L2 Emulation is a feautre that is applied to L2 ports to 'extract'
IP packets from the L2 path and inject them into the L3 path (i.e.
into the appropriate ip[4|6]_input node).
L3 routes in the table_id for that interface should then be configured
as DVR routes, therefore the forwarded packet has the L2 header
preserved and togehter the L3 routed system behaves like an L2 bridge.
Change-Id: I8effd7e2f4c67ee277b73c7bc79aa3e5a3e34d03
Signed-off-by: Neale Ranns <nranns@cisco.com>
* NAT46: fix test cleanup, missing del keyword
* NAT66: fix kube-proxy vip, is ipv6
* add some missing kp_put_writer_lock
* wipe flowtable after each unit test
* Add new cli api: "test kube-proxy flowtable flush" to flushes everything
* Call this new cli function after the end of each kube-proxy unit test.
* same as commit b3d1b20357 for the lb plugin
Change-Id: I4146f44841328ec96eb66729e3bae3d40f33e4aa
Signed-off-by: Gabriel Ganne <gabriel.ganne@enea.com>
Add API function which enables forwarding of packets not matching
existing translation or static mapping instead of dropping them.
When forwarding is enabled matching packets will be translated
while non-matching packets will be forwarded without translation.
Change-Id: Ic13040cbad16d3a1ecdc3e02a497171bef6aa413
Signed-off-by: Juraj Sloboda <jsloboda@cisco.com>
Translation of both source and destination addresses and ports for 1:1 NAT
session initiated from outside network (ExternalIP K8 use case).
Change-Id: Ic0000497cf71619aac996d6d580844f0ea0edc14
Signed-off-by: Matus Fabian <matfabia@cisco.com>
This plugin provides kube-proxy data plane on user space,
which is used to replace linux kernal's kube-proxy based on iptables.
The idea is largely inspired from VPP LB plugin.
Currently, kube-proxy plugin supports three service types:
1) Cluster IP plus Port: support any protocols, including TCP, UDP.
2) Node IP plus Node Port: currently only support UDP.
3) External Load Balancer.
Please refer to kp_plugin_doc.md for details.
Change-Id: I36690e417dd26ad5ec1bd77c7ea4b8100416cac6
Signed-off-by: Hongjun Ni <hongjun.ni@intel.com>
- GRE tunnels with the same src,dst addresses are not the same tunnel
- Two data-plane improvements:
- the cached key was never updated and so useless
- no need to dereference the tunnel's HW interface to get the sw_if_index
Change-Id: I2f2ea6e08c759a810b753cec22c497e921a2ca01
Signed-off-by: Neale Ranns <nranns@cisco.com>
This allows arm platforms to also take advantage of crc32 hardware
acceleration.
* add a wrapper for crc32_u64. It's the only one really used. Using it
instead of a call to clib_crc32c() eases building symmetrical hash
functions.
* replace #ifdef on SSE4 by a test on clib_crc32c_uses_intrinsics.
Note: keep the test on i386
* fix typo in lb test log
Change-Id: I03a0897b70f6c1717e6901d93cf0fe024d5facb5
Signed-off-by: Gabriel Ganne <gabriel.ganne@enea.com>
The "test-all" target is still never called as part of any continuous
test (as it probably should) but at least it can now be expected to
succeed.
VXLAN-GPE:
* decapsulate Ethernet to "l2-input" instead of "ethernet-input"
otherwise the inner mac address get checked against the interface one
(external) and packet gets dropped (mac mismatch)
* set packet input sw_if_index to unicast vxlan tunnel for learning
TEST:
* VXLAN:
* reduce the number of share tunnels:
=> reduce test duration by half
=> no functional change
* VXLAN-GPE:
* fix test TearDown() cli: command is "show vxlan-gpe" only
* remove vxlan-gpe specific tests as the were a duplicated of the
BridgeDomain one and already inherited.
* disable test_mcast_rcv() and test_mcast_flood() tests
* P2PEthernetAPI:
* remove test: "create 100k of p2p subifs"
there already is a "create 1k p2p subifs" so this one is a load test
and not a unit test.
See: lists.fd.io/pipermail/vpp-dev/2017-November/007280.html
Change-Id: Icafb83769eb560cbdeb3dc6d1f1d3c23c0901cd9
Signed-off-by: Gabriel Ganne <gabriel.ganne@enea.com>
The classifier tables layout might (and most always will) change during the MACIP ACL modification.
Furthermore, vnet_set_input_acl_intfc() is quite a picky creature - it quietly does nothing
if there is an existing inacl applied, even if the number is different, so a simple "reapply"
does not work. So, cleanly remove inacl, then reapply when the new tables are ready.
Also, fix the testcase which was supposed to test this exact behavior.
Thanks to Jon Loeliger for spotting this issue.
Change-Id: I7e4bd8023d9de7e914448bb4466c1b0ef6940f58
Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com>
as decsribed in section 2.2
ihttps://tools.ietf.org/html/draft-ietf-bier-mpls-encapsulation-10
with BIFT encoding from:
https://tools.ietf.org/html/draft-wijnandsxu-bier-non-mpls-bift-encoding-00
changes:
1 - introduce the new BIFT lookup table. BIER tables that have an associated
MPLS label are added to the MPLS-FIB. Those that don't are added to the
BIER table
2 - BIER routes that have no associated output MPLS label will add a BIFT label.
3 - The BIER FMask has a path-list as a member to resolve via any possible path.
Change-Id: I1fd4d9dbd074f0e855c16e9329b81460ebe1efce
Signed-off-by: Neale Ranns <nranns@cisco.com>
Identity mapping translate an IP address to itself.
Change-Id: Icc0ca5102d32547a4b0c75720b5f5bf41ed69c71
Signed-off-by: Matus Fabian <matfabia@cisco.com>
logging: allow a client to register a callback handler to recieve log messages
that way the client can maintain a correctly sequenced log
populate: fix the creation of interface and the setting of the handle
stats: the reset promise idea is not defined behaviour.
Use an eanble/disable command pair
Change-Id: I347720bb65df2874c7619e722d593bc863ee2bf1
Signed-off-by: Neale Ranns <neale.ranns@cisco.com>
- Refactor debug output to include vpp handle associated
with session id where appropriate.
- Fix vcom_connect return value on error.
- Refactor vcom_socket_epoll_pwait().
- Fix sock_test_server/client connect failure handling.
Change-Id: I2649596aa4b8a77d9bd876409a76810cb2785797
Signed-off-by: Dave Wallace <dwallacelf@gmail.com>
- Refactor session disconnect/close state
transitions. Only remove session state
when app calls close(). Add HUP/reset
feedback by returning ECONNRESET.
- Update debug messages.
- Use VCL_LOCK_AND_GET_SESSION macro more
extensively
Change-Id: I23d372834b901a6726e6d6c1061df73ad967882f
Signed-off-by: Dave Wallace <dwallacelf@gmail.com>
Enhence support of DHCP VSS (Virtual Subnet Selection) to include
VSS type 0 where VSS info is a NVT (Network Virtual Terminal)
ASCII VPN ID where the ASCII string MUST NOT be terminated with a
zero byte. Existing code already support VSS type 1, where VSS
information is a RFC 2685 VPN-ID of 7 bytes with 3 bytes OUI
and 4 bytes VPN index, and VSS type 255 indicating global VPN.
Change-Id: I54edbc447c89a2aacd1cc9fc72bd5ba386037608
Signed-off-by: John Lo <loj@cisco.com>
This allows to use the classifier to steer source routing packets instead
of using the "sr steer" command.
This way we can steer on anything instead of only the dst ip address.
test:
* add add_node_next function to the VppPapiProvider class.
* add simple test scenario using the classifier to steer packets with
dest ip addr == a7::/8 to the source routing insert node.
* use new interface indexes (3,4) instead of (0,1) to prevent a cleanup
conflict with the other tests which attach a specific fib to the
interface.
The test creates interfaces sepsrated from the other tests to prevent a
conflict in the cleaning of the ip6 fib index 1 which causes vpp not to
be able to find a default route on this table.
Change-Id: Ibacb30fab3ce53f0dfe848ca6a8cdf0d111d8336
Signed-off-by: Gabriel Ganne <gabriel.ganne@enea.com>
For the MAP-E CE limit port choice based on PSID
CLI: nat44 addr-port-assignment-alg map-e psid <n> psid-offset <n> psid-len <n>
Change-Id: Iecceee61fca372cb5790c16993a82fbdc9930f0f
Signed-off-by: Matus Fabian <matfabia@cisco.com>
A UDP-encap object that particiapates in the FIB graph and contributes
DPO to teh output chain. It thereofre resembles a tunnel but without the
interface. FIB paths (and henace routes) can then be created to egress
through the UDP-encap. Said routes can have MPLS labels, hence this also
allows MPLSoUPD.
Encap is uni-directional. For decap, one still registers with the UDP port
dispatcher.
Change-Id: I23bd345523b20789a1de1b02022ea1148ca50797
Signed-off-by: Neale Ranns <nranns@cisco.com>
Dual-Stack Lite enables a broadband service provider to share IPv4 addresses among customers by combining two well-known technologies: IPv4-in-IPv6 and NAT.
Change-Id: I039740f8548c623cd1ac89b8ecda1a6cc4aafb9c
Signed-off-by: Matus Fabian <matfabia@cisco.com>
This option allows one to toggle whether captured VPP stdout/stderr
output is printed inline (each line logged immediately after being
collected). Default setting is 0/no (behaviour same as before).
This allows one to see the output in case of vpp crashing during test
run even if test framework gets stuck waiting for shared memory mutex
(which crashed vpp can no longer unlock).
Complete stdout/stderr output is always printed as a block to the
logger after test finishes.
Change-Id: If3645a9b85562dba26ed9c87daa27ea5ef34f2e5
Signed-off-by: Klement Sekera <ksekera@cisco.com>
