Just to give more context on my test environment... I am using contiv vpp
Kubernetes environment and configuring ABFs via etcdctl.
eg.
/ # etcdctl --endpoints=10.43.255.42:12379 put
/vnf-agent/eos-branch-1/config/vpp/abfs/v2/abf/4
'{"index":4,"acl_name":"023-sjcf
w-icmp-deny","attached_interfaces":[{"input_interface":"lan","priority":5}],"forwarding_paths":[{"interface_name":"sjc-blr-tunne
l"}]}'
Just wondering of ABF feature is mature enough in vpp. I am facing a good
number of issues as I try to experiment with various scenarios.
I seeing issues when NAT is enabled on the interface, then ABF is not
exercised.
I am not sure how to setup deny rules on the interface, if we cannot have
ABF and ACL co-exist on the interface.
Observing crashes in VPP while performing some of these tests.
DBGvpp# show version
vpp v19.08.1-282~ga6a98b546 built by root on 525c154d7fe6 at Tue Aug 4
21:10:49 UTC 2020
DBGvpp#
thanks
Venkat
On Fri, Aug 7, 2020 at 10:27 AM Andrew 👽 Yourtchenko <[email protected]>
wrote:
> A contribution to “make test” that covers this scenario would be very much
> appreciated...
>
> --a
>
> On 7 Aug 2020, at 19:07, Venkat <[email protected]> wrote:
>
>
> Thank you for the response Balaji.
> I have noticed VPP crashes when I configure an ABF on the interface that
> already has an non-abf ACL attached to the interface.
> And when I don't have non-abf ACL, then I am able to install ABF rule.
> Hence was wondering if it's a misconfiguration to have both ABF and non-abf
> ACL on the same interface. I agree, in any case, it should not result in a
> crash.
>
> thanks
> Venkat
>
>
> On Fri, Aug 7, 2020 at 9:59 AM Balaji Venkatraman via lists.fd.io
> <[email protected]> wrote:
>
>> Hi Venkat,
>>
>>
>>
>> Underlying the ABF is another ACL. When we attach an ABF to the
>> interface, the ACL it inherits gets applied to the interface. Not sure if
>> another ACL independent of the above can be attached to the same interface.
>> But, in any case, it should not crash 😊
>>
>> Thanks!
>>
>>
>>
>> --
>>
>> Regards,
>>
>> Balaji.
>>
>>
>>
>>
>>
>> *From: *<[email protected]> on behalf of "[email protected]" <
>> [email protected]>
>> *Date: *Friday, August 7, 2020 at 9:36 AM
>> *To: *"[email protected]" <[email protected]>
>> *Subject: *[vpp-dev] ABF and ACL co-existence on an Interface
>>
>>
>>
>> Hello,
>> Experimenting ABF in VPP. Had a question regarding the co-existence of
>> ABF and ACL on an interface.
>> Seems like we can either attach ABF or ACL to an interface and not both.
>> Is this the behavior or am I missing anything?
>> When I try to install ABF rule on an interface that already has ACL
>> attached, I see vpp resulting in a crash.
>> Please confirm.
>> thanks
>> Venkat
>>
>>
>
>
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#17170): https://lists.fd.io/g/vpp-dev/message/17170
Mute This Topic: https://lists.fd.io/mt/76052836/21656
Group Owner: [email protected]
Unsubscribe: https://lists.fd.io/g/vpp-dev/unsub [[email protected]]
-=-=-=-=-=-=-=-=-=-=-=-
