier finds a matching entry, it sends packet to the policer,
packet should be pre-colored for color-aware policers.
Change-Id: I10cb53b49907137769418f230df2cab577d0f3a0
Signed-off-by: Matus Fabian <matfabia@cisco.com>
|
|
Change-Id: Iaf9735258f456574534c1a581b983326badea171
Signed-off-by: Damjan Marion <damarion@cisco.com>
|
|
Change-Id: I28616f1a89f2da95484438ec1a1db64845f15ef6
Signed-off-by: Damjan Marion <damarion@cisco.com>
|
|
Use appropriate libnames to copy
Change-Id: Iaa1e7e3ceed52f328e26e75ee7309fc6464d5c66
Signed-off-by: Shesha Sreenivasamurthy <shesha@cisco.com>
|
|
This change-set enables plugins to add themselves to the ip4/ip6
feature subgraphs without having to modify core vpp engine code
at all. Add VNET_IP4/IP6_UNICAST/MULTICAST_FEATURE_INIT macros
which express the required ordering constraints, and off you go.
Along the way, added an implementation of Warshall's algorithm to
vppinfra; to compute the positive transitive closure of a relation. In
this case, the relation is "feature A runs before feature B."
With that in hand, ip_feature_init_cast(...) computes a partial order
across the set of configured feature subgraph nodes.
In unit-testing, we discovered VPP-145 - ip4/6 inacl wiped out
vnet_buffer(b)->ip>current_config_index, which exists in main. So, we
fixed that by moving b->trace_index, adding b->current_config_index,
and removing the ip opaque union current_config_index.
Change-Id: Iff132116f66413dc6b31ac3377198c7a32d51f48
Signed-off-by: Dave Barach <dave@barachs.net>
|
|
Moved Proof of Transit utility as a plugin
Moved Proof of Transit option as a plugin
Change-Id: Idc9897205eb8ec80c5dea47b428e6209ac938c32
Signed-off-by: Shwetha <shwethab@cisco.com>
|
|
- Change toplevel plugins make target. Now builds all plugins under
plugins/. (Apart from sample-plugin).
- Move sixrd code to plugins directory and make necessary changes to
make it a plugin
- Remove 6rd hooks from IP lookup code
Change-Id: I447e92e3bee240cd8de01d0abac2e1708e8c27d1
Signed-off-by: Ole Troan <ot@cisco.com>
|
|
IP4 and IP6 nodes currently shares the adj->lookup_next_index. That
has some issues, e.g. that one has to add non-functional nodes like
ip4-hop-by-hop and that anyone dynamically adding nodes to any of the
IP4/IP6 lookup nodes must ensure they add themselves to all relevant
nodes to ensure next index consistency.
This patch splits the IP_LOOKUP_NEXT into separate enums for IP4 and
IP6 with a common part for next-nodes used by both. It sets up other
IP nodes as siblings to avoid inconsistencies. This allows IP4 and IP6
lookup next nodes to evolve independently. The adj->lookup_next_index is
still shared, assuming that an IP4 adjacency isn't used by an
IP6 graph node.
Change-Id: I589b8364fe54e7a10c059b7ef9d6707eb0a345cc
Signed-off-by: Ole Troan <ot@cisco.com>
|
|
worker-handoff node is universal node which taakes packets
from the input node and hands them over to worker threads.
Currently it supports flow hashing based on ipv4, ipv6 and
mpls headers.
New cli:
set interface handoff <intrerface-name> workers <list>
e.g.
set interface handoff TenGigabitEthernet2/0/0 workers 3-6,9-10
Change-Id: Iaf0df83e69bb0e84969865e0e1cdb000b0864cf5
Signed-off-by: Damjan Marion <damarion@cisco.com>
|
|
Available only in vpp_lite platform
Change-Id: I09d112af5f7f4521ec25196ecdd8c02c20eedd5f
Signed-off-by: Damjan Marion <damarion@cisco.com>
|
|
Change-Id: I76359b621b2edc599cf2e9ee845d97293a5d46f7
Signed-off-by: Keith Burns (alagalah) <alagalah@gmail.com>
|
|
JIRA: VPP-67
Change-Id: I04560d78e2eb131cd6cc31472b70b3d3e8fdd79a
Signed-off-by: Matus Fabian <matfabia@cisco.com>
|
|
- removed vnet/vnet/nsh-gre
- removed all nsh from vnet/vnet/nsh_vxlan_gpe to
vnet/vnet/nsh
- moved vnet/vnet/nsh_vxlan_gpe to vnet/vnet/vxlan_gpe
- added cli and binary api for VXLAN GPE tunnels
- plan to move vnet/vnet/nsh to new repo (sfc_nsh) and make plugin
- added cli for NSH (binary API will be done in sfc_nsh)
- vnet/vnet/gre will be extended in VPP-54
Change-Id: I1d27def916532321577ccd68cb982ae0d0a07e6f
Signed-off-by: Keith Burns (alagalah) <alagalah@gmail.com>
|
|
Change-Id: I445ad13f8f93cb75cacc94192c4ae85c8ca14e35
Signed-off-by: Shwetha Bhandari <shwethab@cisco.com>
|
|
- common header files and structs used in both GRE and VXLAN-GPE
Change-Id: I06d0b773e936fb011408817237059f24a4beb412
Signed-off-by: Keith Burns (alagalah) <alagalah@gmail.com>
|
|
- adds ability to name tunnel
- creates policy as a collection of tunnel names
- map ip6 multicast address to policy and replicate packet
- adds zero memcpy for invariant portion of packet
Change-Id: Icd2fe6a2cf65c09906e82ed1afbb0eae8df79452
Signed-off-by: Keith Burns (alagalah) <alagalah@gmail.com>
|
|
The implementation mimics that of the ip4 data-plane. Therefore, a new
lgpe-ip6-lookup lookup node is introduced for ip6 source lookups, a
lisp-gpe-ip6-input node for decapsulating ip6 encapsulated packets and
the tx function of the lisp-gpe interface is updated to support any mix
of v4 and v6 in underlay and overlay.
Change-Id: Ib3a6e339b8cd7618a940acf0dd8e61c042fd83dd
Signed-off-by: Florin Coras <fcoras@cisco.com>
|
|
This is first drop of native NETMAP driver.
It is mainly tested with NETMAP pipes but also
support for native interfaces should work.
New CLI:
create netmap [<intf name>|valeXXX:YYY] [hw-addr <mac>] [pipe]
[master|slave]
Following example creates NETMAP pipe where VPP acts as master:
create netmap name vale00:vpp1 pipe master
then NETMAP pkt-gen tool can be used to send traffic:
pkt-gen -i vale00:vpp1}0 -f tx
Change-Id: Ie0ddaa5facc75285b78467420e8a9f9c8dfc39e5
Signed-off-by: Damjan Marion <damarion@cisco.com>
|
|
With this change, one lisp-gpe interface is created per vrf/overlay
tenant and its tx node is used as encapsulator (or tunnel ingress). For
all intents and purposes, the tx node inherits all functions previously
performed by the lisp-gpe-encap node and it maintains said node's
position in lisp-gpe's data-path graph. Chiefly, this opens the
possibility to chain interface features, like IPSec, transparently with
LISP. Furthermore, it brings basic data plane support for vrfs and LISP
instance-ids (or virtual network instances as per RFC7364).
Other changes include improvements to lisp-gpe enable and disable
sequences and corresponding API/VAT fixes.
Change-Id: I085500450660a976b587b1a720e282f6e728d580
Signed-off-by: Florin Coras <fcoras@cisco.com>
|
|
Following two commands are changed:
ethernet mtu -> set interface mtu
ethernet promiscuous -> set inteface promiscuous
Change-Id: I5037e021933156c06044fb723a05ad330f8162b7
Signed-off-by: Damjan Marion <damarion@cisco.com>
|
|
Change-Id: I802700ad832de1dc6f4a1981e8985aa6e926c8ad
Signed-off-by: Filip Tehlar <ftehlar@cisco.com>
|
|
Control Plane
-------------
In essence, this introduces basic support for map-request/reply
processing, the logic to generate and consume such messages, including
SMRs, a control-plane backend, consisting of an eid-table, locator and
locator-set tables, and CLI to interact with it. Naturally, we can now
serialize/deserialize LISP specific types: addresses, locators,
mappings, messages. An important caveat is that IPv6 support is not
complete, both for EIDs and RLOCs.
Functionally, the DP forwards all packets it can't handle to the CP
(lisp_cp_lookup node) which takes care of obtaining a mapping for the
packet's destination from a pre-configured map-resolver using the LISP
protocol. The CP then caches this information and programs the DP such
that all new packets with the same destination (or within the covering
prefix) are encapsulated to one of the locators retrieved in the
mapping. Ingress traffic-engineering is not yet supported.
Data Plane
----------
First of all, to enable punting to the CP, when LISP GPE is turned on a
default route that points to lisp_cp_lookup is now inserted. The DP
also exposes an API the CP can use to program forwarding for a given
mapping. This mainly consists in allocating a tunnel and programming the
FIB such that all packets destined to the mapping's prefix are forwarded
to a lisp-gpe encapsulating node.
Another important change done for lisp forwarding is that both source
and destination IP addresses are considered when encapsulating a packet.
To this end, a new FIB/mtrie is introduced as a second stage, src
lookup, post dst lookup. The latter is still done in the IP FIB but for
source-dest entries, in the dest adjacency the lookup_next_index points
to a lisp lookup node and the rewrite_header.sw_if_index points to the
src FIB. This is read by the lisp lookup node which then walks the src
mtrie, finds the associated adjacency, marks the buffer with the index
and forwards the packet to the appropriate next node (typically,
lisp-gpe-encap).
Change-Id: Ibdf52fdc1f89311854621403ccdd66f90e2522fd
Signed-off-by: Florin Coras <fcoras@cisco.com>
|
|
Change-Id: Ieacbfa4dbbfd13b38eaa2d37f618f212cef4e492
Signed-off-by: Damjan Marion <damarion@cisco.com>
|
|
This patch defines a new l2input feature: l2-rw
It makes use of vnet_classify in order to match
packets and applies mask/value changes depending
on the matched classify entry.
Change-Id: Ia98c128931e59195bf3ecb66721e155ff9049a2e
Signed-off-by: Pierre Pfister <ppfister@cisco.com>
|