Re: [vpp-dev] anomaly in deleting tcp idle session in vpp

[emma sdi]

Dear Andrew,
Sorry for taking your time. I made a mistake and I had a miss
configuration. the vpp behavior is true in handling of tcp idle sessions.
there are no problem.thanks for your help and consideration.
Best Regards,

On Sun, Jun 10, 2018 at 8:39 PM, emma sdi  wrote:

> Dear Andrew,
> I've already tested your patch and the my observed behavior in last tests
> exists yet. However in vpp1804, mentioned delete process starts when the
> session table is full but in master with your patch, process of deleting
> sessions  starts while session table is not full.
> if it is possible for you, I appreciate you double check. The trex and vpp
> configs attached in my previous emails.
>
>
> On Sat, Jun 2, 2018 at 11:42 PM, Andrew Yourtchenko 
> wrote:
>
>> Thanks for more detail! Could you also include the VPP config ? This way
>> I can give it a shot in the lab when I am back or the office 11th June.
>>
>> By the way, https://gerrit.fd.io/r/#/c/12770/ could have changed the
>> behavior since I made an addition of the transient state before the
>> connection is deleted, you might wanna give it a quick check if you like,
>> before the 11th June.
>>
>> --a
>>
>> On 2 Jun 2018, at 12:37, emma sdi  wrote:
>>
>>
>> -- Forwarded message --
>> From: khers 
>> Date: Sat, Jun 2, 2018 at 1:09 PM
>> Subject: Re: [vpp-dev] anomaly in deleting tcp idle session in vpp
>> To: Andrew Yourtchenko 
>>
>>
>> Dear Andrew,
>>
>> I have observed a contradiction. In my test case, after being session
>> table full, vpp start to delete idle sessions.
>> trex command : ./t-rex-64 -c 3 --active-flows 1  -f
>> /cap2/concurrent_connection_test.yaml  --nc -m 1000 --no-key
>> yaml file and pcap file and patch file is attached to this email.
>>
>> I changed vpp 18.04 version to log session timeout type before removing
>> them. Accordingly, I observed sessions with timeout type 1 ( 1 is used for
>> idle session timeout) in my log.
>>
>> set acl-plugin session timeout udp idle 60
>> set acl-plugin session timeout tcp idle 3600
>> set acl-plugin session timeout tcp transient 30
>>
>>
>>
>>
>> On Wed, May 30, 2018 at 7:59 PM, Andrew Yourtchenko 
>> wrote:
>>
>>> If the table is full it should fifo-reuse the tcp transient sessions,
>>> not the established ones.
>>>
>>> --a
>>>
>>> On 30 May 2018, at 14:00, emma sdi  wrote:
>>>
>>> Dear Folks,
>>> I have a problem with vpp stateful mode. I observed that vpp start to
>>> delete tcp idle sessions when session table is full. my question is this
>>> behavior is implemented and indeed it is normal routine? or is this an
>>> anomaly? because this behavior is not normal generally (for example in
>>> conntrack) and an established session have to exist till its timeout will
>>> be zero. I expect vpp holds all old tcp idle sessions instead of creating
>>> new sessions when session table doesn't have any empty entry.
>>> Best Regards,
>>>
>>>
>>
>> 
>>
>> 
>>
>> 
>>
>>
> 
>
>

-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.

View/Reply Online (#9594): https://lists.fd.io/g/vpp-dev/message/9594
Mute This Topic: https://lists.fd.io/mt/20415862/21656
Group Owner: vpp-dev+ow...@lists.fd.io
Unsubscribe: https://lists.fd.io/g/vpp-dev/unsub  [arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

Re: [EXTERNAL] [vpp-dev] VPP 17.04 Bridge

[Chris Luke]

Ewan,

There is no such issue that I am aware of. Have you tried your setup by 
building from the master branch? Or an older version? Did you search our Jira? 
https://jira.fd.io/browse/VPP

Otherwise, in general, more details will be required; if you do not find an 
existing issue, please open a new one in Jira with examples of what you mean, 
with details of your environment and configuration.

Thanks,
Chris.

From: vpp-dev@lists.fd.io  On Behalf Of xulang
Sent: Tuesday, June 12, 2018 22:48
To: vpp-dev@lists.fd.io
Subject: [EXTERNAL] [vpp-dev] VPP 17.04 Bridge

Hi all,
If I add more than four phy interfaces into one bridge,
VPP will corrupt at many different places.
Is there any bug in this feature?




Regards,
Ewan





-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.

View/Reply Online (#9593): https://lists.fd.io/g/vpp-dev/message/9593
Mute This Topic: https://lists.fd.io/mt/22063268/21656
Group Owner: vpp-dev+ow...@lists.fd.io
Unsubscribe: https://lists.fd.io/g/vpp-dev/unsub  [arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[vpp-dev] VPP 17.04 Bridge

[xulang]

Hi all,
If I add more than four phy interfaces into one bridge,
VPP will corrupt at many different places.
Is there any bug in this feature?








Regards,
Ewan
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.

View/Reply Online (#9592): https://lists.fd.io/g/vpp-dev/message/9592
Mute This Topic: https://lists.fd.io/mt/22060814/21656
Group Owner: vpp-dev+ow...@lists.fd.io
Unsubscribe: https://lists.fd.io/g/vpp-dev/unsub  [arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[vpp-dev] [tsc] Seeking LFN Booth Demo Ideas for ONS Europe: FD.io

[Edward Warnicke]

FYI


On June 12, 2018 at 2:32:25 PM, Brandon Wick (bw...@linuxfoundation.org)
wrote:

Hello FD.io Community:

Those in attendance at OSN North America in Los Angeles last March will
recall that we hosted an *LF Networking Booth* that showcased 8
compelling, community-driven
demos from the LFN technical projects. See this blog post

 for a description of the ONS North America booth demos, their focus areas,
and how they fit together.

We wanted to reach out now to each of the LFN project communities to let
you know that there will be space for ~8 networking demos inside the LFN
booth again at ONS Europe

 (Sept 25-27, Amsterdam) and we are seeking demo ideas again using the same
process as last time. Our goal again is to show compelling uses of LFN
networking project technology to solve real world industry challenges.
Demos that show cross-project elements (e.g. between LFN projects and
others), that map to a specific industry use case, and that are endorsed by
a service provider are preferred. That said, we have some room for demos
that highlight the good work and value-add from projects that don't
necessarily meet these criteria. At least one demo slot will be made
available for each LFN project that submits a quality idea.

Another LFN Booth demo option we're exploring is to feature the PNDA project
  analyzing data from other open source projects (e.g.
FD.io). If we went this direction, it would require participation and
coordination with the PNDA team for demo development and execution. If you
have been working on PNDA integration and are interested in pursuing this
idea, please contact Nick Hall: nich...@cisco.com.

Demos stations will again have storage space, a counter, backdrop, monitor,
power, and Wi-Fi internet provided. A demo station mock up is now under
development and will be shared back with interested parties. There is no
cost to host a demo in the LFN booth although additional power, internet,
spaces, etc. may incur a cost.

Here are the key dates to keep in mind:

   - June 12: Demo idea solicitation email sent to community lists
   - July 9: Demo ideas submissions due
   - July 20: Demos ideas reviewed, chosen, and notifications sent

To submit your demo idea for consideration, please collect and provide the
following information:

   - Demo title (10 words max)
   - Brief demo description (200 words max)
   - List of demo manager(s) with contact information
   - List of open source projects involved
   - List of companies involved
   - Any extra requirements or special considerations

Demo manager responsibilities include:

   - Creating the demo concept and actual demo to be shown
   - Responding promptly to requests for information
   - Meeting all demo prep deadlines
   - Setting up and testing the demo pre-show and taking down post-show
   - Staffing the demo during ONS expo hours (along with other designated
   team members to help share the load)
   - Being willing to participate in media activities, e.g. photos, videos

ONS sponsor companies are of course welcome to host demos in their booths
on the show floor as well. Please heck with your ONS Europe sponsorship
managers to explore these opportunities.

* Submit your demo ideas by July 9 by sending an email
to bw...@linuxfoundation.org *. LFN staff
leadership (Heather, Phil, Arpit) will then review the submissions, get
back to submitters with questions, suggestions, and recommend a final demo
roster by July 20th. Send any questions you may have to
bw...@linuxfoundation.org.

We look forward to seeing your demo ideas.

Best,

Brandon Wick
Senior Integrated Marketing Manager
The Linux Foundation
bw...@linuxfoundation.org
+1.917.282.0960




-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.

View/Reply Online (#9591): https://lists.fd.io/g/vpp-dev/message/9591
Mute This Topic: https://lists.fd.io/mt/22037238/21656
Group Owner: vpp-dev+ow...@lists.fd.io
Unsubscribe: https://lists.fd.io/g/vpp-dev/unsub  [arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

Re: [vpp-dev] [csit-dev] Draft proposal to introduce a new set of integration tests

[Maciek Konstantynowicz (mkonstan) via Lists.Fd.Io]

Adding vpp-dev.

Following reviews in csit-dev and CSIT project calls, here is an updated
proposal for a new set of FD.io VPP integration tests. The idea 
is to,
over time, migrate the VIRL test cases to VPP_Path and VPP_Device
integration tests describe below.

Test coverage gaps between existing VIRL and VPP make_test tests have been
documented in an online sheet [1]. Many thanks to Jan Gelety for the
analysis and CSIT contributors for their reviews.

Unless issues/objections, plan is to progress this work during rls1807 dev
cycle.

Hope this makes sense, let us know if questions.

-Maciek
(CSIT PTL)

[1] vpp-csit-verify-virl-test-gaps, 
https://docs.google.com/spreadsheets/d/1PciV8XN9v1qHbIRUpFJoqyES29_vik7lcFDl73G1usc/edit?usp=sharing



VPP_Path Integration Tests
--

* Objective:(Integration) Functional acceptance of VPP feature
paths driven by use cases.
. Use cases defined as combinations of configurations
  and offered loads invoking multiple VPP packet
  processing paths.
. Tester: "Does it do what is expected based on
  configuration and offered load?"
. Includes regression tests based on field found bugs.
* Environment:  VPP make_test.
. VPP test framework based on Python unittest.
* Testing:  VPP SW only.
. api: vpp-papi.
. dp: pg-rx-{vpp_graph_nodes_path}–tx-pg.
* Results:  Test [PASS|FAIL].
* Analytics:gcc gcov for code line coverage.
* Continuous:   FD.io per vpp patch execution with jjb verify 
voting.
. Separate job from current vpp make verify(?).
* Availability: New development in FD.io CSIT.
. Partial coverage in VPP_Multi_Node Tests.
* Project:  FD.io CSIT.
. Plan: introduce in rls1807, test coverage driven by
  priority use cases and VIRL equivalence.
. Future:
.. Negative tests: API fuzzing (/Fuzzapi/API-fuzzer),
   packet/protocol fuzzing (Cisco-Talos/mutiny-fuzzer).

VPP_Device Integration Tests


* Objective:(Integration) Functional acceptance of VPP device driver
interactions.
. Tester: "Known VPP device and feature interactions
  must work!"
* Environment:  FD.io CSIT-CPL labs.
. CSIT Python and Robot Framework libraries and tests.
* Testing:  VPP SW on compute HW with network devices.
. VPP SW:
.. api: vpp-papi.
.. dp: int-dev–rx-{simple_VPP_graph_nodes_path}-tx-dev-int.
. Compute HW:
.. Xeon-Skylake, Arm and Atom nodes.
.. Cisco, Intel, Mellanox NICs.
* Results:  Test [PASS|FAIL].
* Analytics:None.
* Continuous:   FD.io per vpp patch execution with jjb verify 
voting.
* Availability: Depends on server and processor types.
. Xeon:
.. rls1807 - initial VPP and Scapy Pod/Container POC
   with VF drivers.
.. Future - per vpp patch execution with jjb verify
   voting.
. Arm:
.. rls1807 - initial VPP and Scapy Pod/Container POC
   with VF drivers.
.. Future - per vpp patch execution with jjb verify
   voting.
. Atom: TBC.
* Project:  FD.io CSIT.
. Plan: progress in rls1807.


On 6 Jun 2018, at 14:25, Maciek Konstantynowicz (mkonstan) via Lists.Fd.Io 
mailto:mkonstan=cisco@lists.fd.io>> wrote:

Thanks for all comments!

Here is an updated summary of both new test categories based
on received feedback.

(I removed the dependencies for clarity).

I’m also sending a separate email with a straw-man proposal
for parallelising functional HW device tests in VPP_Device.



VPP_Path Integration Tests
--

* Objective:(Integration) Functional acceptance of VPP feature
paths driven by use cases (combinations of multiple
nodes, configurations and offered loads).
. Tester: "Must not break known node and feature
  interactions!"
. Includes regression tests based on field reported bugs.
* Environment:  VPP make_test.
* Testing:  VPP SW only.
. api: vpp-papi.
. dp: pg-rx-{vpp_graph_nodes_path}–tx-pg.
* Results:  Test [PASS|FAIL].
* Analytics:gcc gcov for code line coverage.
* Continuous:   FD.io per vpp patch execution with jjb verify 
voting.
. Separate job from current vpp make verify.
* Availability: New development in FD.io CSIT.
. Partial coverage in VPP_Multi_Node Tests.
* Project: 

Re: [vpp-dev] Support for TCP flag

[Andrew Yourtchenko]

Dear Rubina,

When I was adding the multicore support, the handoff infra was just
being written at the same time, so I conservatively did not use it,
and currently the ACL plugin uses a bit of calculated juggling to
avoid requeueing the packet to the single-authority worker that has
created the session.

Having the ability to react on full TCP flags would require adding
this requeue logic - because anything more sophisticated than the
current estabished/transient dichotomy would be insane to handle
without the handoff. Of course that would require tests how it affects
all the functioning. I have it in my wishlist but no specific plans
yet that I would commit to.

Help always welcome, obviously :-)

--a



On 6/2/18, Rubina Bianchi  wrote:
> As Regards to your question, the case that I'm testing is connection
> tracking in stateful firewall which its functionality is the same as Linux
> conntrack. Do you have any plan to provide VPP as an appropriate
> infrastructure for firewall applications?
> 
> From: Andrew  Yourtchenko 
> Sent: Tuesday, May 29, 2018 1:10 PM
> To: Rubina Bianchi
> Cc: vpp-dev@lists.fd.io
> Subject: Re: [vpp-dev] Support for TCP flag
>
> Hi Rubina,
>
> I designed the stateful mode to be just a bit more than the ACL, with
> a "diode" state, rather than going for the fully fledged firewall
> model - as a balance between the simplicity and the functionality.
>
> The full tracking of the TCP state machine was not in scope - getting
> into that territory properly requires also TCP sequence number
> tracking, etc. - and there the complexity would far outweigh the
> usefulness for most practical cases.
>
> So I needed to primarily differentiate the session state from the
> timeout perspective - when to remove it.
>
> For that purpose, there are  two types of TCP sessions, decided by
> taking by the combination of SYN,FIN,RST,ACK TCP flag bits seen from
> each side:
>
> 1) Those that has seen SYN+ACK on both sides are fully open (this is
> where the "tcp idle" timeout applies, which is usually rather long.
>
> 2)  Those that had seen any other combination of the flags (this is
> where the "tcp transient" timeout applies, which is default to 2
> minutes)
>
> As we receive the packets, we update the seen flags, and we may change
> the current idle timeout based on the accumulated seen flags.
>
> Additionally, if we run out of sessions when creating the new ones,
> then the sessions in the transient state will be cleaned up and reused
> in the FIFO manner - so as to simulate a simple mechanism against the
> resource starvation for the higher session rate.
>
> This is a deliberate design choice, and unless there is some
> operational issues with it (i.e. where the resource clean-up does not
> happen where it should, etc...), I did not have any plans to change
> it.
>
> So, could you expand a bit more on what kind of use case you are
> looking for, to discuss further ?
>
> --a
>
> On 5/29/18, Rubina Bianchi  wrote:
>> Hi
>> I have a question about vpp stateful mode. It seems that vpp stateful
>> mode
>> hasn't implemented completely. I mean there aren't any feature same as
>> contrack in linux kernel. So, vpp doesn't have any mechanism to handle
>> TCP
>> sessions based on different flags. For example I sent TCP three way
>> handshaking packets in different order (ack -> syn -> syn-ack), in this
>> case
>> an idle session is added to session table. Do you have any plan to
>> develop
>> it?
>>
>

-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.

View/Reply Online (#9589): https://lists.fd.io/g/vpp-dev/message/9589
Mute This Topic: https://lists.fd.io/mt/20405228/21656
Group Owner: vpp-dev+ow...@lists.fd.io
Unsubscribe: https://lists.fd.io/g/vpp-dev/unsub  [arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[vpp-dev] mpls-tunnel

[Mehran Memarnejad]

Hi,
How can I create mpls-tunnel with arbitrary name?

thanks

-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.

View/Reply Online (#9588): https://lists.fd.io/g/vpp-dev/message/9588
Mute This Topic: https://lists.fd.io/mt/21999692/21656
Group Owner: vpp-dev+ow...@lists.fd.io
Unsubscribe: https://lists.fd.io/g/vpp-dev/unsub  [arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[vpp-dev] creat mpls tunnel

[omid via Lists.Fd.Io]

Hi,how mpls tunnel add with an arbitrary name?thanks.

-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.

View/Reply Online (#9587): https://lists.fd.io/g/vpp-dev/message/9587
Mute This Topic: https://lists.fd.io/mt/21999010/21656
Group Owner: vpp-dev+ow...@lists.fd.io
Unsubscribe: https://lists.fd.io/g/vpp-dev/unsub  [arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-