Re: [vpp-dev] move to clang-format

+1. /neale From: on behalf of Florin Coras Date: Wednesday 16 December 2020 at 16:14 To: Damjan Marion Cc: vpp-dev Subject: Re: [vpp-dev] move to clang-format +1 Florin On Dec 16, 2020, at 6:12 AM, Damjan Marion via lists.fd.io mailto:dmarion=me@lists.fd.io>>

Re: [vpp-dev] VPP ip route add multiple paths

Hello Anonymous, In order to debug IP forwarding issues I’m going to need more info. Please collect: ‘sh ip fib ’ From a working and non-working configuration. All FIB load-balancing is per-flow. So if you don’t have enough flows you won’t [necessarily] get the load distribution that you

Re: [vpp-dev] replacing make test-checkstyle with black

Hi Paul, Having to write code to conform to python linting is my number 1 annoyance when writing tests. This is my usual hack: e = VppEnum.vl_api_tunnel_encap_decap_flags_t f = e.TUNNEL_API_ENCAP_DECAP_FLAG_ENCAP_COPY_DSCP I support having an auto-linter. I have no knowledge about what’s

Re: [vpp-dev] why tunnel interfaces do not support device-input feature?

Hi Ye, Some comments inline... On 17/11/2020 02:34, "vpp-dev@lists.fd.io on behalf of 叶东岗" wrote: Hi all: why tunnel interfaces do not support device-input feature? No one has asked for/contributed such support. If you're volunteering, here's some advice. Taking the feature arc

Re: [vpp-dev] Facing issue in IPSEC data traffic after SA is setup successfully

Hi Vijay, From: vpp-dev@lists.fd.io Date: Thursday, 5 November 2020 at 16:54 To: vpp-dev@lists.fd.io Subject: [vpp-dev] Facing issue in IPSEC data traffic after SA is setup successfully Hi, I have set up IPSEC SA successfully b/w the Strongswan (initiator) and the VPP IPSec (responder).

Re: [vpp-dev] [vpp-committers] VPP committers: VPP PTL vote

+1. If I had more pluses to give, I would. /neale From: on behalf of "Dave Barach via lists.fd.io" Reply to: "Dave Barach (dbarach)" Date: Friday 25 September 2020 at 21:14 To: "vpp-committ...@lists.fd.io" Cc: "vpp-dev@lists.fd.io" Subject: [vpp-committers] VPP committers: VPP PTL vote

Re: [vpp-dev] The gratuitous ARP issue

ect: Re:Re: [vpp-dev] The gratuitous ARP issue Hi neale, I think you should first add the ip neigbor entry to pg2 first, and then send garp to pg1 with mac of pg2 remote host. Otherwise I think the enty will not be generated by garp it self. Regards Jinlei At 2020-09-23 19:28:36, "Ne

Re: [vpp-dev] The gratuitous ARP issue

vpp. Regards Jinlei. At 2020-09-21 22:39:46, "Neale Ranns via lists.fd.io" wrote: Hi Jinlei, Could you please send me a pcap capture of the grat-arp that VPP receives. Then I can duplicate the case in the UT. Thanks, neale From: on behalf of Jinlei Li Date: Saturday 19 Septem

Re: [vpp-dev] The gratuitous ARP issue

Hi Jinlei, Could you please send me a pcap capture of the grat-arp that VPP receives. Then I can duplicate the case in the UT. Thanks, neale From: on behalf of Jinlei Li Date: Saturday 19 September 2020 at 11:56 To: "vpp-dev@lists.fd.io" Subject: [vpp-dev] The gratuitous ARP issue Hi guys,

Re: [vpp-dev] ARP resolution from non-connected IP

Hi Murty, ARP works the same way even when using MH-BGP :) Your peer is not directly connected, therefore you ARP for the nexthop, that's the target address. The source address comes from the interface on which the nexthop is attached, I.e the one on which the ARP is sent. this is not the

Re: [vpp-dev] ARP resolution from non-connected IP

. /neale On 20/08/2020 09:01, "Benoit Ganne (bganne)" wrote: Maybe a workaround would be to add the host prefix of the router loopback in the fib? Eg. 'ip route add /32 '? Best ben > -Original Message- > From: vpp-dev@lists.fd.io On Behal

Re: [vpp-dev] ARP resolution from non-connected IP

There's no way to disable the check. VPP expects the ARP request to have only address that belong to the link on which the ARP packet is sent. IMHO the sender's behaviour is wrong. /neale tpyed by my fat tumhbs From: vpp-dev@lists.fd.io on behalf of Satya

Re: [vpp-dev] #vpp-memif Send packets out on physical interface controlled by vpp(DPDK) once they are received through memif

You can't use the same address as a nexthop in a route and as an address applied to one of your own interfaces: you can't route to yourself. You might also want to read: https://fd.io/docs/vpp/master/gettingstarted/developers/fib20/attachedexport.html /neale tpyed by my fat tumhbs

Re: [vpp-dev] ABF and ACL co-existence on an Interface

Hi Balaji, Access control happens before forwarding, so the ABF plugin specifies a runs-after dependency on the ACL plugin So if the same tuple is specified in the access lists used by the two features, then that flow is first subject to access control, then, if it is permitted, to

Re: [vpp-dev] ABF and ACL co-existence on an Interface

IMO it's reasonable to use ACL and ABF on the same interface as they provide independent functions, especially when they are matching against different criteria. Re the debug CLI, it's often not robust to garbage input. If the API has the same problem though, I'll fix it. Neale tpyed by my

Re: [vpp-dev] VPP 2005 crash with ip6 link local packets #vpp

I don't see an ip6 packet with a link local destination. I can't do anything with a trace without the offending packet. Do I infer correctly you have some tunnel decap nodes? As a guess to the cause of the problem, you should ensure all decapped packets go to ip6-local before ip6-lookup (and

Re: [vpp-dev] VPP 2005 crash with ip6 link local packets #vpp

Please give me a packet trace of an ip6 packet that tpyed by my fat tumhbs From: vpp-dev@lists.fd.io on behalf of vipul.agra...@enea.com Sent: Monday, July 27, 2020 6:26:39 AM To: vpp-dev@lists.fd.io Subject: Re: [vpp-dev] VPP 2005 crash with ip6 link local

Re: [vpp-dev] Regarding new ipsec interface patch

Removed. I'm glad it works for you. Could I ask for a quid pro quo? Mark the existing ipsec interface APIs as deprecated in the new scheme. /neale tpyed by my fat tumhbs From: Dave Barach (dbarach) Sent: Monday, July 20, 2020 2:50:09 PM To: Christian Hopps ;

Re: [vpp-dev] Observing a crash in vpp-20.05

Hi Amit, In addition to what Dave said. You say you are only running ipv4 traffic. Please check the core to see if the packet that causes the assert is indeed v4. Also run a node trace so we can see how the packet got to this node. If it's v4 it shouldn't be there and if the interface is not

Re: [vpp-dev] ipsec interface revisted.

From: Christian Hopps Date: Friday 26 June 2020 at 12:13 To: "Neale Ranns (nranns)" Cc: Christian Hopps , vpp-dev Subject: Re: [vpp-dev] ipsec interface revisted. On Jun 26, 2020, at 4:22 AM, Neale Ranns (nranns) mailto:nra...@cisco.com>> wrote: Hi Chris, As far as I'm concerned, it's

Re: [vpp-dev] ipsec interface revisted.

Hi Chris, As far as I'm concerned, it's your plugin, you can add whatever functionality you need. If you separate the new interface type out into another plugin, so it can be used without your feature, then the community will benefit twice. Let's just make sure we document the whys and hows

Re: [vpp-dev] ipsec interface revisted.

Hi Chris, On 22/06/2020 13:09, "Christian Hopps" wrote: > > - It operates directly with the IPsec tunnel mode and transport mode SAs without needing to mangle the internal definition of SA tunnel into transport mode. Do you have any comments on this point? This is what I was

Re: [vpp-dev] VPP API CRC compatibility check process in checkstyle merged and active

From: on behalf of Andrew Yourtchenko Date: Thursday 18 June 2020 at 17:58 To: "Neale Ranns (nranns)" Cc: vpp-dev Subject: Re: [vpp-dev] VPP API CRC compatibility check process in checkstyle merged and active Hi Neale, On 18 Jun 2020, at 17:11, Neale Ranns (nranns) wrote: Hi Andrew, A

Re: [vpp-dev] ipsec interface revisted.

From: on behalf of Christian Hopps Date: Thursday 18 June 2020 at 18:20 To: vpp-dev Cc: Christian Hopps Subject: [vpp-dev] ipsec interface revisted. Hi, So to revisit this topic from a different angle. I believe VPP needs something like the xfrm linux interface [1]. If I understand things

Re: [vpp-dev] VPP API CRC compatibility check process in checkstyle merged and active

Hi Andrew, A couple of questions? Firstly, about unit testing aka make test. This is the salient passage in your guide: "foo_message_v2 is tested in "make test" to the same extent as the foo_message" IMHO "to the same extent" implies everywhere v1 is used v2 should now be used in its place.

Re: [vpp-dev] ACL plugin optimization

Hi Govind, As well as removing the prefetches, you've also removed the per packet call to acl_fa_find_session_with_hash(). So IIUC you've removed the per-packet session lookup and instead re-use the lookup of packet 0 each time. that'll make things quicker but it's not functionally correct.

Re: [vpp-dev] vpp crashes on configuring ip6 route

HI, Thanks for the bug report. Here’s the patch: https://gerrit.fd.io/r/c/vpp/+/27270 /neale From: on behalf of "chu.penghong" Date: Monday 25 May 2020 at 05:06 To: "vpp-dev@lists.fd.io" Subject: [vpp-dev] vpp crashes on configuring ip6 route Hello Everyone! When I add/delete ip6

Re: [vpp-dev] IPSec - new bug

https://gerrit.fd.io/r/c/vpp/+/27230 /neale From: on behalf of "Neale Ranns via lists.fd.io" Reply to: "Neale Ranns (nranns)" Date: Monday 25 May 2020 at 08:46 To: "Jan Gelety -X (jgelety - PANTHEON TECH SRO at Cisco)" , "vpp-dev@lists.fd.io" Cc: &

Re: [vpp-dev] IPSec - new bug

Hi Jan, I’ll have a patch for you shortly. /neale From: on behalf of "Jan Gelety via lists.fd.io" Reply to: "Jan Gelety -X (jgelety - PANTHEON TECH SRO at Cisco)" Date: Friday 22 May 2020 at 15:02 To: "vpp-dev@lists.fd.io" Cc: "csit-...@lists.fd.io" Subject: [vpp-dev] IPSec - new bug

Re: [vpp-dev] VPP - DPDK - No ARP learning on VPP and no ARP reply sent.

Hi Laurent, ARP is enabled on an interface once it is assigned an IP address or is made unnumbered to another. You can check that ARP is enabled with: sh int feat VirtualFunctionEthernet0/5/0.101 and you won’t see ‘arp-disabled’ as a feature on the arp arc. I suspect you are not receiving

Re: [vpp-dev] assert when set ip addr at an interface and delete it at another interface

Hi Ye, Thanks for the report and fix. Could you please push that patch to gerrit? Regards, neale From: on behalf of 叶东岗 Date: Wednesday 13 May 2020 at 16:11 To: "vpp-dev@lists.fd.io" Subject: [vpp-dev] assert when set ip addr at an interface and delete it at another interface

Re: [vpp-dev] "set ip6 neighbor" not working on VPP v20.01

“set ip neighbor …” /neale From: on behalf of Chinmaya Aggarwal Date: Tuesday 12 May 2020 at 14:43 To: "vpp-dev@lists.fd.io" Subject: [vpp-dev] "set ip6 neighbor" not working on VPP v20.01 Hi, We have installed VPP v20.01 on a Centos machine, on executing command: - vpp# set ip6 neighbor

Re: [vpp-dev] IPsec tunnel interfaces?

uot; > Cc: Christian Hopps , vpp-dev > Subject: Re: [vpp-dev] IPsec tunnel interfaces? > > > On May 9, 2020, at 7:23 AM, Neale Ranns via lists.fd.io wrote: > > > > > > > > Hi Chris, > > >

Re: [vpp-dev] IPsec tunnel interfaces?

From: on behalf of Christian Hopps Date: Sunday 10 May 2020 at 14:33 To: "Neale Ranns (nranns)" Cc: Christian Hopps , vpp-dev Subject: Re: [vpp-dev] IPsec tunnel interfaces? > On May 9, 2020, at 7:23 AM, Neale Ranns via lists.fd.io > wrote: > > > > Hi Ch

Re: [vpp-dev] IPsec tunnel interfaces?

Hi Chris, > Are there other properties of a tunnel mode SA that you need that are lost > with this approach? I need to use tunnel mode SAs provided by IKEv2. Transport mode is an optional (normally on-the-wire IKEv2 negotiated) feature of IPsec. These tunnel mode SAs will have IPTFS enabled

Re: [vpp-dev] IPsec tunnel interfaces?

From: on behalf of Christian Hopps Date: Thursday 7 May 2020 at 23:27 To: "Neale Ranns (nranns)" Cc: Christian Hopps , vpp-dev Subject: Re: [vpp-dev] IPsec tunnel interfaces? > On May 7, 2020, at 1:41 PM, Neale Ranns (nranns) wrote: > > > Hi Chris, > > On 07/05/2020 16:55, "Christian

Re: [vpp-dev] IPsec tunnel interfaces?

Hi Chris, On 07/05/2020 16:55, "Christian Hopps" wrote: > On May 7, 2020, at 8:15 AM, Neale Ranns (nranns) wrote: > > > Hi Chris, > > They were replaced by ipip interfaces protected by SAs: > https://wiki.fd.io/view/VPP/IPSec#Tunnel_Mode > > the

Re: [vpp-dev] IPsec tunnel interfaces?

Hi Chris, They were replaced by ipip interfaces protected by SAs: https://wiki.fd.io/view/VPP/IPSec#Tunnel_Mode the tunnel always adds encap. You can configure your SA to add additional encap if you want. /neale From: on behalf of Christian Hopps Date: Wednesday 6 May 2020 at 14:32 To:

Re: [vpp-dev] DPO leak in various tunnel types (gtpu, geneve, vxlan, ...)

Hi Andrew, They’re the first UT I’ve seen that screen scrape show output. I wasn’t sure this was acceptable practice. But if I had a better alternative I’d have suggested it already… /neale From: Andrew  Yourtchenko Date: Wednesday 6 May 2020 at 15:45 To: Nick Zavaritsky Cc:

Re: [vpp-dev] worker barrier state

Hi Chris, With SAs there are two scenarios to consider for inflight packets 1) the SA is unlinked 2) the SA is deleted. We've talked at length about how to deal with 2). By 'unlinked' I mean that whatever config dictated that an SA be used has now gone (like tunnel protection or SPD policy).

Re: [vpp-dev] ACL question

From: Govindarajan Mohandoss Date: Friday 1 May 2020 at 21:15 To: "Neale Ranns (nranns)" , Andrew Yourtchenko Cc: "John Lo (loj)" , Paul Vinciguerra , "vpp-dev@lists.fd.io" , nd , Lijian Zhang , Jieqiang Wang , nd Subject: RE: [vpp-dev] ACL question Hi Neale, I tried to use the CLI for

Re: [vpp-dev] ACL question

Or in the latest version you can create ACLs on the CLI: set acl-plugin acl ? set acl-plugin interface ? /neale From: on behalf of Andrew Yourtchenko Date: Wednesday 29 April 2020 at 10:59 To: Govindarajan Mohandoss Cc: "John Lo (loj)" , Paul Vinciguerra , "vpp-dev@lists.fd.io" , nd ,

Re: [vpp-dev] DPO leak in various tunnel types (gtpu, geneve, vxlan, ...)

Hi Nick, A +1 from me for the VPP change, thank you. I’m all for UT too, but I’ll let some others review the UT first before I merge. /neale From: on behalf of Nick Zavaritsky Date: Tuesday 21 April 2020 at 14:57 To: "vpp-dev@lists.fd.io" Subject: [vpp-dev] DPO leak in various tunnel types

Re: [vpp-dev] vpp project committer nomination: Benoit Ganne

+1 /neale On 21/04/2020 13:40, "vpp-dev@lists.fd.io on behalf of Dave Barach via lists.fd.io" wrote: Vpp project committers: please vote +1, 0, -1 on the mailto:vpp-dev@lists.fd.io mailer as to whether we should add Benoit Ganne as a vpp project committer. Ben has about 150

Re: [vpp-dev] worker barrier state

Hi Chris, Comments inline... On 15/04/2020 15:14, "Christian Hopps" wrote: Hi Neale, I agree that something like 4, is probably the correct approach. I had a side-meeting with some of the ARM folks (Govind and Honnappa), and we thought using a generation number for the state

Re: [vpp-dev] frp_preference and frp_weight size #vnet

Hi Dimitar, In VPP’s FIB weight and preference are attributes of a path not of a route. The weight controls [un]equal cost load-balancing across the paths and preference controls which paths to use when they are [un]available (i.e. BFD down), a kind of poor man’s fast re-route. It’s my

Re: [vpp-dev] worker barrier state

Hi Chris, Firstly, apologies for the lengthy delay. When I say 'state' in the following I'm referring to some object[s] that are used to forward packets. I'd classify the possible solution space as: 1) maintain per-packet counters for the state to indicate how many packets currently refer

Re: [vpp-dev] VPP not learning the MAC from RA (Router Advertisement)

Hi Vyshakh, A well placed call to: ip_neighbor_learn_dp() would do the job. Then some tests in test_ip6.py TestIPv6RD. /neale On 09/04/2020 07:42, "vpp-dev@lists.fd.io on behalf of Ole Troan" wrote: Vyshakh, That’s certainly what the RFC says. Care to submit a patch?

Re: [vpp-dev] question about l2 multicast #vpp

Hi Yan, I’m not quite sure I understand the question. However, if you are asking whether VPP supports IGMP snooping in a bridge-domain to provide more efficient L2 multicast, the answer is no. L2 multicast is flooded within the BD. /neale From: on behalf of "comeon...@outlook.com" Date:

Re: [vpp-dev] VPP nat ipfix logging problem, need to use thread-specific vlib_main_t?

In the test harness you can inject onto a given worker, e.g. see IpsecTun6HandoffTests. /neale From: on behalf of Paul Vinciguerra Date: Sunday 5 April 2020 at 17:24 To: "Dave Barach (dbarach)" Cc: Elias Rudberg , "vpp-dev@lists.fd.io" Subject: Re: [vpp-dev] VPP nat ipfix logging

Re: 答复: [E] [vpp-dev] Build a telecom-class Security gateway device with VPP

Hi, To my knowledge there is neither an EAP implementation for VPP nor has support for it has not been discussed in the public forum. /neale From: on behalf of Gencli Liu <18600640...@163.com> Date: Monday 30 March 2020 at 13:47 To: "vpp-dev@lists.fd.io" Subject: Re: 答复: [E] [vpp-dev]

Re: 答复: [E] [vpp-dev] Build a telecom-class Security gateway device with VPP

No. From: on behalf of Gencli Liu <18600640...@163.com> Date: Monday 30 March 2020 at 03:57 To: "vpp-dev@lists.fd.io" Subject: Re: 答复: [E] [vpp-dev] Build a telecom-class Security gateway device with VPP On Wed, Sep 19, 2018 at 06:26 PM, "tianye@sina" wrote: he SeGW checks the correctness

Re: [vpp-dev] ECMP seems to have issue if path is more than 2 #ecmp #vpp

Hi Sontu, Please let me refer you to a previous answer to this question: https://www.mail-archive.com/search?l=vpp-dev@lists.fd.io=subject:%22%5C%5Bvpp%5C-dev%5C%5D+multipath+dpo+buckets+is+wrong.%22=newest=1 /neale From: on behalf of sontu mazumdar Date: Friday 27 March 2020 at 15:47

Re: [vpp-dev] How to get source node of a buffer

Hi Murthy, There is no way to get the source node. However, if you are debugging and you want to see the full history of the graph through which a packet has passed, you can turn on trajectory tracing. #define VLIB_BUFFER_TRACE_TRAJECTORY 1 In vlib/buffer.h /neale From: on behalf of Satya

[vpp-dev] Unit Test Results in Random directories

Hi All, Am I the only one who finds the use of random directories for the unit-tests an unnecessary annoyance? I would suggest that random names are not needed for security purposes, since these files do not exist on a field system. Also, all directories are wiped before the next test run so

Re: [vpp-dev] [Question] Do you plan to add WireGuard support?

Hi Denis, It’s something we would like to do, but we have no timeline for it. /neale From: on behalf of Denis Tingajkin Date: Monday 16 March 2020 at 16:50 To: "vpp-dev@lists.fd.io" Subject: [vpp-dev] [Question] Do you plan to add WireGuard support? Hello, I'm interested to use WireGuard

Re: [vpp-dev] Unable to ping VPP interface when using SRIOV VF

Hi Satish, If the solution to the problem is to add configuration for DPDK for this interface type in this situation, can I request you ask the question on the DPDK support lists as to why the extra config to accept multicast packets is required. Regards, neale From: Satish Singh Date:

Re: [vpp-dev] How to direct traffic destined to a given subnet to a specific node of my choice? #vpp

Indeed DPOs are the way forward, you define your own that add a route to the FIB pointing to an instance of your DPO. There are lots of examples in the code base. The function to add to the FIB is: fib_table_entry_special_dpo_add() that will help guide your search, /neale From: on behalf

Re: [vpp-dev] APPROVED: add Matt Smith as a vpp committer, subject to TSC approval this Thursday

Enjoy the ride  From: on behalf of "Matthew Smith via Lists.Fd.Io" Reply to: "mgsm...@netgate.com" Date: Monday 2 March 2020 at 22:11 To: "Dave Barach (dbarach)" Cc: "vpp-dev@lists.fd.io" Subject: Re: [vpp-dev] APPROVED: add Matt Smith as a vpp committer, subject to TSC approval this

Re: [vpp-dev] vpp project committers: formal vote to add Matt Smith as a vpp committer

+1 /neale From: on behalf of "d...@barachs.net" Date: Monday 2 March 2020 at 15:20 To: "vpp-dev@lists.fd.io" Subject: [vpp-dev] vpp project committers: formal vote to add Matt Smith as a vpp committer VPP committers, please vote +1, 0, -1 on adding Matt Smith

Re: [vpp-dev] Can I submit some API changes for 19.08, et al. release branches?

Hi Chris, There are two overlapping sets of paths associated with each prefix in the FIB; the desired set as programmed by the control plane and the set that can be used (based on path availability, based on e.g. link or BFD state). I assume you fetch the former by parsing through the

Re: [vpp-dev] Can I submit some API changes for 19.08, et al. release branches?

>> /neale >> >> From: on behalf of Christian Hopps >> Date: Thursday 27 February 2020 at 16:32 >> To: "Neale Ranns (nranns)" >> Cc: Christian Hopps , "vpp-dev@lists.fd.io" >> Subject: Re: [vpp-de

Re: [vpp-dev] Can I submit some API changes for 19.08, et al. release branches?

t; Date: Thursday 27 February 2020 at 16:32 > To: "Neale Ranns (nranns)" > Cc: Christian Hopps , "vpp-dev@lists.fd.io" > Subject: Re: [vpp-dev] Can I submit some API changes for 19.08, et al. release branches? > >

Re: [vpp-dev] Can I submit some API changes for 19.08, et al. release branches?

of Christian Hopps Date: Thursday 27 February 2020 at 16:32 To: "Neale Ranns (nranns)" Cc: Christian Hopps , "vpp-dev@lists.fd.io" Subject: Re: [vpp-dev] Can I submit some API changes for 19.08, et al. release branches? > On Feb 27, 2020, at 9:41 AM, Neale Ranns vi

Re: [vpp-dev] Can I submit some API changes for 19.08, et al. release branches?

From: on behalf of Christian Hopps Date: Thursday 27 February 2020 at 15:16 To: "Neale Ranns (nranns)" Cc: Christian Hopps , Andrew  Yourtchenko , "Dave Barach (dbarach)" , vpp-dev Subject: Re: [vpp-dev] Can I submit some API changes for 19.08, et al. release branches? [snip] > > In my

Re: [vpp-dev] Q: how best to avoid locking for cleanup.

Hi Chris, All of the APIs that result in the removal of an SA are not marked as MP safe. This means that the worker threads are paused at the ‘barrier’ as the API is handled. Worker threads reach the barrier once they complete the frame they are working on. So there are no packets in flight

Re: [vpp-dev] Can I submit some API changes for 19.08, et al. release branches?

From: on behalf of Christian Hopps Date: Tuesday 25 February 2020 at 22:09 To: Andrew  Yourtchenko Cc: Christian Hopps , "Dave Barach (dbarach)" , vpp-dev Subject: Re: [vpp-dev] Can I submit some API changes for 19.08, et al. release branches? > On Feb 25, 2020, at 3:44 PM, Andrew 

Re: [vpp-dev] Can I submit some API changes for 19.08, et al. release branches?

Hi Chris, Adding an IS_INBOUND flag could be non-backward compatible if not setting the INBOUND flag on an SA and then using it in an inbound context resulted in an error being returned to the user. so existing clients would be obligated to set this new flag. If that’s not the case, and

Re: [vpp-dev] Error: esp4-encrypt-tun-handoff : congestion drop #ipsec

Ravin, Due to the RX and TX actions that need to be performed on an SA in an ‘atomic’ fashion, each SA is bound to a single worker thread. The trhread chosen is the one that first sees a packet for that SA. When subsequent packets arrive on a different thread they need to be transferred to

Re: [vpp-dev] VPP IPSec Responder Server (VPN Server) VPP Route injection

Hi Ravin, I would suggest two things: 1. In your application you should maintain an association between strongswan’s client and the tunnel you create in VPP for it. Then, since the routes are associated with the client they can easily be matched to the tunnel. You’ll need this sort of

Re: [vpp-dev] VPP Plugins build errors from IPSec module

Hi Kausik, The remaining build errors are from the router plugin, those I cannot help with. /neale On 26/02/2020 08:19, "vpp-dev@lists.fd.io on behalf of Majumdar, Kausik" wrote: Hi Neale, Thanks for your reply! Yes, now I have compiled vpp v20.01 codebase, built rpm

Re: [vpp-dev] VPP Plugins build errors from IPSec module

Hi Kausik, Did you run: make install-ext-dep /neale From: on behalf of "Majumdar, Kausik" Date: Tuesday 25 February 2020 at 23:35 To: "vpp-dev@lists.fd.io" Cc: "vppsb-...@lists.fd.io" , "Majumdar, Kausik" Subject: [vpp-dev] VPP Plugins build errors from IPSec module Hi folks,   I am

Re: [vpp-dev] [Question] L3 xconnects example usage

Hi Denis, You can always use the help function on the CLI; DBGvpp# l3xc ? l3xc l3xc [add|del] via ... an example would then be: l3xc add ip4 eth1 via 10.10.10.10 eth0 to send all IP4 packets received on eth1 to 10.10.10.10 on eth0. /neale From: on

Re: [vpp-dev] route lookup api

Hi Chris, Adding an API to dump a single route would be a welcome addition to the API. /neale From: on behalf of Paul Vinciguerra Date: Wednesday 19 February 2020 at 04:21 To: Christian Hopps Cc: vpp-dev Subject: Re: [vpp-dev] route lookup api Those don't seem to be exposed via the api

Re: [vpp-dev] sub interface after gre doesn't work

Please try with: https://gerrit.fd.io/r/c/vpp/+/25242 /neale From: on behalf of "abbas ali chezgi via Lists.Fd.Io" Reply to: "che...@yahoo.com" Date: Tuesday 18 February 2020 at 12:14 To: Vpp-dev Cc: "vpp-dev@lists.fd.io" Subject: [vpp-dev] sub interface after gre doesn't work please

Re: [vpp-dev] sub interface after virtual interfaces doesn't work

Please be more specific about what ‘doesn’t work’. You script on n1 does: #add gre tunnel create gre tunnel src 200.1.2.1 dst 200.1.2.2 set interface state gre0 up set interface ip address gre0 10.10.10.11/32 ip route add 2.1.1.0/24 via gre0 #del gre tunnel set interface state

Re: [vpp-dev] How to receive broadcast messages in VPP?

te add 224.0.0.1 via MyInterface Accept ip mroute add 224.0.0.1 via local Forward After that it works using multicast. Thanks for your help! (Please let me know if the above is not the right way to do it) Best regards, Elias On Thu, 2020-02-06 at 13:45 +0

Re: [vpp-dev] How to receive broadcast messages in VPP?

Hi Elias, Please see inline. On 06/02/2020 12:41, "vpp-dev@lists.fd.io on behalf of Elias Rudberg" wrote: Hello everyone, I am trying to figure out how to receive broadcast messages in VPP (vpp version 19.08 in case that matters). This is in the context of some

Re: [vpp-dev] issue with ARP and classify packet forwarding #classify

Hi Po, From: on behalf of Po Date: Friday 24 January 2020 at 08:14 To: "vpp-dev@lists.fd.io" Subject: [vpp-dev] issue with ARP and classify packet forwarding #classify Hi, I would like to classify the packet and forward to desired destination - Classify hits the rules - ARP proxy enabled

Re: [vpp-dev] Issue coming while fib lookup in vpp 18.01 between /8 and default route

18.01 might be missing patches in ip4_mtrie.c. /neale From: on behalf of chetan bhasin Date: Friday 31 January 2020 at 11:47 To: vpp-dev Subject: [vpp-dev] Issue coming while fib lookup in vpp 18.01 between /8 and default route Hello Everyone, I know that vpp 18.01 is not supported

Re: [vpp-dev] #vnet Any command to individually enable and disable IP forwarding per interface level

oop0 arp-reply arc arp disable On Wed, Jan 22, 2020 at 12:16 PM Neale Ranns via Lists.Fd.Io<http://Lists.Fd.Io> mailto:cisco@lists.fd.io>> wrote: hi, to enables IP4 forwarding on an interface, either apply an address or make it unnumberered to another interface (that has an

Re: [vpp-dev] #vnet Any command to individually enable and disable IP forwarding per interface level

From: on behalf of "Gigo Thomas via Lists.Fd.Io" Reply to: "gig...@thinkpalm.com" Date: Thursday 23 January 2020 at 22:31 To: "vpp-dev@lists.fd.io" Cc: "vpp-dev@lists.fd.io" Subject: Re: [vpp-dev] #vnet Any command to individually enable and disable IP forwarding per interface level

Re: [vpp-dev] Error:null-node: blackholed packets

The IP lookup failed on the decapped packet, there’s no route to 60.60.0.100 in fib index 1 – which I assume is table 1. You can check which table it is with: sh ip fib index 1 summary I’m not familiar with UPF so I can’t tell you why the lookup was done that way. /neale From: on behalf

Re: [vpp-dev] #vnet Any command to individually enable and disable IP forwarding per interface level

hi, to enables IP4 forwarding on an interface, either apply an address or make it unnumberered to another interface (that has an address); set int ip addr set int unnumbered use to enables IP4 forwarding on an interface, either apply an address or enable ip6 on it. set int ip addr

Re: [vpp-dev] routing configuration other than default

Hi Sothy, If you want ping to use a non-default table to lookup the address, you have to specify the table: vpp# ping 172.30.1.1 table-id 1 /neale From: on behalf of sothy Date: Wednesday 22 January 2020 at 08:43 To: "Balaji Venkatraman (balajiv)" Cc: "vpp-dev@lists.fd.io" Subject: Re:

Re: [vpp-dev] vpp crashes on deleting route 0.0.0.0/0 via interface #vpp

n vlib_process_startup (vm=0x0, p=0x8, f=0x766b6680 ) at /home/elantsev/vpp/src/vlib/main.c:1497 Backtrace stopped: previous frame inner to this frame (corrupt stack?) (gdb) ``` 15.01.2020, 01:54, "Neale Ranns via Lists.Fd.Io" : Hi, Thanks for the bug report, I’ll fix the crash. A quest

Re: [vpp-dev] Packet not going to Classifier & action #classify #vpp #flowprobe #vppwithoutdpdk

Hi, [snip] Trace as below Packet 1 00:04:30:392423: memif-input memif: hw_if_index 2 next-index 4 slot: ring 0 00:04:30:392444: ethernet-input IP4: b2:5f:84:5e:0b:43 -> 9e:db:96:ff:25:fa 00:04:30:392460: error-drop rx:memif0/2 00:04:30:392462: drop ethernet-input: l3 mac mismatch

Re: [vpp-dev] vpp crashes on deleting route 0.0.0.0/0 via interface #vpp

Hi, Thanks for the bug report, I’ll fix the crash. A question for you. DBGvpp# ip route add 0.0.0.0/0 table 10 via gre0 Says “all destinations in table 10 are reachable via an interface in table 0”. It implies therefore that all addresses in table 10 refer to the same device in table 0,

Re: [vpp-dev] #vapi -- Need multiple times " ip table del xxx" to delete a specific 'ip table' within vpp?

From: on behalf of "rya...@yunify.com" Date: Tuesday 14 January 2020 at 14:07 To: "vpp-dev@lists.fd.io" Subject: Re: [vpp-dev] #vapi -- Need multiple times " ip table del xxx" to delete a specific 'ip table' within vpp? Hi Neale, Thanks for answer. Another question: If I remove the l3

Re: [vpp-dev] #vapi -- Need multiple times " ip table del xxx" to delete a specific 'ip table' within vpp?

Hi Ryan, It’s probably a sign that you have bound multiple interfaces to that table : set int ip table And you need to unbind them (or bind them back to the default table) all before deleting the table : set int ip table 0 regards, neale From: on behalf of "rya...@yunify.com" Date:

Re: [vpp-dev] vpp19.08 ipsec issue

From: Terry Date: Tuesday 7 January 2020 at 13:12 To: "Neale Ranns (nranns)" Cc: "vpp-dev@lists.fd.io" Subject: Re:Re: [vpp-dev] vpp19.08 ipsec issue Hi Neale, My understanding is that the interface GigabitEthernet2/1/0 should only protect traffic from 100.0.0.0/24 and 172.168.1.0/24 and

Re: [vpp-dev] vpp19.08 ipsec issue

From: Terry Date: Monday 6 January 2020 at 23:51 To: "Neale Ranns (nranns)" Cc: "vpp-dev@lists.fd.io" Subject: Re:Re:Re: [vpp-dev] vpp19.08 ipsec issue [trim] And when I ping 192.168.1.2 from 100.0.0.3(user1), the TRACE packet information is as follows: Packet 1 00:38:45:983763:

Re: [vpp-dev] multipath dpo buckets is wrong.

2020 at 16:05 To: "Neale Ranns (nranns)" Subject: Re: [vpp-dev] multipath dpo buckets is wrong. hi Neale, power of 2 for 3 paths must be 4 dpo or maximum 8 dpo. this shows 16 dpos. thanks On Monday, January 6, 2020, 01:34:10 AM GMT+3:30, Neale Ranns via Lists.Fd.Io wrote: It is t

Re: [vpp-dev] multipath dpo buckets is wrong.

It is the correct behaviour. The number of load-balance buckets is always a power of 2. The lowest value is chosen to achieve the desired ratio to within a certain margin of error. /neale From: on behalf of "abbas ali chezgi via Lists.Fd.Io" Reply to: "che...@yahoo.com" Date: Saturday 4

Re: [vpp-dev] VPP Crash while programming DPO from a VPP Worker

Hi Murthy, You can only update the FIB from the main thread. Send [rate limited] events from the workers to the main thread to do this, e.g. arp_learn(). /neale From: on behalf of Satya Murthy Date: Monday 30 December 2019 at 17:58 To: "vpp-dev@lists.fd.io" Subject: [vpp-dev] VPP Crash

Re: [vpp-dev] more than 65K entries in a FIB table

Hi Miklos, I would not be against it. Please push a patch. Thanks, neale From: on behalf of Miklos Tirpak Date: Friday 20 December 2019 at 00:41 To: "vpp-dev@lists.fd.io" Subject: [vpp-dev] more than 65K entries in a FIB table Hi, the FIB table implements two reference counters: /**

Re: [vpp-dev] FIB Route Sources

Hi Jon, Apologies for the delay. Is this what you’re after : https://gerrit.fd.io/r/c/vpp/+/23808 /neale From: on behalf of "Jon Loeliger via Lists.Fd.Io" Reply to: "j...@netgate.com" Date: Thursday 7 November 2019 at 06:28 To: vpp-dev Cc: "vpp-dev@lists.fd.io" Subject: [vpp-dev] FIB

Re: [vpp-dev] ipsec: configuration for ike generated tunnels

Hi Carl, I think both options are viable. Perhaps 1) is preferable when IKE is a responder and 2) when an initiator. 1) doesn't exist, but there are many other cases where VPP sends notifcation events to the agent when it has discovred something - search for APIs named want_* For 2) it's

Re: [vpp-dev] vpp crash while configuring route #vpp

Hi Cipher, Thank you for the bug report. I was able to reproduce it once i had analysed the curiosities in your config. Here’s the Jira bug i created : https://jira.fd.io/browse/VPP-1803 and the patch : https://gerrit.fd.io/r/c/vpp/+/23645 your setup is exceptional because, you have the

Re: [vpp-dev] how to remove all route paths with specific condition

Hi, There is no such mechanism. Maybe call fib_table_entry_path_remove() on each prefix for which you previously added such a path. I’m assuming you added it, it’s not polite to remove some-one else’s path. FIB already reacts to certain changes, like interface down or BFD down and adjust

  1   2   3   >