t;>>> What do you think ?
>>>>>
>>>>> --a
>>>>>
>>>>>> On 6/9/17, Andrew đź‘˝ Yourtchenko wrote:
>>>>>>
>>>>>>
>>>>>> Assuming the only change is to effectively have
>
Hi Ehsan,
You can make a packet trace (trace add dpdk-input 50), then redo the test, and
see what is going on.
I suspect the behavior you see has to do that we can't do the ACL on the tagged
subinterface yet.
The subinterface support will require tweaking the 5-tuple extraction (which
would b
Soheil,
Quite some platforms switch the packets with up options in software. An example:
http://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst4500/12-2/31sga/configuration/guide/config/mcastmls.html#wp1082100
How do you plan to deal with this behavior in the network ?
--a
> On 29 Jun 2017
There are two different mechanisms in VPP which you can use:
1) classifier-based ACLs
https://wiki.fd.io/view/VPP/Introduction_To_N-tuple_Classifiers
It is faster than acl plugin, and allows only stateless operation which is
essentially bitmask-based.
2) acl plugin
https://wiki.fd.io/view/VPP
> On 9 Jul 2017, at 07:31, Ehsan Shahrokhi wrote:
>
> Hi,
>
> I have two questions about stateful.
> First, why stateful implementation of NAT and ACL are independent? Was there
> any logic behind this? As it is expected that both ACL and NAT plugins use
> the same connection tracking code b
packet "acl check was
successful, please create the return connection", it would take care of most
situations not involving the dynamic routing.
Could you tell a bit more about the scenario you are looking for ?
--a
>
> Regards,
> Ehsan Shahrokhi
>
>> On Su
Fwiw, not VPP-specific, but just based on a previous experience: when observing
the drops at anomalously low PPS levels too early in the processing of the
packet, I would check the interframe gap on the traffic generator set for that
test to ensure you are not generating dense bursts of traffic.
Dave,
Yeah, those things are found throughout testing of stable/1707 with various
control planes (openstack etc), so I first deal with them in stable/1707 and
after the commit id is there, cherry pick into master (so i made
https://gerrit.fd.io/r/#/c/8207/ for master now). Those are few things
been
> explicitly agreed upon by the VPP community.
>
> Thanks,
> -daw-
>
>> On 8/25/17 3:38 AM, Andrew Yourtchenko wrote:
>> Dave,
>>
>> Yeah, those things are found throughout testing of stable/1707 with various
>> control planes (openstack etc),
of ACL, wondering what
> is the direction of the optimizations you are working on. Could you share?
>
> Thanks
> Yipeng
>
>
> >On 5/23/17, ĺĽ ć”€ wrote:
> > Hi Andrew!
> >
> >
> > -- Original --
> > From
.
Absolutely, I always ensure that. The reason I didn't cherry pick from the hip
before the commit is cherry pick after the commit includes the commit ID, so I
think it is useful to have that in the commit message :-)
--a
>
> Thanks,
> -daw-
>
>> On 08/25/2017 04:57 PM,
Hi Kenny,
The ACL plugin now uses its own heap, you might want to increase its size
tenfold too in acl_set_heap() - see if this is the difficulty you are observing.
--a
> On 2 Sep 2017, at 08:00, khers wrote:
>
> Hi Andrew
>
> I increased the value of "ACL_FA_CONN_TABLE_DEFAULT_MAX_ENTRIES" p
Hi,
If we you talk about acl plugin then the ACLs are evaluated in the order of
them applied and same about the ACEs within an acl - to change the order you
can apply a differently sorted list or call acl_add_replace with new contents
of the ACL.
If you talk the built in ACLs using classifier
Hi Samuel,
You should be able to find a few examples in the source code of the acl plugin
unittests: test/test_acl_plugin*.py
There are three files with various configs and usages.
Hope this helps!
--a
> On 10 Sep 2017, at 11:01, Samuel S wrote:
>
> Hi
> I have python file for calling APIs
Thanks for the contribution!
Yep, I posted some comments.
In short: I think it needs some more work.
One additional comment that I forgot to mention in the review: I would really
love to see unittests...
--a
> On 11 Sep 2017, at 17:53, Ed Warnicke wrote:
>
> Andrew,
> Could you have a
Yep,
Yeah it is a work in progress for sub-interface support + the corresponding
unit tests... is that the use case you have in mind ?
--a
> On 10 Oct 2017, at 08:45, khers wrote:
>
> Hi,
> As far as I checked in vpp 17.07 branch version, It seems that the
> vlan tagged(dot1q) packets don't p
I sent the mail to help desk, which opened the ticket 47239. Not sure if there
is a way to “pile up” a “me too” it’s pretty much a showstopper for me,
since same as Gabriel - not all of the environments allow SSH...
--a
> On 19 Oct 2017, at 13:56, Gabriel Ganne wrote:
>
> Yes, I do.
>
>
t on port != 22.
>
> Chris.
>
> From: Andrew Yourtchenko [mailto:ayour...@gmail.com]
> Sent: Thursday, October 19, 2017 9:16
> To: Gabriel Ganne
> Cc: Luke, Chris ; vpp-dev@lists.fd.io
> Subject: Re: [vpp-dev] gerrit http authentication
>
> I sent the mail to h
Folks,
Klement suggested to bring it up on the list to discuss what is the best option
as seen by the community.
It concerns the independence of tests within a single test/test_foo.py file.
From the behavior of the test system I saw the tests being executed in
lexicographic order pertaining to
Jon,
Assuming it’s ACL plugin that you ask about, yes - if none of the ACLs in the
list of ACLs applied to interface in a given direction matches, it’s the same
as deny.
--a
> On 30 Oct 2017, at 17:49, Jon Loeliger wrote:
>
> Hi VPP Gurus,
>
> Is there an assumed "deny all" at the end of an
Yep!
--a
> On 31 Oct 2017, at 17:57, Jon Loeliger wrote:
>
>> On Mon, Oct 30, 2017 at 3:38 PM, Jon Loeliger wrote:
>>> On Mon, Oct 30, 2017 at 3:34 PM, Andrew Yourtchenko
>>> wrote:
>>> Jon,
>>>
>>> Assuming it’s ACL plugin that you
Dear Khers,
That is without applying the one liner change that I have proposed, right ?
I would suggest to retry the reproduction on the same commit where you were
previously able to reproduce it, and if it is reliably reproducible there - to
apply that change and see if it addresses the issue.
Hi Jon,
> On 10 Nov 2017, at 23:11, Jon Loeliger wrote:
>
> Folks,
>
> Every error from the ACL implementation is -1. Generically bad.
> Without regard for what might be more useful to an upper-layer UI.
When we discussed with the openstack folks the way they are treating errors was
all as c
When just running vat from within the source tree, it needs to know the path
for the plugins, for debug builds I usually have the following small shell
script which takes care of this without requiring me thinking every time (of
course needs to be launched from the vpp top directory since it has
on.. Does vat have to work with debug builds?
> And how to do the debug builds? What are the $1~$5 in your script?
>
> Thanks,
> Yuliang
>
>> On Mon, Nov 13, 2017 at 3:03 AM, Andrew Yourtchenko
>> wrote:
>> When just running vat from within the source tree, it
t;
>> On Mon, Nov 13, 2017 at 12:06 PM, Andrew Yourtchenko
>> wrote:
>> “Make build” in the VPP directory will get you a debug build. The $1 and
>> such is just standard shell scripting, in case I need to pass some
>> parameters to vat. I don’t think I had ever needed
; "acl-plugin-fa-worker-cleaner-pinterrupt" and "acl-plugin-out-ip4-fa" that
> are related to ACL.
> I think this means ACL at the input of an interface is not working.
>
> Do you see anything wrong here?
>
> Thanks,
> Yuliang
>
>> On Tue,
Dear Dave,
ACL plugin is using l2 classify path for traffic diversion and also dispatching
the dot1q/dot1ad packets to the correct ip4/ip6 acl plugin node by matching on
the inner ethertype...
I could probably make use of this change to push some more intelligence of the
stateless traffic matc
keys.
>
> Cheers,
>
> - Pierre
>
>
>
>> Le 19 oct. 2017 Ă 20:25, John Lo (loj) a Ă©crit :
>>
>> Yes, I can confirm using LF password does work while https password failed.
>> -John
>>
>> From: vpp-dev-boun...@lists.fd.io [mailto:vpp-
Dear Khers,
I believe you are right. That might not be all though... “dot1q”/“dot1ad” mask
value constant does not appear to make sense to me now.
They should be “XX XX” to mask out the bits and also should be set accordingly
to the proper values during the addition of the sessions. (I suppose
On 29 Nov 2017, at 08:25, khers wrote:
>
> Dear Andrew
>
> Thanks for your attention, Yes of course I pushed to gerrit with id 9615.
>
> Regards,
> Khers
>
>> On Tue, Nov 28, 2017 at 8:37 PM, Andrew Yourtchenko
>> wrote:
>> Dear Khers,
>>
Jon,
Do you have an api trace you could throw in my direction unicast ?
Macip_add_replace call was added later than most ACL plugins, (after realizing
the convenience of this approach in the policy ACLs vs the unapply/delete
acl/readd acl/reapply and for consistency), via commit
c29940c58de3e4
Dear Khers,
At least the exact commit# you are working with to get more context would be
useful - line 1029 on master points to a call acl_fill_5tuple to me...
Also, I have not heard - were you able to reproduce the issue you contacted
about a while ago ?
--a
> On 11 Dec 2017, at 08:46, khers
Hi Juan,
The ping debug CLI itself intended purpose is for testing the functioning of
VPP towards external destinations. It does not play very well with the ingress
features since that would mean getting the packet “in” the box from outside and
then capturing on the way out... it’s not just NAT
Juan, I didn’t see your clarification mail - what I wrote still stands but the
external ICMP is of course different, so please disregard my mail, and I will
go get more coffee. :)
--a
> On 11 Jan 2018, at 10:20, Matus Fabian -X (matfabia - PANTHEON TECHNOLOGIES
> at Cisco) wrote:
>
> It goes
Pradeep,
At this time you can only look at the specific session for the debug purposes,
not the whole table.
To have the traffic create the session you need to use “permit+reflect” action.
So with our your configuring “deny” no sessions will be created.
--a
> On 22 Jan 2018, at 18:32, Pradeep
Hi Rubina,
Thanks for reporting ! Which version are you on ?
Could you unicast me a decoded traceback from the core file ?
Thanks a lot!
--a
> On 30 Jan 2018, at 09:10, Rubina Bianchi wrote:
>
> Hi
>
> I run a stress test on stateful VPP. After a while it crash and raise an os
> panic sign
Kaneko-San,
My replies are inline below.
> On 1 Feb 2018, at 02:38, kaneko wrote:
>
> Hello, my name is Hitoshi Kaneko.
>
> I belong to NTT Laboratories.
>
> I evaluate VPP and there have been questions.
>
>
>
> (1)Question 1
>
> I have wanted to evaluate Access Control List of VPP.
>
Kaneko-San,
My replies inline below... hope they help you.
> On 7 Feb 2018, at 12:43, kaneko wrote:
>
> Hello, my name is Hitoshi Kaneko.
>
> I belong to NTT Laboratories.
>
> I evaluate VPP and there have been questions.
>
>
>
> (1)Question 1
>
> I have wanted to evaluate Access Contro
Mohsin,
Not really, macip acl only nails down the predefined known addresses.
Mostafa,
To implement the functionality you are looking for, you would need to write new
code.
--a
> On 12 Feb 2018, at 23:20, Mohsin Kazmi wrote:
>
> Hi Mostafa,
>
> Port Security functional can be implemented u
bout dropping of
> those frames.
>
> Thanks​,
> Mohsin
> From: Andrew Yourtchenko
> Sent: Monday, February 12, 2018 11:23 PM
> To: Mohsin Kazmi (sykazmi)
> Cc: vpp-dev@lists.fd.io
> Subject: Re: [vpp-dev] Port security
>
> Mohsin,
>
> Not really, macip ac
Hi all,
This past weekend (which coincided with the start of my vacation) I
have decided to spend a day to see if I can get VPP to compile and run
on Raspberry Pi.
After a few cuts with a blunt pen knife, I got it working - it
compiles entirely
on RPi 3 itself and I can get it to the "make run",
stophe
>
> -Original Message-
> From: vpp-dev@lists.fd.io [mailto:vpp-dev@lists.fd.io] On Behalf Of Andrew
> Yourtchenko
> Sent: Tuesday, February 13, 2018 6:29 PM
> To: vpp-dev@lists.fd.io
> Subject: [vpp-dev] Experiments in compiling and running VPP on Raspberry P
Christophe,
On 2/13/18, Christophe Fontaine wrote:
> Andrew,
>
>> -Original Message-
>> From: vpp-dev@lists.fd.io [mailto:vpp-dev@lists.fd.io] On Behalf Of
>> Andrew
>> Yourtchenko
>> Sent: Tuesday, February 13, 2018 10:29 PM
>> To: vpp-
Hi all,
for those of you using in some fashion the acl-plugin code, wanted to
get your eyes on this in-the-works patch:
https://gerrit.fd.io/r/#/c/9689/
as well as get your opinion on the following:
(1) should I KEEP the default as it is now (which is to retain the
sessions which are already cr
Hi Rubina,
I am assuming you are observing this both in single core and multicore
scenario ?
Based on the outputs, this is what I think might be going on:
I am seeing the total# of sessions is 100, and no TCP transient
sessions - thus the packets that require a a session are dropped.
What i
Dear Rubina,
I've tried the test locally using the data that you sent, here is the
output from my trex after 10 minutes running:
-Per port stats table
ports | 0 | 1
-
opa
Dear Rubina,
I have adjusted my trex config to match yours - increased 2m to 4m,
but that still didn't change much.
The only thing your config could be adapted is to have "deny" instead
of "drop" in the ACL configuration - right now one of your ACLs does
not have any rules, it is best to avoid t
Chris, all -
a heads up -
I’ve been working on https://gerrit.fd.io/r/#/c/11274/ to today’s deadline, but
would like a couple more days to give it a some more final kicks now that I had
split it up from ABF (https://gerrit.fd.io/r/#/c/9468/), seems it got a little
stubborn with a couple of uni
Shashi,
Probably your 1804 environment is not happy.
The commands are still there, but if you don’t see it in vat it means it can’t
load acl plugin, so you will need to doublecheck why.
--a
> On 2 Apr 2018, at 12:06, Shashi Kant Singh wrote:
>
> Hi
>
> I was trying to follow
>
> https://wik
lib64/vpp_plugins/ila_plugin.so:
> undefined symbol: unformat_vnet_sw_interface
> load_one_plugin:42:
> /bng5/shashi-7/vpp4_debug/vpp/build-root/install-vpp_debug-native/vpp/lib64/vpp_plugins/flowprobe_plugin.so:
> undefined symbol: ip4_lookup_node
> vat#
>
>
>
>
> Fr
ot/install-vpp_debug-native/vpp/lib64/vpp_plugins/nat_plugin.so:
>> undefined symbol: ip4_lookup_node
>> load_one_plugin:42:
>> /bng5/shashi-7/vpp4_debug/vpp/build-root/install-vpp_debug-native/vpp/lib64/vpp_plugins/dpdk_plugin.so:
>> undefined symbol: unformat_vnet_hw_interface
>> load_
ge_plugin.so:
>>> undefined symbol: format_vnet_buffer
>>> load_one_plugin:42:
>>> /bng5/shashi-7/vpp4_debug/vpp/build-root/install-vpp_debug-native/vpp/lib64/vpp_plugins/gtpu_plugin.so:
>>> undefined symbol: l2input_main
>>> load_one_plugin:42:
:
> > undefined symbol: ip4_lookup_node
> > load_one_plugin:42:
> > /bng5/shashi-7/vpp4_debug/vpp/build-root/install-vpp_debug-native/vpp/lib64/vpp_plugins/dpdk_plugin.so:
> > undefined symbol: unformat_vnet_hw_interface
> > load_one_plugin:42:
> > /bng5/shashi-7/
hi Carlito,
you can configure subinterfaces with tags and assign the ip addresses so the
VPP does routing and then either use vnet ACLs or acl plugin to restrict the
traffic.
—a
> On 19 Apr 2018, at 21:07, Dave Barach wrote:
>
> Begin forwarded message:
>
>> From: Carlito Nueno
>> Date: A
ient than going through two BDs and route via BVIs. -John
>>
>> -Original Message-
>> From: vpp-dev@lists.fd.io On Behalf Of John Lo (loj)
>> Sent: Thursday, April 19, 2018 4:48 PM
>> To: carlito nueno ; Andrew Yourtchenko
>>
>> Cc: vpp-dev@l
Carlito,
Seems like my mail didn’t make it to the list...
Your release doesn’t have yet the support for subinterfaces.
Do “make test TEST=acl_plugin_macip” and the very scenario you are setting up
is the first unit test in the supported version, so you can compare the logs.
I suggest giving a
Yeah back in the day the fragment reassembly code was not there yet, so there
is a choice either to drop all the fragments on the floor, or rely on the
receiving TCP stack to drop the non-initial fragments, like IOS did. There is a
knob that allows you to choose the behavior between the two by f
Dear Rubina,
You could take a look at “perf top” to see what could be going on. if you need
help, let me know, I would be happy to look at it together.
Also, now as part of the work for 18.07 I am testing a couple of different
approaches to change the processing for more performance, would you
nfirst_fragment)) {
The need_portrange_check in the result can be possibly set to true
only when the rule is full 5-tuple, and we should not be able to even
hit in the bihash the 5-tuple rule on a non-first fragment since that
flag is part of the hash key. Thus, that check would be redundant.
stateful
> scenario and multi-threading? what 's your opinion?
>
> Sent from Outlook<http://aka.ms/weboutlook>
> ________
> From: Andrew Yourtchenko
> Sent: Wednesday, May 9, 2018 2:47 PM
> To: Rubina Bianchi
> Cc: vpp-dev@lists.fd.io
> S
See if “git clean -fdx” before building might help, I think I have seen
something similar when moving between the far apart versions.
--a
> On 10 May 2018, at 02:17, carlito nueno wrote:
>
> First Question:
> Tried to do “make test TEST=acl_plugin_macip”, but I got this error:
>
> Using /vpp
Hi all,
The VPP 19.01.2 Maintenance Release is complete and the VPP artifacts
are available in the release area on PackageCloud.io and Nexus. See
VPP wiki for instructions on how to download and install the release
packages: https://wiki.fd.io/view/VPP/Installing_VPP_binaries_from_packages
The
No, you can’t do ranges in classifier. You can add multiple chained tables with
different masks, but performance wise it most certainly be worse than simply
create a mask with exact match for the port and adding 1112 entries for each of
the ports you need to match.
--a
> On 22 May 2019, at 08:
Satya,
How often do you plan to update/ how many ranges do you plan to have ?
And what is the source of information defining the ranges ?
Acl plugin does encapsulate some of the complexity, but seeing as you seem to
want to use the it as a dynamic traffic-driven datastructure, classifier tables
So, to me “received from an external entity” seems like squarely a task for a
separate control plane entity - because presumably you will also want to
resynchronize that info upon the restart of the VPP, right ?
In any case, seems like your use case will require some investments in either
case
Satya,
I am just now going mostly offline for the next 9 calendar days. Normally what
you are doing should work.
The usual “use the force trick” with gdb applies and gerrit with fixes are
welcome if you get to the root cause and the fix to it, while I am away.
If not - you can post your code/
How about this in your plugin ? (Typed on iPhone so not directly copypasteable)
static int registered_id = -1;
void My_feature_enable () {
If (-1 == registered_id) {
registered_id = acl_plugin_register(“me myself and I”);
}
...
}
--a
> On 4 Jun 2019, at 13:00, Satya Murthy wrote:
>
Satya,
Gbp plugin uses acl plugin in the way I suggested.
Another use is in abf plugin...
what are you doing different compared to those two ?
I wonder if the reason you can’t call init function is the same as the
registration issue - could be that acl plugin is not loaded ?
Please publish a
Satya,
So, what are the reasons preventing you from doing the same ?
--a
> On 7 Jun 2019, at 13:09, Satya Murthy wrote:
>
> Hi Andrew,
>
> One difference I see between our plugin vs Gbp plugin is:
>
> In Gbp plugin, register_module is getting called as part of an API handler,
> which is usu
Hi Esin,
Make a clean checkout of VPP master (without your plugin) and repeat the same
test. If that works - then you will need to debug what your plugin code is
doing wrong.
--a
> On 13 Jun 2019, at 11:19, Esin ErenoÄźlu wrote:
>
> Hi everyone,
>
> I am trying to send packet an interface wi
Hello all,
It is that time of the year again - to begin our preparations for
19.08 VPP release.
According to the agreed release plan [1], the API freeze will happen
on the July 31st, at 18:00 UTC,
so this is a first gentle reminder four weeks in advance.
As usual - feel free to update the releas
My 5 kopecks: good idea to add this setting, but keep it commented out by
default, and add a comment to the service config file “# uncomment the next
line to enable coredump” as well as to docs or other prominent place where
folks frantically searching on how to enable coredump would find it...
I reproduced the problem on 16.04, somehow the name is goofed - it has “Linux”
in the package name rather than the standard architecture name. I suspect vom
isn’t really arch-agnostic, so probably it is not a nice idea to name it this
way :-)
Interestingly building on 18.04 the name does contai
aging rather than vom.
>
> Yohan
>
>> -Original Message-
>> From: vpp-dev@lists.fd.io On Behalf Of Andrew
>> Yourtchenko
>> Sent: vendredi 19 juillet 2019 20:42
>> To: Vratko Polak -X (vrpolak - PANTHEON TECHNOLOGIES at Cisco)
>>
>> C
Hi all,
The VPP 19.01.3 Maintenance Release is complete and the VPP artifacts
are available in the release area on PackageCloud.io and Nexus. See
VPP wiki for instructions on how to download and install the release
packages: https://wiki.fd.io/view/VPP/Installing_VPP_binaries_from_packages
VPP
Hi all,
we are approaching the API freeze milestone next wednesday, so a
friendly reminder
to get your patches with API changes in. After 18:00 UTC next
wednesday 31 July 2019
we will only be accepting the low-risk changes on the master branch,
according to our release schedule for 19.08, as liste
Just reading the description and not having peeked into the sniffer
trace, I wondered if is it this behavior a side effect of mitigation
of [1], consequently, are the linux side sockets marked as no_delay ?
[2]
[1]: https://en.wikipedia.org/wiki/Silly_window_syndrome
[2]:
https://stackoverflow.c
Cool, thanks for clarification!
--a
> On 24 Jul 2019, at 18:37, Florin Coras wrote:
>
> Pretty much. We advertise whatever space we have left in the fifo as opposed
> to 0 and as result linux backs off.
>
> TCP_NODELAY can force what looks like the problematic packet out sooner.
> However, b
Hi all,
just a kind reminder that in two days we have an API freeze, so only
low-risk changes with no API modifications will be accepted until we
pull the stable/1908 branch.
--a
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#13603): https://list
Hi all,
F0 milestone is complete.
RC1 milestone is scheduled to for next Wednesday 7 August 2019,
commencing at 18:00 UTC.
Please get all of the low-risk patches required for VPP Release 19.08
merged into master branch before then.
On Wednesday at 18:00 UTC the branch 'master' will be closed fo
Packagecloud shows “indexing” next to rpm in question, so I would think the
uploaded packages indeed don’t show up in the package lists visible to the
clients...
Since as we discussed offline the build b7545 is installing ok, this to me
excludes other reasons, since the only difference between
> Vratko.
>
> [1] https://lists.fd.io/g/vpp-dev/message/12786
>
> -Original Message-
> From: vpp-dev@lists.fd.io On Behalf Of Andrew
> Yourtchenko
> Sent: Wednesday, July 31, 2019 10:26 PM
> To: vpp-dev
> Subject: [vpp-dev] 19.08 RC1 Milestone (stable branc
Hi all,
just a small reminder that RC1 is this wednesday 18:00 UTC.
--a
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#13660): https://lists.fd.io/g/vpp-dev/message/13660
Mute This Topic: https://lists.fd.io/mt/32723958/21656
Group Owner: vpp-dev
Hi all,
just a reminder that today 18:00 UTC is the RC1 milestone.
--a
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#13675): https://lists.fd.io/g/vpp-dev/message/13675
Mute This Topic: https://lists.fd.io/mt/32779849/21656
Group Owner: vpp-dev+
r/c/vpp/+/21089 in
> rc1, however, Jenkins seems to be in a weird state with the csit-verify on
> ARM stuck...
>
> Best
> ben
>
>> -Original Message-
>> From: vpp-dev@lists.fd.io On Behalf Of Andrew
>> Yourtchenko
>> Sent: mercredi 7 août
hi all,
as per the release schedule, I am starting with the 19.01 RC1 process.
master branch is now closed until I announce.
Committers, please avoid merging the patches for the time being.
thanks!
--a
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Onli
Hi all,
VPP 19.08-rc1 artifacts for Centos, and Ubuntu 16.04 and 18.04 are ready
at https://packagecloud.io/fdio/1908 and tested to be runnable [1].
The stable/1908 branch is ready for your bugfixes.
As a reminder, for the stable/1908 branch:
- bugfixes only
- all fixes must have Jira tickets
-
Hi all,
Just a kind reminder that 19.08 RC2 milestone is tomorrow.
After that milestone, only critical bug fixes will be merged into
stable/1908 in preparation for the release.
--a
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#13718): https://l
Hi all,
I have created the v19.08-rc2 tag on stable/1908 and verified that
19.08-rc2 build artifacts are on packagecloud.
VPP 19.08 Release Milestone RC2 is complete!
As a reminder, the VPP 19.08 Release is next Wednesday August 21, 2019.
https://wiki.fd.io/view/Projects/vpp/Release_Plans/Relea
Hi all,
As we are approaching the release date of the VPP 19.08 release, I
have prepared the release notes for it for your review:
https://gerrit.fd.io/r/#/c/vpp/+/21366/ - Feel free to have a look and
submit your edits, if any.
I plan to commit it at noon UTC on Wednesday 21 August.
Thanks!
-
VPP committers,
please don't merge any new patches on stable/1908 until my further notice.
Thanks!
--a
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#13803): https://lists.fd.io/g/vpp-dev/message/13803
Mute This Topic: https://lists.fd.io/mt/329
Hi all,
the VPP release 19.08 artifacts are available on packagecloud release
repositories.
I have tested the installation on ubuntu and centos.
Many thanks to everyone involved into making it happen!
Special thanks to Vanessa Valderrama for the help today.
--a
p.s. stable/1908 branch is re-
*facepalm* :-) that’s the case for automation of this email right there :-)
--a
> On 21 Aug 2019, at 23:19, Damjan Marion wrote:
>
>
>
>> On 21 Aug 2019, at 22:57, Andrew Yourtchenko wrote:
>>
>>
>
> So you are in release man
The VPP packet tracer might tell a bit more what is going on.
https://wiki.fd.io/view/VPP/Command-line_Interface_(CLI)_Guide#packet_tracer
Also you can do “TEST=acl_plugin* make test” and examine the logs of successful
testcase runs and compare with what you have.
--a
> On 3 Sep 2019, at 16:2
Hi Cipher,
Reply below inline
> On 4 Sep 2019, at 12:36, Cipher Chen wrote:
>
> Thanks Andrew, I've successfully done acl_plugin test.
>
> BTW, just reply here for latecomers, do "V=2 EXTENDED_TESTS=1
> TEST=acl_plugin* make test" to do more test and print verbosely.
Yeah the connection tra
Thanks for the traces !
MACIP acl uses the classifier-bases “ip-acl”; so it sounds like it is not
programmed with the source Mac of your packets.
“Show acl-plugin macip” will help to see what the acl plugin sees, and if it
looks legit, then you can check the classifier tables applied as input a
t-feat-arc-end
> IN-FEAT-ARC: head 0 feature_bitmap 100525 ethertype 0 sw_if_index -1,
> next_index 17
> 00:53:47:316360: l2-input-acl
> INACL: sw_if_index 9, next_index 0, table 12, offset -1
> 00:53:47:316361: error-drop
> rx:VirtualEthernet0/0/3
>
> -Naveen
>
on neutron’s port corresponding to
> VirtualEthernet0/0/3.
> This could be causing the ICMP reply packet from the firewall to drop.
>
>lc_index 0 l3 ip4 145.144.1.53 -> 145.144.1.84 l4 lsb_of_sw_if_index 9
> proto 1 l4_is_input 1 l4_slow_path 1 l4_flags 0x03 port 0 ->
o"
>>
>> Subject: Re: [vpp-dev] ACL drops while pinging another interface
>>
>> It hits the session, so it does pass the L3 acl. Just before ...
>> --a
>>
>> On 5 Sep 2019, at 18:52, Naveen Joy (najoy)
>> mailto:na...@cisco.com>> wrote:
>
1 - 100 of 523 matches
Mail list logo
