Andrew-san, Thank you for your reply!
I'll try and debug it. Thank you. Best regards, Teshigawara > -----Original Message----- > From: [email protected] [mailto:[email protected]] On Behalf Of Andrew > Yourtchenko > Sent: Friday, June 22, 2018 10:41 PM > To: Teshigawara Masaaki(勅使川原 雅亮) <[email protected]> > Cc: [email protected] > Subject: Re: [vpp-dev] configure acl-hit-next and policer-hit-next at the same > interface > > Teshigawara-san, > > the "vat# acl_add_replace ipv4 permit" part in your configuration is not doing > anything, since it configures a new ACL in the ACL plugin, and both of the > features you are trying to configure are using classifier tables. > > As for why they do not work together - I would suggest debugging this further > using packet tracer ("trace add dpdk-input 50") and comparing the flow inside > graph (as seen per packet in "show trace") for all of the three cases - this > might give you some further hint what is going on. > > --a > > On 6/22/18, Masaaki Teshigawara <[email protected]> wrote: > > Dear all, > > > > > > > > Let me ask about the classify function. > > > > > > > > For incoming packets from GE0/5/0 interface at vpp-1 in attached png, > > I'd like to do below: > > > > 1. apply the rate limit by Policer, > > > > 2. then, apply the policy based routing by ACL and packets are sent to > > vpp-3 directly. > > > > (packets which source address is not 192.168.1.5 go to vpp-2.) > > > > > > > > When I've executed the following commands, ping is not successful. > > > > Is there any idea to do them at the same interface? > > > > > > > > vat# acl_add_replace ipv4 permit > > > > vpp# classify table mask l3 ip4 src > > > > vpp# classify session acl-hit-next 1 table-index 0 match l3 ip4 src > > 192.168.1.5 action set-ip4-fib-id 3 > > > > vpp# set interface input acl intfc GigabitEthernet0/5/0 ip4-table 0 > > > > vpp# configure policer name policy001 cir 30 cb 375 rate kbps round > > down type 1r2c conform-action transmit exceed-action drop > > > > vpp# set policer classify interface GigabitEthernet0/5/0 ip4-table 0 > > > > vpp# classify session policer-hit-next policy001 table-index 0 match > > l3 ip4 src 192.168.1.5 > > > > > > > > > > > > Just in case, ping is successful when I apply only policy based > > routing or only policer as below. > > > > > > > > - only policy based routing > > > > vat# acl_add_replace ipv4 permit > > > > vpp# classify table mask l3 ip4 src > > > > vpp# classify session acl-hit-next 1 table-index 0 match l3 ip4 src > > 192.168.1.5 action set-ip4-fib-id 3 > > > > vpp# set interface input acl intfc GigabitEthernet0/5/0 ip4-table 0 > > > > > > > > - only policer > > > > vpp# configure policer name policy001 cir 30 cb 375 rate kbps round > > down type 1r2c conform-action transmit exceed-action drop > > > > vpp# classify table mask l3 ip4 src > > > > vpp# classify session policer-hit-next policy001 table-index 0 match > > l3 ip4 src 192.168.1.5 action set-ip4-fib-id 3 > > > > vpp# set policer classify interface GigabitEthernet0/5/0 ip4-table 0 > > > > > > > > > > > > Thank you in advance. > > > > > > > > Best regards, > > > > Teshigawara > > > > > > > > > > > > > > > -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#9699): https://lists.fd.io/g/vpp-dev/message/9699 Mute This Topic: https://lists.fd.io/mt/22568325/21656 Group Owner: [email protected] Unsubscribe: https://lists.fd.io/g/vpp-dev/unsub [[email protected]] -=-=-=-=-=-=-=-=-=-=-=-
