回复: [vpp-dev] Add ip route without next-hop-address

[shi dave]

Hi Neale,

yes, it's a correct behavior for VPP ARP for 173.2.0.1, but in my case, 
173.2.0.1 is a inner ip(src 173.10.10.10, dst 173.2.0.1), the outer ip is IPSEC 
tunnel ip(src 172.16.3.15, dst 172.16.3.1), so that's no sense to get the mac 
of 173.2.0.1.

so is there have any method to route the packet from GigabitEthernet0/b/0 to 
GigabitEthernet0/a/0, without send any ARP request?


Best Rregards

Dave


发件人: Neale Ranns (nranns) 
发送时间: 2019年8月22日 22:03
收件人: shi dave ; vpp-dev@lists.fd.io 
主题: Re: [vpp-dev] Add ip route without next-hop-address




Hi Dave,



but from the trace, it send a ARP request to ask 173.2.0.1 directly

ip4-lookup -> ip4-glean -> GigabitEthernet0/a/0-output -> ip4-glean: ARP 
requests sent

how could I avoid this ARP request, like ?
ip4-lookup -> ip4-rewrite (GigabitEthernet0/a/0) -> ipsec-output-ip4



VPP is ARPing for 173.2.0.1. What do you want it to do instead?



neale
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.

View/Reply Online (#13826): https://lists.fd.io/g/vpp-dev/message/13826
Mute This Topic: https://lists.fd.io/mt/32997382/21656
Group Owner: vpp-dev+ow...@lists.fd.io
Unsubscribe: https://lists.fd.io/g/vpp-dev/unsub  [arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[vpp-dev] Inserting our node between nat44-in2out and ip4-lookup

[via Lists.Fd.Io]

Hi,

I am trying to insert our node (secmod4in) between nat44-ed-in2out and 
ip4-lookup. Have done the feature ordering and the feature arc shows the 
features enabled in the right order, but still the packet trace shows that 
packets are not hitting my node after the NAT node, and directly going to 
ip4-lookup.

Output of various CLIs:

1. sh feature verbose:

[16] ip4-unicast:
  [ 0]: svs-ip4
  [ 1]: srv6-as4-rewrite
  [ 2]: srv6-ad4-rewrite
  [ 3]: secmodl3ip4udpin
  [ 4]: secmodl3ip4udpflowcreate
  [ 5]: secmodl3ip4tcpin
  [ 6]: secmodl3ip4tcpflowcreate
  [ 7]: acl-plugin-in-ip4-fa
  [ 8]: ip4-dhcp-client-detect
  [ 9]: nat44-out2in-fast
  [10]: nat44-ed-classify
  [11]: nat44-ed-out2in
  [12]: nat44-ed-in2out
  [13]: ip4-gbp-lpm-classify
  [14]: ip4-gbp-src-classify
  [15]: nat44-out2in
  [16]: secmod4in

2. sh interface host-vppclient features:

ip4-unicast:
  nat44-ed-in2out
  secmod4in
  ip4-reassembly-feature
  secmod4-reassembled-in

3. sh vlib graph:


nat44-ed-in2out ip4-lookup [0]   nat44-ed-classify

error-drop [1] nat44-ed-out2in-reass

  ip4-icmp-error [2] nat44-ed-out2in-slowpath

  nat44-ed-in2out-slowpath [  nat44-ed-out2in

   nat44-ed-in2out-reass [4]ip4-mpls-label-disposition

 secmod4in [5]  ip4-mpls-label-disposition

   ip4-input-no-checksum

 ip4-input



However, even after the above is configured, the packets are not hitting 
secmod4in after the NAT node. I was going through the vpp-dev mailgroup and 
came across this discussion - https://lists.fd.io/g/vpp-dev/topic/29379239#11967



Does this still hold true? Do I need to modify the nat plugin to achieve the 
above redirection to the secmod4in node rather than sending to the default 
ip4-lookup node.





Regards,

Rashmi


-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.

View/Reply Online (#13825): https://lists.fd.io/g/vpp-dev/message/13825
Mute This Topic: https://lists.fd.io/mt/32995780/21656
Group Owner: vpp-dev+ow...@lists.fd.io
Unsubscribe: https://lists.fd.io/g/vpp-dev/unsub  [arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[vpp-dev] Help with NAT44 and running out of sessions

[carlito nueno]

Hi all,

I am running VPP as a gateway and am using NAT44.

*vpp.conf*

set int state TenGigabitEthernet8/0/0 up
set int state GigabitEthernet2/0/0 up
set int state GigabitEthernet3/0/0 up

set int ip address TenGigabitEthernet8/0/0 72.77.156.155/29
ip route add 0.0.0.0/0 via 72.77.156.158

loopback create
set int l2 bridge loop0 1 bvi
set int ip address loop0 10.155.6.1/24
set int state loop0 up

set int l2 bridge GigabitEthernet2/0/0 1
set int l2 bridge GigabitEthernet3/0/0 1

nat44 add interface address TenGigabitEthernet8/0/0
set interface nat44 in loop0 out TenGigabitEthernet8/0/0


*With Simple NAT*

startup.conf

nat {
  translation hash buckets 1048576
  max translations per user 500
}

When translations for a user hit 500, old connections are being dropped as
new connections are being established. Guess this is working as it's
supposed to.

But it's reaching max limit and I have to restart VPP

NAT44 pool addresses:
72.77.156.158
  tenant VRF independent
  16747 busy udp ports
  64511 busy tcp ports
  798 busy icmp ports

As you can, tcp port number is 64k.

*With Endpoint-dependent NAT*

startup.conf

nat {
  translation hash buckets 1048576
  max translations per user 500
  endpoint-dependent
}

I am receiving below message:
nat: max translations per user 10.1.6.47
nat: create NAT session failed

When translations for a user hit 500, no new connections are being
established. Until, some old connections are closed and I refresh my
browser to establish new connection. Guess this is working as intended also.

How can set VPP as gateway to support large number of devices behind NAT?

Thanks!
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.

View/Reply Online (#13823): https://lists.fd.io/g/vpp-dev/message/13823
Mute This Topic: https://lists.fd.io/mt/32992624/21656
Group Owner: vpp-dev+ow...@lists.fd.io
Unsubscribe: https://lists.fd.io/g/vpp-dev/unsub  [arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

Re: [vpp-dev] Crash when using dns_name_server

[carlito nueno]

Got it. I'll look at the refactor patch and, also try to apply the patch a
user posted on the old thread and test.

Thanks!

On Thu, Aug 22, 2019 at 9:11 AM Dave Barach (dbarach) 
wrote:

> NP, sorry for the issues, code simply not tested multi-core.
>
>
>
> BTW we just merged a refactor patch which converts the dns resolver into a
> plugin. Later this afternoon, I’ll do some multi-core testing. It may take
> a bit of work to repro and fix the problem you’ve reported.
>
>
>
> Dave
>
>
>
> *From:* Carlito Nueno 
> *Sent:* Thursday, August 22, 2019 10:55 AM
> *To:* Dave Barach (dbarach) 
> *Cc:* vpp-dev@lists.fd.io
> *Subject:* Re: [vpp-dev] Crash when using dns_name_server
>
>
>
> Thanks Dave! Let me know if you need me do more tests or gather more info.
>
>
>
> On Thu, Aug 22, 2019 at 4:48 AM Dave Barach (dbarach) 
> wrote:
>
> Ack. The DNS server has had *zero* multi-core testing, aside from what
> you’ve done. I’ll look at it when I can.
>
>
>
> *From:* Carlito Nueno 
> *Sent:* Wednesday, August 21, 2019 10:03 PM
> *To:* Dave Barach (dbarach) 
> *Cc:* vpp-dev@lists.fd.io
> *Subject:* Re: [vpp-dev] Crash when using dns_name_server
>
>
>
> Hi Dave,
>
> Sorry about the late reply.
>
> I used below configs to eliminate most of the complexity. I did not see
> binary-api being truncated.
>
> Steps:
> 1. I used basic vpp.conf (see below) without the dns_name_server commands
> 2. gdb run -c /etc/vpp/startup.conf (see below)
> 3. sudo vppctl
> 4. Entered dns_name_server commands manually
> 5. ping google.com
> 6. vpp crash
>
> Outputs collected: gbd run, gdb backtrace, syslog
>
> *Step 4: DNS cache output*
>
> vpp# nat44 add identity mapping external TenGigabitEthernet8/0/0 udp 53053
> vpp# bin dns_name_server_add_del 8.8.8.8
> vpp# bin dns_enable_disable
> vpp# sh dns cache verbose
> DNS cache contains 15 entries
> bserver-1.kbfs.keybaseapi.com -> bserver-1.kbfs.keybaseapi.com:
> 34.235.251.175 [59] 52.54.47.119 [59]   TTL left 593.7
> mdserver-0.kbfs.keybaseapi.com -> mdserver-0.kbfs.keybaseapi.com:
> 34.225.12.137 [45] 34.197.228.196 [45]   TTL left 593.7
> vortex.data.microsoft.com -> vortex.data.microsoft.com: 64.4.54.254
> [263]   TTL left 593.9
> api.keybase.io -> api.keybase.io: 35.153.89.209 [34] 52.4.215.1 [34]
>   TTL left 594.0
> push.apple.com -> push.apple.com:   TTL left 594.4
> api.dropboxapi.com -> api.dropboxapi.com: 162.125.7.7 [59]   TTL left
> 595.0
> people-pa.clients6.google.com -> people-pa.clients6.google.com:
> 172.217.6.42 [240]   TTL left 595.0
> bolt.dropbox.com -> bolt.dropbox.com: 162.125.34.129 [59]   TTL left
> 595.1
> www.google.com -> www.google.com: 172.217.0.36 [263]   TTL left 595.1
> play.google.com -> play.google.com: 172.217.5.110 [27]   TTL left
> 595.4
> mail.google.com -> mail.google.com: 172.217.6.37 [299]   TTL left
> 595.5
> gateway-carry.icloud.com -> gateway-carry.icloud.com: 17.248.128.151
> [59] 17.248.128.168 [59] 17.248.128.169 [59] 17.248.128.171 [59]
> 17.248.128.178 [59] 17.248.128.232 [59] 17.248.128.172 [59] 17.248.128.142
> [59]   TTL left 595.5
> push.services.mozilla.com -> push.services.mozilla.com: 35.164.35.9
> [56]   TTL left 599.5
> 0.client-channel.google.com -> 0.client-channel.google.com:
> 74.125.28.189 [239]   TTL left 599.6
> airtable.com -> airtable.com: 3.221.153.172 [35] 34.193.210.213 [35]
> 52.22.150.146 [35]   TTL left 599.6
>
>
> *Step 2: gdb run*
>
> (gdb) run -c /etc/vpp/startup.conf
> Starting program: /usr/bin/vpp -c /etc/vpp/startup.conf
> [Thread debugging using libthread_db enabled]
> Using host libthread_db library "/lib/x86_64-linux-gnu/libthread_db.so.1".
> vlib_plugin_early_init:361: plugin path
> /usr/lib/x86_64-linux-gnu/vpp_plugins:/usr/lib/vpp_plugins
> load_one_plugin:189: Loaded plugin: abf_plugin.so (Access Control List
> (ACL) Based Forwarding)
> load_one_plugin:189: Loaded plugin: acl_plugin.so (Access Control Lists
> (ACL))
> load_one_plugin:189: Loaded plugin: avf_plugin.so (Intel Adaptive Virtual
> Function (AVF) Device Driver)
> load_one_plugin:189: Loaded plugin: cdp_plugin.so (Cisco Discovery
> Protocol (CDP))
> load_one_plugin:189: Loaded plugin: crypto_ia32_plugin.so (Intel IA32
> Software Crypto Engine)
> load_one_plugin:189: Loaded plugin: crypto_ipsecmb_plugin.so (Intel IPSEC
> Multi-buffer Crypto Engine)
> load_one_plugin:189: Loaded plugin: crypto_openssl_plugin.so (OpenSSL
> Crypto Engine)
> load_one_plugin:189: Loaded plugin: ct6_plugin.so (IPv6 Connection Tracker)
> load_one_plugin:189: Loaded plugin: dpdk_plugin.so (Data Plane Development
> Kit (DPDK))
> load_one_plugin:189: Loaded plugin: flowprobe_plugin.so (Flow per Packet)
> load_one_plugin:189: Loaded plugin: gbp_plugin.so (Group Based Policy
> (GBP))
> load_one_plugin:189: Loaded plugin: gtpu_plugin.so (GPRS Tunnelling
> Protocol, User Data (GTPv1-U))
> load_one_plugin:189: Loaded plugin: hs_apps_plugin.so (Host Stack
> Applications)
> load_one_plugin:189: Loaded plugin: 

Re: [vpp-dev] FD.io Jenkins Maintenance: 2019-08-29 @ 1700 UTC and 2019-08-30 @ 1700 UTC

[Vanessa Valderrama]

*Correction*

*When:*
Jenkins sandbox - 2019-08-29 @ 1700 UTC
Jenkins production - 2019-08-30 @ 1700 UTC


On 08/22/2019 12:00 PM, Vanessa Valderrama wrote:
>
> *What:*
>
>   * Jenkins upgrade to version 2.176.3 LTS
>   * Jenkins OS updates
>   * Jenkins plug-in updates
>
>
> *When:*
> Jenkins sandbox - 2019-08-29 @ 1700 UTC
> Jenkins production - 2019-08-29 @ 1700 UTC
>
> *Impact:*
> This maintenance requires a reboot of Jenkins.  Jenkins will be placed
> in shutdown mode at 1600 UTC. We will terminate jobs at 1700 UTC
>
>   * Jenkins sandbox
>   o Status page -
> https://status.linuxfoundation.org/incidents/96lw8jk1xpxp
>   * Jenkins production
>   o Status page -
> https://status.linuxfoundation.org/incidents/4hzxy36qm7y1
>
> *Why:*
> Jenkins version 2.176.3 LTS will contain fixes for high severity
> security issues present in the current version of Jenkins.
>
>   * Jenkins Security Advisories - https://jenkins.io/security/advisories/
>   * Jenkins Changelog - https://jenkins.io/changelog-stable/
>
>

-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.

View/Reply Online (#13821): https://lists.fd.io/g/vpp-dev/message/13821
Mute This Topic: https://lists.fd.io/mt/32991956/21656
Group Owner: vpp-dev+ow...@lists.fd.io
Unsubscribe: https://lists.fd.io/g/vpp-dev/unsub  [arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[vpp-dev] FD.io Jenkins Maintenance: 2019-08-29 @ 1700 UTC and 2019-08-30 @ 1700 UTC

[Vanessa Valderrama]

*What:*

  * Jenkins upgrade to version 2.176.3 LTS
  * Jenkins OS updates
  * Jenkins plug-in updates


*When:*
Jenkins sandbox - 2019-08-29 @ 1700 UTC
Jenkins production - 2019-08-29 @ 1700 UTC

*Impact:*
This maintenance requires a reboot of Jenkins.  Jenkins will be placed
in shutdown mode at 1600 UTC. We will terminate jobs at 1700 UTC

  * Jenkins sandbox
  o Status page -
https://status.linuxfoundation.org/incidents/96lw8jk1xpxp
  * Jenkins production
  o Status page -
https://status.linuxfoundation.org/incidents/4hzxy36qm7y1

*Why:*
Jenkins version 2.176.3 LTS will contain fixes for high severity
security issues present in the current version of Jenkins.

  * Jenkins Security Advisories - https://jenkins.io/security/advisories/
  * Jenkins Changelog - https://jenkins.io/changelog-stable/


-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.

View/Reply Online (#13820): https://lists.fd.io/g/vpp-dev/message/13820
Mute This Topic: https://lists.fd.io/mt/32991956/21656
Group Owner: vpp-dev+ow...@lists.fd.io
Unsubscribe: https://lists.fd.io/g/vpp-dev/unsub  [arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

Re: [vpp-dev] Crash when using dns_name_server

[Dave Barach via Lists.Fd.Io]

NP, sorry for the issues, code simply not tested multi-core.

BTW we just merged a refactor patch which converts the dns resolver into a 
plugin. Later this afternoon, I’ll do some multi-core testing. It may take a 
bit of work to repro and fix the problem you’ve reported.

Dave

From: Carlito Nueno 
Sent: Thursday, August 22, 2019 10:55 AM
To: Dave Barach (dbarach) 
Cc: vpp-dev@lists.fd.io
Subject: Re: [vpp-dev] Crash when using dns_name_server

Thanks Dave! Let me know if you need me do more tests or gather more info.

On Thu, Aug 22, 2019 at 4:48 AM Dave Barach (dbarach) 
mailto:dbar...@cisco.com>> wrote:
Ack. The DNS server has had zero multi-core testing, aside from what you’ve 
done. I’ll look at it when I can.

From: Carlito Nueno mailto:carlitonu...@gmail.com>>
Sent: Wednesday, August 21, 2019 10:03 PM
To: Dave Barach (dbarach) mailto:dbar...@cisco.com>>
Cc: vpp-dev@lists.fd.io
Subject: Re: [vpp-dev] Crash when using dns_name_server

Hi Dave,

Sorry about the late reply.

I used below configs to eliminate most of the complexity. I did not see 
binary-api being truncated.

Steps:
1. I used basic vpp.conf (see below) without the dns_name_server commands
2. gdb run -c /etc/vpp/startup.conf (see below)
3. sudo vppctl
4. Entered dns_name_server commands manually
5. ping google.com
6. vpp crash

Outputs collected: gbd run, gdb backtrace, syslog

Step 4: DNS cache output

vpp# nat44 add identity mapping external TenGigabitEthernet8/0/0 udp 53053
vpp# bin dns_name_server_add_del 8.8.8.8
vpp# bin dns_enable_disable
vpp# sh dns cache verbose
DNS cache contains 15 entries
bserver-1.kbfs.keybaseapi.com -> 
bserver-1.kbfs.keybaseapi.com: 
34.235.251.175 [59] 52.54.47.119 [59]   TTL left 593.7
mdserver-0.kbfs.keybaseapi.com -> 
mdserver-0.kbfs.keybaseapi.com: 
34.225.12.137 [45] 34.197.228.196 [45]   TTL left 593.7
vortex.data.microsoft.com -> 
vortex.data.microsoft.com: 64.4.54.254 [263]  
 TTL left 593.9
api.keybase.io -> 
api.keybase.io: 35.153.89.209 [34] 52.4.215.1 [34]   TTL 
left 594.0
push.apple.com -> 
push.apple.com:   TTL left 594.4
api.dropboxapi.com -> 
api.dropboxapi.com: 162.125.7.7 [59]   TTL left 595.0
people-pa.clients6.google.com -> 
people-pa.clients6.google.com: 
172.217.6.42 [240]   TTL left 595.0
bolt.dropbox.com -> 
bolt.dropbox.com: 162.125.34.129 [59]   TTL left 595.1
www.google.com -> 
www.google.com: 172.217.0.36 [263]   TTL left 595.1
play.google.com -> 
play.google.com: 172.217.5.110 [27]   TTL left 595.4
mail.google.com -> 
mail.google.com: 172.217.6.37 [299]   TTL left 595.5
gateway-carry.icloud.com -> 
gateway-carry.icloud.com: 17.248.128.151 [59] 
17.248.128.168 [59] 17.248.128.169 [59] 17.248.128.171 [59] 17.248.128.178 [59] 
17.248.128.232 [59] 17.248.128.172 [59] 17.248.128.142 [59]   TTL left 595.5
push.services.mozilla.com -> 
push.services.mozilla.com: 35.164.35.9 [56]   
TTL left 599.5
0.client-channel.google.com -> 
0.client-channel.google.com: 74.125.28.189 
[239]   TTL left 599.6
airtable.com -> airtable.com: 
3.221.153.172 [35] 34.193.210.213 [35] 52.22.150.146 [35]   TTL left 599.6


Step 2: gdb run

(gdb) run -c /etc/vpp/startup.conf
Starting program: /usr/bin/vpp -c /etc/vpp/startup.conf
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/lib/x86_64-linux-gnu/libthread_db.so.1".
vlib_plugin_early_init:361: plugin path 
/usr/lib/x86_64-linux-gnu/vpp_plugins:/usr/lib/vpp_plugins
load_one_plugin:189: Loaded plugin: abf_plugin.so (Access Control List (ACL) 
Based Forwarding)
load_one_plugin:189: Loaded plugin: acl_plugin.so (Access Control Lists (ACL))
load_one_plugin:189: Loaded plugin: avf_plugin.so (Intel Adaptive Virtual 
Function (AVF) Device Driver)
load_one_plugin:189: Loaded plugin: cdp_plugin.so (Cisco Discovery Protocol 
(CDP))
load_one_plugin:189: Loaded plugin: crypto_ia32_plugin.so (Intel IA32 Software 
Crypto Engine)
load_one_plugin:189: Loaded plugin: crypto_ipsecmb_plugin.so (Intel IPSEC 
Multi-buffer Crypto Engine)
load_one_plugin:189: Loaded plugin: 

Re: [vpp-dev] VPP 19.08 release is available!

[Dave Barach via Lists.Fd.Io]

+1... Dave

From: vpp-dev@lists.fd.io  On Behalf Of Florin Coras
Sent: Thursday, August 22, 2019 12:05 PM
To: Andrew Yourtchenko 
Cc: vpp-dev ; csit-dev 
Subject: Re: [vpp-dev] VPP 19.08 release is available!

Congrats to the entire community and thanks Andrew!

Cheers,
Florin

> On Aug 21, 2019, at 1:57 PM, Andrew Yourtchenko 
> mailto:ayour...@gmail.com>> wrote:
>
> Hi all,
>
> the VPP release 19.08 artifacts are available on packagecloud release
> repositories.
>
> I have tested the installation on ubuntu and centos.
>
> Many thanks to everyone involved into making it happen!
>
> Special thanks to Vanessa Valderrama for the help today.
>
> --a
> 
>
> p.s. stable/1908 branch is re-opened for the fixes slated for .1
> -=-=-=-=-=-=-=-=-=-=-=-
> Links: You receive all messages sent to this group.
>
> View/Reply Online (#13804): https://lists.fd.io/g/vpp-dev/message/13804
> Mute This Topic: https://lists.fd.io/mt/32983052/675152
> Group Owner: vpp-dev+ow...@lists.fd.io
> Unsubscribe: https://lists.fd.io/g/vpp-dev/unsub  [fcoras.li...@gmail.com]
> -=-=-=-=-=-=-=-=-=-=-=-
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.

View/Reply Online (#13816): https://lists.fd.io/g/vpp-dev/message/13816
Mute This Topic: https://lists.fd.io/mt/32983052/675269
Group Owner: vpp-dev+ow...@lists.fd.io
Unsubscribe: https://lists.fd.io/g/vpp-dev/unsub  [dbar...@cisco.com]
-=-=-=-=-=-=-=-=-=-=-=-
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.

View/Reply Online (#13819): https://lists.fd.io/g/vpp-dev/message/13819
Mute This Topic: https://lists.fd.io/mt/32983052/21656
Group Owner: vpp-dev+ow...@lists.fd.io
Unsubscribe: https://lists.fd.io/g/vpp-dev/unsub  [arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

Re: [vpp-dev] VPP 19.08 release is available!

[Jerome Tollet via Lists.Fd.Io]

+1. List of new features is quite impressive: Quic, new crypto stuffs, native 
drivers improvement, …
Congrats to all contributors

De :  au nom de Florin Coras 
Date : jeudi 22 août 2019 à 18:07
À : Andrew Yourtchenko 
Cc : vpp-dev , csit-dev 
Objet : Re: [vpp-dev] VPP 19.08 release is available!

Congrats to the entire community and thanks Andrew!

Cheers,
Florin

> On Aug 21, 2019, at 1:57 PM, Andrew Yourtchenko  wrote:
>
> Hi all,
>
> the VPP release 19.08 artifacts are available on packagecloud release
> repositories.
>
> I have tested the installation on ubuntu and centos.
>
> Many thanks to everyone involved into making it happen!
>
> Special thanks to Vanessa Valderrama for the help today.
>
> --a
> 
>
> p.s. stable/1908 branch is re-opened for the fixes slated for .1
> -=-=-=-=-=-=-=-=-=-=-=-
> Links: You receive all messages sent to this group.
>
> View/Reply Online (#13804): https://lists.fd.io/g/vpp-dev/message/13804
> Mute This Topic: https://lists.fd.io/mt/32983052/675152
> Group Owner: vpp-dev+ow...@lists.fd.io
> Unsubscribe: https://lists.fd.io/g/vpp-dev/unsub  [fcoras.li...@gmail.com]
> -=-=-=-=-=-=-=-=-=-=-=-
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.

View/Reply Online (#13816): https://lists.fd.io/g/vpp-dev/message/13816
Mute This Topic: https://lists.fd.io/mt/32983052/675291
Group Owner: vpp-dev+ow...@lists.fd.io
Unsubscribe: https://lists.fd.io/g/vpp-dev/unsub  [jtol...@cisco.com]
-=-=-=-=-=-=-=-=-=-=-=-
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.

View/Reply Online (#13818): https://lists.fd.io/g/vpp-dev/message/13818
Mute This Topic: https://lists.fd.io/mt/32983052/21656
Group Owner: vpp-dev+ow...@lists.fd.io
Unsubscribe: https://lists.fd.io/g/vpp-dev/unsub  [arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

Re: [vpp-dev] VPP 19.08 release is available!

[Florin Coras]

Congrats to the entire community and thanks Andrew!

Cheers,
Florin

> On Aug 21, 2019, at 1:57 PM, Andrew Yourtchenko  wrote:
> 
> Hi all,
> 
> the VPP release 19.08 artifacts are available on packagecloud release
> repositories.
> 
> I have tested the installation on ubuntu and centos.
> 
> Many thanks to everyone involved into making it happen!
> 
> Special thanks to Vanessa Valderrama for the help today.
> 
> --a
> 
> 
> p.s. stable/1908 branch is re-opened for the fixes slated for .1
> -=-=-=-=-=-=-=-=-=-=-=-
> Links: You receive all messages sent to this group.
> 
> View/Reply Online (#13804): https://lists.fd.io/g/vpp-dev/message/13804
> Mute This Topic: https://lists.fd.io/mt/32983052/675152
> Group Owner: vpp-dev+ow...@lists.fd.io
> Unsubscribe: https://lists.fd.io/g/vpp-dev/unsub  [fcoras.li...@gmail.com]
> -=-=-=-=-=-=-=-=-=-=-=-

-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.

View/Reply Online (#13816): https://lists.fd.io/g/vpp-dev/message/13816
Mute This Topic: https://lists.fd.io/mt/32983052/21656
Group Owner: vpp-dev+ow...@lists.fd.io
Unsubscribe: https://lists.fd.io/g/vpp-dev/unsub  [arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

Re: [vpp-dev] VPP 19.08 release is available!

[Maciek Konstantynowicz (mkonstan) via Lists.Fd.Io]

Congrats to All involved in vpp-dev and FD.io on timely and 
feature-rich VPP v19.08 release!

Andrew, congrats on 19.08 and best of luck for the next 10 yrs! ;)

Cheers,
-Maciek

On 21 Aug 2019, at 22:19, Damjan Marion via Lists.Fd.Io 
mailto:dmarion=me@lists.fd.io>> wrote:



On 21 Aug 2019, at 22:57, Andrew Yourtchenko 
mailto:ayour...@gmail.com>> wrote:



So you are in release management business next 10 years, good :)

-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.

View/Reply Online (#13805): https://lists.fd.io/g/vpp-dev/message/13805
Mute This Topic: https://lists.fd.io/mt/32983052/675185
Group Owner: vpp-dev+ow...@lists.fd.io
Unsubscribe: https://lists.fd.io/g/vpp-dev/unsub  
[mkons...@cisco.com]
-=-=-=-=-=-=-=-=-=-=-=-

-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.

View/Reply Online (#13815): https://lists.fd.io/g/vpp-dev/message/13815
Mute This Topic: https://lists.fd.io/mt/32983052/21656
Group Owner: vpp-dev+ow...@lists.fd.io
Unsubscribe: https://lists.fd.io/g/vpp-dev/unsub  [arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

Re: [vpp-dev] Crash when using dns_name_server

[carlito nueno]

Thanks Dave! Let me know if you need me do more tests or gather more info.

On Thu, Aug 22, 2019 at 4:48 AM Dave Barach (dbarach) 
wrote:

> Ack. The DNS server has had *zero* multi-core testing, aside from what
> you’ve done. I’ll look at it when I can.
>
>
>
> *From:* Carlito Nueno 
> *Sent:* Wednesday, August 21, 2019 10:03 PM
> *To:* Dave Barach (dbarach) 
> *Cc:* vpp-dev@lists.fd.io
> *Subject:* Re: [vpp-dev] Crash when using dns_name_server
>
>
>
> Hi Dave,
>
> Sorry about the late reply.
>
> I used below configs to eliminate most of the complexity. I did not see
> binary-api being truncated.
>
> Steps:
> 1. I used basic vpp.conf (see below) without the dns_name_server commands
> 2. gdb run -c /etc/vpp/startup.conf (see below)
> 3. sudo vppctl
> 4. Entered dns_name_server commands manually
> 5. ping google.com
> 6. vpp crash
>
> Outputs collected: gbd run, gdb backtrace, syslog
>
> *Step 4: DNS cache output*
>
> vpp# nat44 add identity mapping external TenGigabitEthernet8/0/0 udp 53053
> vpp# bin dns_name_server_add_del 8.8.8.8
> vpp# bin dns_enable_disable
> vpp# sh dns cache verbose
> DNS cache contains 15 entries
> bserver-1.kbfs.keybaseapi.com -> bserver-1.kbfs.keybaseapi.com:
> 34.235.251.175 [59] 52.54.47.119 [59]   TTL left 593.7
> mdserver-0.kbfs.keybaseapi.com -> mdserver-0.kbfs.keybaseapi.com:
> 34.225.12.137 [45] 34.197.228.196 [45]   TTL left 593.7
> vortex.data.microsoft.com -> vortex.data.microsoft.com: 64.4.54.254
> [263]   TTL left 593.9
> api.keybase.io -> api.keybase.io: 35.153.89.209 [34] 52.4.215.1 [34]
>   TTL left 594.0
> push.apple.com -> push.apple.com:   TTL left 594.4
> api.dropboxapi.com -> api.dropboxapi.com: 162.125.7.7 [59]   TTL left
> 595.0
> people-pa.clients6.google.com -> people-pa.clients6.google.com:
> 172.217.6.42 [240]   TTL left 595.0
> bolt.dropbox.com -> bolt.dropbox.com: 162.125.34.129 [59]   TTL left
> 595.1
> www.google.com -> www.google.com: 172.217.0.36 [263]   TTL left 595.1
> play.google.com -> play.google.com: 172.217.5.110 [27]   TTL left
> 595.4
> mail.google.com -> mail.google.com: 172.217.6.37 [299]   TTL left
> 595.5
> gateway-carry.icloud.com -> gateway-carry.icloud.com: 17.248.128.151
> [59] 17.248.128.168 [59] 17.248.128.169 [59] 17.248.128.171 [59]
> 17.248.128.178 [59] 17.248.128.232 [59] 17.248.128.172 [59] 17.248.128.142
> [59]   TTL left 595.5
> push.services.mozilla.com -> push.services.mozilla.com: 35.164.35.9
> [56]   TTL left 599.5
> 0.client-channel.google.com -> 0.client-channel.google.com:
> 74.125.28.189 [239]   TTL left 599.6
> airtable.com -> airtable.com: 3.221.153.172 [35] 34.193.210.213 [35]
> 52.22.150.146 [35]   TTL left 599.6
>
>
> *Step 2: gdb run*
>
> (gdb) run -c /etc/vpp/startup.conf
> Starting program: /usr/bin/vpp -c /etc/vpp/startup.conf
> [Thread debugging using libthread_db enabled]
> Using host libthread_db library "/lib/x86_64-linux-gnu/libthread_db.so.1".
> vlib_plugin_early_init:361: plugin path
> /usr/lib/x86_64-linux-gnu/vpp_plugins:/usr/lib/vpp_plugins
> load_one_plugin:189: Loaded plugin: abf_plugin.so (Access Control List
> (ACL) Based Forwarding)
> load_one_plugin:189: Loaded plugin: acl_plugin.so (Access Control Lists
> (ACL))
> load_one_plugin:189: Loaded plugin: avf_plugin.so (Intel Adaptive Virtual
> Function (AVF) Device Driver)
> load_one_plugin:189: Loaded plugin: cdp_plugin.so (Cisco Discovery
> Protocol (CDP))
> load_one_plugin:189: Loaded plugin: crypto_ia32_plugin.so (Intel IA32
> Software Crypto Engine)
> load_one_plugin:189: Loaded plugin: crypto_ipsecmb_plugin.so (Intel IPSEC
> Multi-buffer Crypto Engine)
> load_one_plugin:189: Loaded plugin: crypto_openssl_plugin.so (OpenSSL
> Crypto Engine)
> load_one_plugin:189: Loaded plugin: ct6_plugin.so (IPv6 Connection Tracker)
> load_one_plugin:189: Loaded plugin: dpdk_plugin.so (Data Plane Development
> Kit (DPDK))
> load_one_plugin:189: Loaded plugin: flowprobe_plugin.so (Flow per Packet)
> load_one_plugin:189: Loaded plugin: gbp_plugin.so (Group Based Policy
> (GBP))
> load_one_plugin:189: Loaded plugin: gtpu_plugin.so (GPRS Tunnelling
> Protocol, User Data (GTPv1-U))
> load_one_plugin:189: Loaded plugin: hs_apps_plugin.so (Host Stack
> Applications)
> load_one_plugin:189: Loaded plugin: http_static_plugin.so (HTTP Static
> Server)
> load_one_plugin:189: Loaded plugin: igmp_plugin.so (Internet Group
> Management Protocol (IGMP))
> load_one_plugin:189: Loaded plugin: ikev2_plugin.so (Internet Key Exchange
> (IKEv2) Protocol)
> load_one_plugin:189: Loaded plugin: ila_plugin.so (Identifier Locator
> Addressing (ILA) for IPv6)
> load_one_plugin:189: Loaded plugin: ioam_plugin.so (Inbound Operations,
> Administration, and Maintenance (OAM))
> load_one_plugin:117: Plugin disabled (default): ixge_plugin.so
> load_one_plugin:189: Loaded plugin: l2e_plugin.so (Layer 2 (L2) Emulation)
> load_one_plugin:189: Loaded plugin: l3xc_plugin.so (L3 Cross-Connect
> (L3XC))
> load_one_plugin:189: Loaded 

Re: [vpp-dev] Add ip route without next-hop-address

[Neale Ranns via Lists.Fd.Io]

Hi Dave,


but from the trace, it send a ARP request to ask 173.2.0.1 directly

ip4-lookup -> ip4-glean -> GigabitEthernet0/a/0-output -> ip4-glean: ARP 
requests sent

how could I avoid this ARP request, like ?
ip4-lookup -> ip4-rewrite (GigabitEthernet0/a/0) -> ipsec-output-ip4



VPP is ARPing for 173.2.0.1. What do you want it to do instead?



neale
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.

View/Reply Online (#13813): https://lists.fd.io/g/vpp-dev/message/13813
Mute This Topic: https://lists.fd.io/mt/32989367/21656
Group Owner: vpp-dev+ow...@lists.fd.io
Unsubscribe: https://lists.fd.io/g/vpp-dev/unsub  [arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[vpp-dev] Add ip route without next-hop-address

[shi dave]

Hi VPP Experts,

I got a route issue(VPP 19.01), need your suggestion, thanks a lot!

[cid:e8858049-107c-477f-ba58-05a6b20bdc30]

There have a ipsec tunnel between VM1 and VPP :

sa 1 spi 3693429 mode tunnel protocol esp
  tunnel src 172.16.3.1 dst 172.16.3.15
sa 2 spi 3380458875 mode tunnel protocol esp
  tunnel src 172.16.3.15 dst 172.16.3.1

 outbound policies
  sp 1 priority 1920 action protect protocol any sa 2
   local addr range 173.0.0.0 - 173.255.255.255 port range 0 - 65535
   remote addr range 173.2.0.1 - 173.2.0.1 port range 0 - 65535

 inbound policies
  sp 1 priority 1680 action protect protocol any sa 1
   local addr range 173.0.0.0 - 173.255.255.255 port range 0 - 65535
   remote addr range 173.2.0.1 - 173.2.0.1 port range 0 - 65535


send a ping packet : ping 173.2.0.1 -I 173.10.10.10
this packet will be routed to VPP interface GigabitEthernet0/b/0, we want this 
packet go through ipsec tunnel, so add below route in VPP

vpp# ip route add 173.2.0.0/24 via 172.16.3.1 GigabitEthernet0/a/0

then this packet will be routed to GigabitEthernet0/a/0, and go to ipsec output 
handle node ipsec-output-ip4, encrypt and add ipsec tunnel IP then send out, 
everything is fine.

but I want to add route by below way:
vpp# ip route add 173.2.0.0/24 via GigabitEthernet0/a/0

because there may have many ipsec tunnels which connect with VPP from different 
VMs, each have different IP, like 172.16.4.1, 172.16.5.1, 172.16.6.1，I can't 
sure which VM will have this ip 173.2.0.1

what I want is the packet could be routed to GigabitEthernet0/a/0, so it could 
run into ipsec-output-ip4 node, which will find a correct SA tunnel inside, 
then the packet will be forwarded correctly by the ipsec tunnel IP.


but from the trace, it send a ARP request to ask 173.2.0.1 directly

ip4-lookup -> ip4-glean -> GigabitEthernet0/a/0-output -> ip4-glean: ARP 
requests sent

how could I avoid this ARP request, like ?
ip4-lookup -> ip4-rewrite (GigabitEthernet0/a/0) -> ipsec-output-ip4




Best Regards

Dave
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.

View/Reply Online (#13811): https://lists.fd.io/g/vpp-dev/message/13811
Mute This Topic: https://lists.fd.io/mt/32989367/21656
Group Owner: vpp-dev+ow...@lists.fd.io
Unsubscribe: https://lists.fd.io/g/vpp-dev/unsub  [arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

Re: [vpp-dev] VPP 19.08 release is available!

[Dave Barach via Lists.Fd.Io]

+1 congrats to Andrew and to the entire community on a timely release.

Note that 19.08 will be supported for a year, so please remember that [non-API 
affecting] cherry-picks will be required.

Otherwise, Andrew will be very busy pinging people... ...

Dave

From: vpp-dev@lists.fd.io  On Behalf Of Dave Wallace
Sent: Wednesday, August 21, 2019 5:55 PM
To: Andrew Yourtchenko ; vpp-dev ; 
csit-dev 
Subject: Re: [vpp-dev] VPP 19.08 release is available!

Congratulations to all VPP/CSIT community members who contributed to the 19.08 
VPP Release!

Thank you Andrew for managing the release process and hitting the bullseye on 
the release schedule.

Great job!
-daw-

On 8/21/2019 4:57 PM, Andrew Yourtchenko wrote:

Hi all,



the VPP release 19.08 artifacts are available on packagecloud release

repositories.



I have tested the installation on ubuntu and centos.



Many thanks to everyone involved into making it happen!



Special thanks to Vanessa Valderrama for the help today.



--a





p.s. stable/1908 branch is re-opened for the fixes slated for .1



-=-=-=-=-=-=-=-=-=-=-=-

Links: You receive all messages sent to this group.



View/Reply Online (#13804): https://lists.fd.io/g/vpp-dev/message/13804

Mute This Topic: https://lists.fd.io/mt/32983052/675079

Group Owner: vpp-dev+ow...@lists.fd.io

Unsubscribe: https://lists.fd.io/g/vpp-dev/unsub  
[dwallac...@gmail.com]

-=-=-=-=-=-=-=-=-=-=-=-

-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.

View/Reply Online (#13810): https://lists.fd.io/g/vpp-dev/message/13810
Mute This Topic: https://lists.fd.io/mt/32983052/21656
Group Owner: vpp-dev+ow...@lists.fd.io
Unsubscribe: https://lists.fd.io/g/vpp-dev/unsub  [arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

Re: [vpp-dev] Crash when using dns_name_server

[Dave Barach via Lists.Fd.Io]

Ack. The DNS server has had zero multi-core testing, aside from what you’ve 
done. I’ll look at it when I can.

From: Carlito Nueno 
Sent: Wednesday, August 21, 2019 10:03 PM
To: Dave Barach (dbarach) 
Cc: vpp-dev@lists.fd.io
Subject: Re: [vpp-dev] Crash when using dns_name_server

Hi Dave,

Sorry about the late reply.

I used below configs to eliminate most of the complexity. I did not see 
binary-api being truncated.

Steps:
1. I used basic vpp.conf (see below) without the dns_name_server commands
2. gdb run -c /etc/vpp/startup.conf (see below)
3. sudo vppctl
4. Entered dns_name_server commands manually
5. ping google.com
6. vpp crash

Outputs collected: gbd run, gdb backtrace, syslog

Step 4: DNS cache output

vpp# nat44 add identity mapping external TenGigabitEthernet8/0/0 udp 53053
vpp# bin dns_name_server_add_del 8.8.8.8
vpp# bin dns_enable_disable
vpp# sh dns cache verbose
DNS cache contains 15 entries
bserver-1.kbfs.keybaseapi.com -> 
bserver-1.kbfs.keybaseapi.com: 
34.235.251.175 [59] 52.54.47.119 [59]   TTL left 593.7
mdserver-0.kbfs.keybaseapi.com -> 
mdserver-0.kbfs.keybaseapi.com: 
34.225.12.137 [45] 34.197.228.196 [45]   TTL left 593.7
vortex.data.microsoft.com -> 
vortex.data.microsoft.com: 64.4.54.254 [263]  
 TTL left 593.9
api.keybase.io -> 
api.keybase.io: 35.153.89.209 [34] 52.4.215.1 [34]   TTL 
left 594.0
push.apple.com -> 
push.apple.com:   TTL left 594.4
api.dropboxapi.com -> 
api.dropboxapi.com: 162.125.7.7 [59]   TTL left 595.0
people-pa.clients6.google.com -> 
people-pa.clients6.google.com: 
172.217.6.42 [240]   TTL left 595.0
bolt.dropbox.com -> 
bolt.dropbox.com: 162.125.34.129 [59]   TTL left 595.1
www.google.com -> 
www.google.com: 172.217.0.36 [263]   TTL left 595.1
play.google.com -> 
play.google.com: 172.217.5.110 [27]   TTL left 595.4
mail.google.com -> 
mail.google.com: 172.217.6.37 [299]   TTL left 595.5
gateway-carry.icloud.com -> 
gateway-carry.icloud.com: 17.248.128.151 [59] 
17.248.128.168 [59] 17.248.128.169 [59] 17.248.128.171 [59] 17.248.128.178 [59] 
17.248.128.232 [59] 17.248.128.172 [59] 17.248.128.142 [59]   TTL left 595.5
push.services.mozilla.com -> 
push.services.mozilla.com: 35.164.35.9 [56]   
TTL left 599.5
0.client-channel.google.com -> 
0.client-channel.google.com: 74.125.28.189 
[239]   TTL left 599.6
airtable.com -> airtable.com: 
3.221.153.172 [35] 34.193.210.213 [35] 52.22.150.146 [35]   TTL left 599.6


Step 2: gdb run

(gdb) run -c /etc/vpp/startup.conf
Starting program: /usr/bin/vpp -c /etc/vpp/startup.conf
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/lib/x86_64-linux-gnu/libthread_db.so.1".
vlib_plugin_early_init:361: plugin path 
/usr/lib/x86_64-linux-gnu/vpp_plugins:/usr/lib/vpp_plugins
load_one_plugin:189: Loaded plugin: abf_plugin.so (Access Control List (ACL) 
Based Forwarding)
load_one_plugin:189: Loaded plugin: acl_plugin.so (Access Control Lists (ACL))
load_one_plugin:189: Loaded plugin: avf_plugin.so (Intel Adaptive Virtual 
Function (AVF) Device Driver)
load_one_plugin:189: Loaded plugin: cdp_plugin.so (Cisco Discovery Protocol 
(CDP))
load_one_plugin:189: Loaded plugin: crypto_ia32_plugin.so (Intel IA32 Software 
Crypto Engine)
load_one_plugin:189: Loaded plugin: crypto_ipsecmb_plugin.so (Intel IPSEC 
Multi-buffer Crypto Engine)
load_one_plugin:189: Loaded plugin: crypto_openssl_plugin.so (OpenSSL Crypto 
Engine)
load_one_plugin:189: Loaded plugin: ct6_plugin.so (IPv6 Connection Tracker)
load_one_plugin:189: Loaded plugin: dpdk_plugin.so (Data Plane Development Kit 
(DPDK))
load_one_plugin:189: Loaded plugin: flowprobe_plugin.so (Flow per Packet)
load_one_plugin:189: Loaded plugin: gbp_plugin.so (Group Based Policy (GBP))
load_one_plugin:189: Loaded plugin: gtpu_plugin.so (GPRS Tunnelling Protocol, 
User Data (GTPv1-U))
load_one_plugin:189: Loaded plugin: hs_apps_plugin.so (Host Stack Applications)
load_one_plugin:189: Loaded plugin: http_static_plugin.so (HTTP Static Server)
load_one_plugin:189: Loaded plugin: igmp_plugin.so (Internet Group Management