> > On 8 Aug 2020, at 01:40, Venkat <[email protected]> wrote: > > > Thank you Andrew for the response. Will invest time to put together the test > cases. Could you please point me to sample test scripts for vpp for > reference?
You can look in the “test” subdirectories of the ABF and acl plug-ins for the inspiration, hopefully should be a simple tweak to combine the two... > Or shall I compile a list of test cases I am executing using vpp dbg shell > CLI commands? > > Also, do you think there are significant changes between 1908 vs 2001 or 2005 > VPP stable branches for ABF plugin code making a case to upgrade vpp? ACLs didn’t change for quite a while - not sure about the ABF... You can do git log —oneline | egrep “acl|abf” on master branch to see what changes were there... —a > Please advise. > > thanks > Venkat > > >> On Fri, Aug 7, 2020 at 4:25 PM Andrew 👽 Yourtchenko <[email protected]> >> wrote: >> Sure. Neither me nor Neale have k8s or ligato. >> >> If you invest some effort into building a small “make test” script(s) that >> show the issues then: >> 1) it will be possible for at least one of us to take a look at them >> 2) they won’t resurface again. >> >> Does this make sense? >> >> Also, probably ligato folks have some testing as well - have you discussed >> with them what kind of scenarios they tested ? >> >> --a >> >>>> On 7 Aug 2020, at 21:35, Venkat <[email protected]> wrote: >>>> >>> >>> Just to give more context on my test environment... I am using contiv vpp >>> Kubernetes environment and configuring ABFs via etcdctl. >>> >>> eg. >>> / # etcdctl --endpoints=10.43.255.42:12379 put >>> /vnf-agent/eos-branch-1/config/vpp/abfs/v2/abf/4 >>> '{"index":4,"acl_name":"023-sjcf >>> w-icmp-deny","attached_interfaces":[{"input_interface":"lan","priority":5}],"forwarding_paths":[{"interface_name":"sjc-blr-tunne >>> l"}]}' >>> >>> Just wondering of ABF feature is mature enough in vpp. I am facing a good >>> number of issues as I try to experiment with various scenarios. >>> I seeing issues when NAT is enabled on the interface, then ABF is not >>> exercised. >>> I am not sure how to setup deny rules on the interface, if we cannot have >>> ABF and ACL co-exist on the interface. >>> Observing crashes in VPP while performing some of these tests. >>> >>> DBGvpp# show version >>> vpp v19.08.1-282~ga6a98b546 built by root on 525c154d7fe6 at Tue Aug 4 >>> 21:10:49 UTC 2020 >>> DBGvpp# >>> >>> thanks >>> Venkat >>> >>>> On Fri, Aug 7, 2020 at 10:27 AM Andrew 👽 Yourtchenko <[email protected]> >>>> wrote: >>>> A contribution to “make test” that covers this scenario would be very much >>>> appreciated... >>>> >>>> --a >>>> >>>>>> On 7 Aug 2020, at 19:07, Venkat <[email protected]> wrote: >>>>>> >>>>> >>>>> Thank you for the response Balaji. >>>>> I have noticed VPP crashes when I configure an ABF on the interface that >>>>> already has an non-abf ACL attached to the interface. >>>>> And when I don't have non-abf ACL, then I am able to install ABF rule. >>>>> Hence was wondering if it's a misconfiguration to have both ABF and >>>>> non-abf ACL on the same interface. I agree, in any case, it should not >>>>> result in a crash. >>>>> >>>>> thanks >>>>> Venkat >>>>> >>>>> >>>>>> On Fri, Aug 7, 2020 at 9:59 AM Balaji Venkatraman via lists.fd.io >>>>>> <[email protected]> wrote: >>>>>> Hi Venkat, >>>>>> >>>>>> >>>>>> >>>>>> Underlying the ABF is another ACL. When we attach an ABF to the >>>>>> interface, the ACL it inherits gets applied to the interface. Not sure >>>>>> if another ACL independent of the above can be attached to the same >>>>>> interface. But, in any case, it should not crash 😊 >>>>>> >>>>>> Thanks! >>>>>> >>>>>> >>>>>> >>>>>> -- >>>>>> >>>>>> Regards, >>>>>> >>>>>> Balaji. >>>>>> >>>>>> >>>>>> >>>>>> >>>>>> >>>>>> From: <[email protected]> on behalf of "[email protected]" >>>>>> <[email protected]> >>>>>> Date: Friday, August 7, 2020 at 9:36 AM >>>>>> To: "[email protected]" <[email protected]> >>>>>> Subject: [vpp-dev] ABF and ACL co-existence on an Interface >>>>>> >>>>>> >>>>>> >>>>>> Hello, >>>>>> Experimenting ABF in VPP. Had a question regarding the co-existence of >>>>>> ABF and ACL on an interface. >>>>>> Seems like we can either attach ABF or ACL to an interface and not both. >>>>>> Is this the behavior or am I missing anything? >>>>>> When I try to install ABF rule on an interface that already has ACL >>>>>> attached, I see vpp resulting in a crash. >>>>>> Please confirm. >>>>>> thanks >>>>>> Venkat >>>>>> >>>>>> >>>>>
-=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#17173): https://lists.fd.io/g/vpp-dev/message/17173 Mute This Topic: https://lists.fd.io/mt/76052836/21656 Group Owner: [email protected] Unsubscribe: https://lists.fd.io/g/vpp-dev/unsub [[email protected]] -=-=-=-=-=-=-=-=-=-=-=-
