So, to me “received from an external entity” seems like squarely a task for a separate control plane entity - because presumably you will also want to resynchronize that info upon the restart of the VPP, right ?
In any case, seems like your use case will require some investments in either case - acl plugin hides the complexity of the raw tables, but it was aimed at policy-related stuff - so not high rate of changes. And under the hood it does essentially similar things as multiple chained classifiers, except you don’t get to choose what it does :) Hard to say which of the approaches would require less tweaking without knowing more precisely what the rules will look like for the use cases. So I would suggest you might start with building a test harness code (as part of make test extended tests or c-based unit test plugin - you will need that anyway) that simulates with sufficient similarity what you want to happen (rate/rule number/parameter distribution/ordering/etc), and then using that test harness, hack on the acl-plugin code to expose the necessary functionality via the mechanism similar to current (function pointers within a structure). If the wheels don’t fall off at the parameters you are looking for, then we can work on integrating it into the plugin. If they do - then either you can try to tweak the things so they don’t (and again, if success, I am happy to consider your patches), or try classifier-based scheme. Does this sound like a reasonable approach ? --a > On 23 May 2019, at 16:30, Satya Murthy <[email protected]> wrote: > > Hi Andrew, > > Our custom plugin will receive these rules per each session from an external > entity. > The number of sessions may go into millions. > > Yes, as you rightly said, these are rules are very dynamic in nature and > these will be added and deleted with addition of session and it's deletion > respectively. > The main reason for looking at ACLs for this scenario is: > VPP ACL framework has IP/prefixlength and port ranges built-in supported. > These range constructs are not built-in with VPP Classfier plugin > infrastructure. > If we have to use VPP classifiers, we might need to do lot of work in > converting the ranges into different classifier tables and sessions. > > Not sure, which one really works for us ( ACLs vs Classifiers) > Can you please let us know, what would be the issue if we use ACLs with: > (1) millions of rules > (2) High number of adds/delete operation of ACL rules > > Appreciate your inputs on this. > > -- > Thanks & Regards, > Murthy > -=-=-=-=-=-=-=-=-=-=-=- > Links: You receive all messages sent to this group. > > View/Reply Online (#13131): https://lists.fd.io/g/vpp-dev/message/13131 > Mute This Topic: https://lists.fd.io/mt/31717199/675608 > Group Owner: [email protected] > Unsubscribe: https://lists.fd.io/g/vpp-dev/unsub [[email protected]] > -=-=-=-=-=-=-=-=-=-=-=-
-=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#13133): https://lists.fd.io/g/vpp-dev/message/13133 Mute This Topic: https://lists.fd.io/mt/31717199/21656 Group Owner: [email protected] Unsubscribe: https://lists.fd.io/g/vpp-dev/unsub [[email protected]] -=-=-=-=-=-=-=-=-=-=-=-
