On Tue, Sep 22, 2020 at 12:21 PM Andrew Yourtchenko
wrote:
> I suggest making a unit test that captures this behavior and fails, then
> we can look at what is the best way of fixing it and incorporate into the
> CI...
>
> I remember this type of scenario being addressed once, not sure if it was
But you could probably work around it by having the ACLs on the inner
interface.
[VENKAT]: We currently are following that approach. Setting ACLs on the LAN
interface. But it comes with its own problems.
- First, the WAN interface is wide open to the internet without any FW
rules
-
Thank you Andrew for the pointers and setting the expectations for VPP ACL.
On another topic, since the stateful behavior of ACL is per interface, I
setup permit+reflect output ACL on WAN interface ( Internet-facing Public
IP) for internet bound traffic. And I also have to Deny all incoming
I suggest making a unit test that captures this behavior and fails, then we can
look at what is the best way of fixing it and incorporate into the CI...
I remember this type of scenario being addressed once, not sure if it was the
same one or not...
But you could probably work around it by
Dear Matthew,
Thank you for the response.
Yes, we are using NAT44 ED mode and have an output-feature variant
configured on the wan interface.
wan-ens7 output-feature out
Will try to follow the suggestion you posted to re-order the NAT/ACL nodes
so that ACL gets applied post-SNAT of the original
Hi,
Has anyone figured this out?? I'm using 'make pkg-deb' and I'm similar results
as above. 'make run' and 'make debug' show my plugin, but it is not included
in the packages using 'make pkg-deb'
Thanks
Mauricio
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
Hi Himanshu,
When I created a plugin, I started by running extras/emacs/make-plugin.sh.
That script automatically set things up so the plugin could be built and
installed with the other VPP plugins. Then I started adding actual code to
the stubbed-out files which the script created. I tested that
Thanks... Dave
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#17487): https://lists.fd.io/g/vpp-dev/message/17487
Mute This Topic: https://lists.fd.io/mt/77025295/21656
Group Owner: vpp-dev+ow...@lists.fd.io
Unsubscribe:
Thanks... Much appreciated... Dave
-Original Message-
From: St Leger, Jim
Sent: Thursday, September 17, 2020 12:13 PM
To: d...@barachs.net; vpp-dev@lists.fd.io; t...@lists.fd.io
Subject: RE: [vpp-dev] Happy Trails to Me...
Dave:
Wow...I'm starting to wonder what the community would do
Hi guys,
I am testing the Qos mark feature recently, my useage is like this: When I use
vpp to send a udp packet by a vlan sub-interface, I want to mark dscp and vlan
pri at the same time. So I create a qos egress map like this and qos mark the
output interface.
qos egress map id 0 [ip][0]=30
10 matches
Mail list logo
