Re: [vpp-dev] ALG

[Denis Lotarev via vpp-dev]

Hi!
> Certainly cool if you could find a use for VPP this way.
Yes, we will be glad to use VPP as hight perfomance NAT server in our 
infrastructure, if this will work stability :)
Nowaday we are using six servers with double 10G NIC with 12 cpu cores 
every.This works on simple SNAT iptables module (only one rule in iptables) for 
NAT with pooling subscribers and NETMAP module for 1:1 NAT. But this scheme is 
hard to scale.And it will be cool to use only two NAT servers (in VRRP mode, 
one active and one backup) with 12 cores and 40G NIC one port (Intel XL710BM1), 
using tagged VLANs.
Speed shaper and subscriber access realizing by CISCO SCE8000.
Our network topology consist of about ten hardware routers on different regions 
and this routers have a default route to NAT servers (this is static route). In 
other words every region router depended on NAT server. We want to keep this 
topology, because this works good.
> So you already run double NAT?
No, we doesnt do this scheme, VPP only for testing purpose in our office only, 
not for all subscribers yet.
> Any idea of how many PPTP users you have? E.g if you are restricting to one 
> PPTP session per subscriber, you may be able to create transport independent 
> sessions for those. That is only use IP src, dst and protocol.
Yes, im running tcpdump on every NAT servers and calculate how much subscribers 
using PPTP sessions, but this statistic only for 3 hours. Its about 1000 
subscribers, im thinking this number is bigger at another time. We can thinking 
that 3000 subscribers can using PPTP. But this will be difficultly to support 
transport independent sessions for those.
> Does iptables have a PPTP ALG?
Yes, iptables support PPTP ALG (in Linux kernel 3.10, CentOS 7).
> For the other IPv4 sunsetting mechanisms (MAP-E, MAP-T, LW46, ...), we (as in 
> the IETF) decided to not support those protocols.
Not sure, that we are needed this mechanisms.
> Just move people to IPv6. ;-)
This will planned after... sometimes ;-) But if seriously this is very 
expensive, ipv6 addressing much more expensive, then ipv4.

> Another approach would be to do ALGs as plugins into the SNAT code. Need to 
> think some more about that.
Its not critical how to integrate this to VPP staticaly or pluggable. If this 
will be doing, we can integrate VPP to our production network. SIP proto is 
needed too.So, i dont khow about SNMP, as im understand this is not working to 
via SNAT plugin too. But im thinking that SNMP not using much subscribers, but 
if using, we can recommend those to use SNMP in any tunnel transport.
Thanks!
 

--
Yours sincerely,
Denis Lotarev


On Wednesday, June 14, 2017, 1:31:28 AM GMT+5, otr...@employees.org 
 wrote:

Denis,

[off-list]


> Im agree with you as the end user, that this protocols are insecure and 
> deprecated, but so on the other hand, as service provider we are should 
> transmit all client traffic to another point :)
> Service provider shouldnt tell the client what protocols to use or not use.
> And if ISP have about 1 clients with pptp or sip protocols (only for 
> forward this traffic to another point), what should do service provider 
> without supporting ALG?

Certainly cool if you could find a use for VPP this way.

So you already run double NAT?
Any idea of how many PPTP users you have? E.g if you are restricting to one 
PPTP session per subscriber, you may be able to create transport independent 
sessions for those. That is only use IP src, dst and protocol.
For SIP that approach might be trickier.

Does iptables have a PPTP ALG?

For the other IPv4 sunsetting mechanisms (MAP-E, MAP-T, LW46, ...), we (as in 
the IETF) decided to not support those protocols.
Just move people to IPv6. ;-)

Another approach would be to do ALGs as plugins into the SNAT code. Need to 
think some more about that.

Cheers,
Ole___
vpp-dev mailing list
vpp-dev@lists.fd.io
https://lists.fd.io/mailman/listinfo/vpp-dev

Re: [vpp-dev] New vpp node

[Alessio Silvestro]

Hi Neale,

thanks for the info.

Just to further clarify for the community.

To start vpp with gdb run:

~/vpp/make build && make debug

then run:

(gdb) r -c /etc/vpp/startup.conf

(gdb) bt

Best regards,
Alessio


On Mon, Jun 12, 2017 at 7:55 PM, Neale Ranns (nranns) 
wrote:

> Hi Alessio,
>
>
>
> Nothing wrong with your method of compiling/running. Time to break out the
> debugger;
>
> sudo gdb ~/vpp/build-root/build-vpp_debug-native/vpp/bin/vpp
>
> (gdb) r -c /etc/vpp/startup.conf
>
> (gdb) bt
>
>
>
>
>
> /neale
>
>
>
> *From: * on behalf of Alessio Silvestro <
> ale.silver...@gmail.com>
> *Date: *Monday, 12 June 2017 at 17:42
> *To: *"vpp-dev@lists.fd.io" 
> *Subject: *[vpp-dev] New vpp node
>
>
>
> Dear all,
>
>
>
> I am implementing a new node in VPP.
>
>
>
> The code is in ~/vpp/src/vnet/mynode/
>
>
>
> In order to compile the code, I added the following lines to the file
> ~/vpp/src/vnet.am
>
>
>
> libvnet_la_SOURCES +=   \
>
>  vnet/mynode/my_file.c
>
> nobase_include_HEADERS +=   \
>
>  vnet/mynode/my_file.h
>
>
>
> When I do from the top directory
>
> make build
>
>
>
> it compiles also my code, without any error.
>
>
>
> Now when I try to run vpp with the command
>
> ~/vpp/build-root/build-vpp_debug-native/vpp/bin/vpp -c
> /etc/vpp/startup.conf
>
> I have the following output:
>
> vlib_plugin_early_init:356: plugin path /usr/lib/vpp_plugins
>
> load_one_plugin:184: Loaded plugin: acl_plugin.so (Access Control Lists)
>
> load_one_plugin:184: Loaded plugin: dpdk_plugin.so (Data Plane Development
> Kit (DPDK))
>
> load_one_plugin:184: Loaded plugin: flowprobe_plugin.so (Flow per Packet)
>
> load_one_plugin:184: Loaded plugin: gtpu_plugin.so (GTPv1-U)
>
> load_one_plugin:184: Loaded plugin: ila_plugin.so (Identifier-locator
> addressing for IPv6)
>
> load_one_plugin:184: Loaded plugin: ioam_plugin.so (Inbound OAM)
>
> load_one_plugin:114: Plugin disabled (default): ixge_plugin.so
>
> load_one_plugin:184: Loaded plugin: lb_plugin.so (Load Balancer)
>
> load_one_plugin:184: Loaded plugin: libsixrd_plugin.so (IPv6 Rapid
> Deployment on IPv4 Infrastructure (RFC5969))
>
> load_one_plugin:184: Loaded plugin: memif_plugin.so (Packet Memory
> Interface (experimetal))
>
> load_one_plugin:184: Loaded plugin: snat_plugin.so (Network Address
> Translation)
>
> Segmentation fault
>
>
>
>
>
> My questions is the following: is there a segmentation fault because of my
> code or because of the set of operation I am doing?
>
>
>
> Best regards,
>
> Alessio
>
>
___
vpp-dev mailing list
vpp-dev@lists.fd.io
https://lists.fd.io/mailman/listinfo/vpp-dev

[vpp-dev] connection interruptiones between jenkins executor and VIRL servers

[Jan Gelety -X (jgelety - PANTHEON TECHNOLOGIES at Cisco)]

Dear  held...@fd.io

We are observing connection issues between Jenkins executors and VIRL servers 
that leads to failures of verify jobs 
(https://jenkins.fd.io/view/vpp/job/vpp-csit-verify-virl-master/, 
https://jenkins.fd.io/view/csit/job/csit-vpp-functional-master-ubuntu1604-virl/,
 https://jenkins.fd.io/view/csit/job/csit-vpp-functional-master-centos7-virl/) 
because of ssh connection timeouts.

Could you, please, have a look on it?

Thank you very much.

Regards,
Jan
___
vpp-dev mailing list
vpp-dev@lists.fd.io
https://lists.fd.io/mailman/listinfo/vpp-dev

[vpp-dev] FW: [FD.io Helpdesk #41921] AutoReply: connection interruptiones between jenkins executor and VIRL servers

[Jan Gelety -X (jgelety - PANTHEON TECHNOLOGIES at Cisco)]

FYI

-Original Message-
From: FD.io Helpdesk via RT [mailto:fdio-helpd...@rt.linuxfoundation.org] 
Sent: Wednesday, June 14, 2017 14:13
To: Jan Gelety -X (jgelety - PANTHEON TECHNOLOGIES at Cisco) 
Subject: [FD.io Helpdesk #41921] AutoReply: connection interruptiones between 
jenkins executor and VIRL servers


Greetings,

Your support ticket regarding:
"connection interruptiones between jenkins executor and VIRL servers", 
has been entered in our ticket tracker.  A summary of your ticket appears below.

If you have any follow-up related to this issue, please reply to this email or 
include:

 [FD.io Helpdesk #41921]

in the subject line of subsequent emails.

Thank you,
Linux Foundation Support Team

-
Dear  held...@fd.io

We are observing connection issues between Jenkins executors and VIRL servers 
that leads to failures of verify jobs 
(https://jenkins.fd.io/view/vpp/job/vpp-csit-verify-virl-master/, 
https://jenkins.fd.io/view/csit/job/csit-vpp-functional-master-ubuntu1604-virl/,
 https://jenkins.fd.io/view/csit/job/csit-vpp-functional-master-centos7-virl/) 
because of ssh connection timeouts.

Could you, please, have a look on it?

Thank you very much.

Regards,
Jan

___
vpp-dev mailing list
vpp-dev@lists.fd.io
https://lists.fd.io/mailman/listinfo/vpp-dev

Re: [vpp-dev] ALG

[Denis Lotarev via vpp-dev]

Hi, Ole.
We are trying to test SIP to asterisk (which outside VPP network) port 5060 UDP 
and its work normaly via SNAT plugin (static and dynamic nat working well).Also 
we are trying to test SIP to yate (minimal sip server) inside VPP network with 
SNAT hairpin and its work correctly too. And also we are connected to yate from 
outside VPP network, this simply works! :-)
Also we are testing FTP client from Internet Explorer Windows 10 and IRC client 
they are works well too.

After that testing we need only PPTP protocol via S-NAT plugin, which not work 
today.




--
Yours sincerely,
Denis Lotarev


On Tuesday, June 13, 2017, 6:23:14 PM GMT+5,  wrote:

Denis,

> Hi! Im working on Internet service provider, and ALG require for clients 
> which connected to their offices via pptp, sip, etc.
> But current SNAT plugin in master (build #2482) doesnt support pptp proto 
> inside (maybe sip also).

Yeah, don't use PPTP. Insecure and broken.
SIP applications must use ICE.

I'm sure whomever is using PPTP is looking for an excuse to move away from that 
protocol. ;-)

Best regards,
Ole
___
vpp-dev mailing list
vpp-dev@lists.fd.io
https://lists.fd.io/mailman/listinfo/vpp-dev

[vpp-dev] QoS/Policy

[Dana Kutenicsova]

Hi all,
I'm looking for some information about QoS/Policy implementation in VPP.
I've found just pieces of documentation about Hierarchical Scheduler and 
policer-api.
Can you please point me to any documentation, presentations dealing
with this topic?
Thanks,
Dana Kutenicsova
Software Engineer
Frinx s.r.o.
Mlynské Nivy 48 / 821 09 Bratislava / Slovakia
+421 2 20 91 01 41 / dkutenics...@frinx.io / 
www.frinx.io
[cid:image002.png@01D24FBB.70342570]

___
vpp-dev mailing list
vpp-dev@lists.fd.io
https://lists.fd.io/mailman/listinfo/vpp-dev

Re: [vpp-dev] ALG

[otroan]

Hi Denis,

> We are trying to test SIP to asterisk (which outside VPP network) port 5060 
> UDP and its work normaly via SNAT plugin (static and dynamic nat working 
> well).Also we are trying to test SIP to yate (minimal sip server) inside VPP 
> network with SNAT hairpin and its work correctly too. And also we are 
> connected to yate from outside VPP network, this simply works! :-)
> 
> Also we are testing FTP client from Internet Explorer Windows 10 and IRC 
> client they are works well too.

That's cool!

> After that testing we need only PPTP protocol via S-NAT plugin, which not 
> work today.

I guess I need to read up on PPTP (sigh).
Does the protocol work through a 1:1 NAT today?

If so... what's the size of your external IPv4 pool?

Are you able to perform some measurements of the number of PPTP sessions?
Or rather the number of sessions you have which are not UDP, TCP. And sort them 
IP src, dst and protocol?

The question I want to answer is. How big must the external IPv4 pool be, for a 
transport layer independent NAT to function.
E.g. if all your PPTP sessions goes to _different_ destination addresses, a 
single IPv4 address works fine.
But if a larger number than the number of source addresses PPTP sessions go to 
the _same_ destination address we would be in trouble.

Best regards,
Ole


signature.asc
Description: Message signed with OpenPGP
___
vpp-dev mailing list
vpp-dev@lists.fd.io
https://lists.fd.io/mailman/listinfo/vpp-dev

Re: [vpp-dev] ALG

[Denis Lotarev via vpp-dev]

> I guess I need to read up on PPTP (sigh).
> Does the protocol work through a 1:1 NAT today?
We need a little time to check this inside VPP network (install any pptp server 
inside VPP network and connect via public IPs inside VPP network between server 
and client). Or if you are talking about current _iptables_ scheme? In our 
current iptables scheme pptp traffic going through a dynamic NAT and 1:1 NAT 
too.
> If so... what's the size of your external IPv4 pool?
We have four servers for NAT pooling, each server have one network block /24 
public addressing (summary four network block by /24 using).Another two servers 
have four network blocks /24 public addressing for 1:1 NAT (one server active, 
second backup).
> Are you able to perform some measurements of the number of PPTP sessions?
So, are you talking about totally pps for this PPTP sessions?
> E.g. if all your PPTP sessions goes to _different_ destination addresses, a 
> single IPv4 address works fine.
> But if a larger number than the number of source addresses PPTP sessions go 
> to the _same_ destination address we would be in trouble.
Each inside suscriber  (src_ips is different) connected to outside network 
(dst_ips is different), going throught pool NAT (dynamic NAT) (nat_public_ips 
is differnet, because every suscriber is hashing by iptables, as i know) and 
1:1 NAT (if suscriber has this option).
Thanks!

 

--
Yours sincerely,
Denis Lotarev


On Wednesday, June 14, 2017, 5:24:03 PM GMT+5,  wrote:

Hi Denis,

> We are trying to test SIP to asterisk (which outside VPP network) port 5060 
> UDP and its work normaly via SNAT plugin (static and dynamic nat working 
> well).Also we are trying to test SIP to yate (minimal sip server) inside VPP 
> network with SNAT hairpin and its work correctly too. And also we are 
> connected to yate from outside VPP network, this simply works! :-)
> 
> Also we are testing FTP client from Internet Explorer Windows 10 and IRC 
> client they are works well too.

That's cool!

> After that testing we need only PPTP protocol via S-NAT plugin, which not 
> work today.

I guess I need to read up on PPTP (sigh).
Does the protocol work through a 1:1 NAT today?

If so... what's the size of your external IPv4 pool?

Are you able to perform some measurements of the number of PPTP sessions?
Or rather the number of sessions you have which are not UDP, TCP. And sort them 
IP src, dst and protocol?

The question I want to answer is. How big must the external IPv4 pool be, for a 
transport layer independent NAT to function.
E.g. if all your PPTP sessions goes to _different_ destination addresses, a 
single IPv4 address works fine.
But if a larger number than the number of source addresses PPTP sessions go to 
the _same_ destination address we would be in trouble.

Best regards,
Ole___
vpp-dev mailing list
vpp-dev@lists.fd.io
https://lists.fd.io/mailman/listinfo/vpp-dev

Re: [vpp-dev] problem getting udp_register_dst_port interface to work.

[Guy Doucet -X (gudoucet - FLEXTRONICS CANADA DESIGN SERVICES INC at Cisco)]

Thanks for your help Neal,

I was missing the return route. I added the following and I am now receiving 
packets:

vppctl ip route add 10.10.10.0/24 via 10.30.5.1 TenGigabitEthernet81/0/0

Guy

From: Neale Ranns (nranns)
Sent: Tuesday, June 13, 2017 4:47 PM
To: Guy Doucet -X (gudoucet - FLEXTRONICS CANADA DESIGN SERVICES INC at Cisco); 
vpp-dev
Subject: Re: [vpp-dev] problem getting udp_register_dst_port interface to work.

Hi Guy,

Your cofing looks fine. But since you’ve programmed an (S,G) can I please see:
  sh ip mfib 10.10.10.34 232.0.0.1

since this is ‘for-us’ traffic you still have to abide by the ‘need a route 
back to the sender’ rule. So please;
  sh ip fib 10.10.10.34

also;
sh error
is helpful in the game of who-dropped-my-packet.

Thanks,
neale

From: "Guy Doucet -X (gudoucet - FLEXTRONICS CANADA DESIGN SERVICES INC at 
Cisco)" mailto:gudou...@cisco.com>>
Date: Tuesday, 13 June 2017 at 20:55
To: "Neale Ranns (nranns)" mailto:nra...@cisco.com>>, vpp-dev 
mailto:vpp-dev@lists.fd.io>>
Subject: RE: [vpp-dev] problem getting udp_register_dst_port interface to work.

I configured mroute as follows:

vppctl ip mroute 10.10.10.34 232.0.0.1 via TenGigabitEthernet81/0/0 Accept
vppctl ip mroute 10.10.10.34 232.0.0.1 via local Forward

Is this correct?

I get the following output for vppclt sh ip mfib 232.0.0.1
ipv4-VRF:0, fib_index 0
(*, 0.0.0.0/0):  flags:D,
fib:0 index:0 locks:1
  src:Default Route:  flags:D,
Extensions:
Interface-Forwarding:

  Interfaces:
  RPF-ID:0
  multicast-ip4-chain
  [@0]: dpo-drop ip4

The full trace back is as follows:

01:22:29:244227: dpdk-input
  TenGigabitEthernet81/0/0 rx queue 0
  buffer 0xdc70d0: current data 14, length 1428, free-list 0, clone-count 0, 
totlen-nifb 0, trace 0x9
  PKT MBUF: port 0, nb_segs 1, pkt_len 1442
buf_len 2176, data_len 1442, ol_flags 0x88, data_off 128, phys_addr 
0x89bd940
packet_type 0x0
Packet Offload Flags
  PKT_RX_L4_CKSUM_BAD (0x0008) L4 cksum of RX pkt. is not OK
  PKT_RX_IP_CKSUM_GOOD (0x0080) IP cksum of RX pkt. is valid
  IP4: 00:02:c5:1b:51:08 -> 01:00:5e:00:00:01
  UDP: 10.10.10.34 -> 232.0.0.1
tos 0x00, ttl 0, length 1428, checksum 0x792c
fragment id 0x, flags DONT_FRAGMENT
  UDP: 1234 -> 5001
length 1408, checksum 0x
01:22:29:244229: ip4-input-no-checksum
  UDP: 10.10.10.34 -> 232.0.0.1
tos 0x00, ttl 0, length 1428, checksum 0x792c
fragment id 0x, flags DONT_FRAGMENT
  UDP: 1234 -> 5001
length 1408, checksum 0x
01:22:29:244231: ip4-mfib-forward-lookup
  fib 0 entry 6
01:22:29:244231: ip4-mfib-forward-rpf
  entry 6 1 Accept,

Thanks,

Guy

From: Neale Ranns (nranns)
Sent: Tuesday, June 13, 2017 12:20 PM
To: Guy Doucet -X (gudoucet - FLEXTRONICS CANADA DESIGN SERVICES INC at Cisco); 
vpp-dev
Subject: Re: [vpp-dev] problem getting udp_register_dst_port interface to work.


Hi Guy,

If that’s the full packet trace, then it looks like the packet was dropped by 
an input feature. Use:
  sh int feat 
To see what’s configured. Do you have an IP address configured on the input 
interface? You’ll need one.

If it’s not that, do you have a route for 232.0.0.1 in the multicast FIB? If so 
what is it:
  sh ip mfib 232.0.0.1

Regards,
Neale


From: mailto:vpp-dev-boun...@lists.fd.io>> on 
behalf of "Guy Doucet -X (gudoucet - FLEXTRONICS CANADA DESIGN SERVICES INC at 
Cisco)" mailto:gudou...@cisco.com>>
Date: Tuesday, 13 June 2017 at 16:56
To: vpp-dev mailto:vpp-dev@lists.fd.io>>
Subject: [vpp-dev] problem getting udp_register_dst_port interface to work.

I am trying to process the following packets using the udp_register_dst_port 
interface:

  UDP: 10.10.10.34 -> 232.0.0.1
tos 0x00, ttl 0, length 1428, checksum 0x792c
fragment id 0x, flags DONT_FRAGMENT
  UDP: 1234 -> 5001
length 1408, checksum 0x
01:22:29:244229: ip4-input-no-checksum
  UDP: 10.10.10.34 -> 232.0.0.1
tos 0x00, ttl 0, length 1428, checksum 0x792c
fragment id 0x, flags DONT_FRAGMENT
  UDP: 1234 -> 5001

My registration function below is getting called:

#define UDP_DST_PORT_stream 5001
  udp_register_dst_port (vm, UDP_DST_PORT_stream,
 udp4_test_node.index, 1 /* is_ip4 */);

But I never get a call when packets are received. Any idea what could be going 
wrong or how to debug this?

Thanks,

Guy
___
vpp-dev mailing list
vpp-dev@lists.fd.io
https://lists.fd.io/mailman/listinfo/vpp-dev

Re: [vpp-dev] problem getting udp_register_dst_port interface to work.

[Guy Doucet -X (gudoucet - FLEXTRONICS CANADA DESIGN SERVICES INC at Cisco)]

I have one more questions,

If I do show int I get the following:
TenGigabitEthernet81/0/0  1 up
 rx packets   
1822911
 rx bytes  
2628637662
 drops
1814278
 ip4  
1822911
 rx-no-buf 
9066818592
 rx-miss  
2893555

My rx packets stop incrementing and the rx-ro-buf and rx-miss are incrementing.

What does this mean?

Thanks,

Guy


From: Neale Ranns (nranns)
Sent: Tuesday, June 13, 2017 4:47 PM
To: Guy Doucet -X (gudoucet - FLEXTRONICS CANADA DESIGN SERVICES INC at Cisco); 
vpp-dev
Subject: Re: [vpp-dev] problem getting udp_register_dst_port interface to work.

Hi Guy,

Your cofing looks fine. But since you’ve programmed an (S,G) can I please see:
  sh ip mfib 10.10.10.34 232.0.0.1

since this is ‘for-us’ traffic you still have to abide by the ‘need a route 
back to the sender’ rule. So please;
  sh ip fib 10.10.10.34

also;
sh error
is helpful in the game of who-dropped-my-packet.

Thanks,
neale

From: "Guy Doucet -X (gudoucet - FLEXTRONICS CANADA DESIGN SERVICES INC at 
Cisco)" mailto:gudou...@cisco.com>>
Date: Tuesday, 13 June 2017 at 20:55
To: "Neale Ranns (nranns)" mailto:nra...@cisco.com>>, vpp-dev 
mailto:vpp-dev@lists.fd.io>>
Subject: RE: [vpp-dev] problem getting udp_register_dst_port interface to work.

I configured mroute as follows:

vppctl ip mroute 10.10.10.34 232.0.0.1 via TenGigabitEthernet81/0/0 Accept
vppctl ip mroute 10.10.10.34 232.0.0.1 via local Forward

Is this correct?

I get the following output for vppclt sh ip mfib 232.0.0.1
ipv4-VRF:0, fib_index 0
(*, 0.0.0.0/0):  flags:D,
fib:0 index:0 locks:1
  src:Default Route:  flags:D,
Extensions:
Interface-Forwarding:

  Interfaces:
  RPF-ID:0
  multicast-ip4-chain
  [@0]: dpo-drop ip4

The full trace back is as follows:

01:22:29:244227: dpdk-input
  TenGigabitEthernet81/0/0 rx queue 0
  buffer 0xdc70d0: current data 14, length 1428, free-list 0, clone-count 0, 
totlen-nifb 0, trace 0x9
  PKT MBUF: port 0, nb_segs 1, pkt_len 1442
buf_len 2176, data_len 1442, ol_flags 0x88, data_off 128, phys_addr 
0x89bd940
packet_type 0x0
Packet Offload Flags
  PKT_RX_L4_CKSUM_BAD (0x0008) L4 cksum of RX pkt. is not OK
  PKT_RX_IP_CKSUM_GOOD (0x0080) IP cksum of RX pkt. is valid
  IP4: 00:02:c5:1b:51:08 -> 01:00:5e:00:00:01
  UDP: 10.10.10.34 -> 232.0.0.1
tos 0x00, ttl 0, length 1428, checksum 0x792c
fragment id 0x, flags DONT_FRAGMENT
  UDP: 1234 -> 5001
length 1408, checksum 0x
01:22:29:244229: ip4-input-no-checksum
  UDP: 10.10.10.34 -> 232.0.0.1
tos 0x00, ttl 0, length 1428, checksum 0x792c
fragment id 0x, flags DONT_FRAGMENT
  UDP: 1234 -> 5001
length 1408, checksum 0x
01:22:29:244231: ip4-mfib-forward-lookup
  fib 0 entry 6
01:22:29:244231: ip4-mfib-forward-rpf
  entry 6 1 Accept,

Thanks,

Guy

From: Neale Ranns (nranns)
Sent: Tuesday, June 13, 2017 12:20 PM
To: Guy Doucet -X (gudoucet - FLEXTRONICS CANADA DESIGN SERVICES INC at Cisco); 
vpp-dev
Subject: Re: [vpp-dev] problem getting udp_register_dst_port interface to work.


Hi Guy,

If that’s the full packet trace, then it looks like the packet was dropped by 
an input feature. Use:
  sh int feat 
To see what’s configured. Do you have an IP address configured on the input 
interface? You’ll need one.

If it’s not that, do you have a route for 232.0.0.1 in the multicast FIB? If so 
what is it:
  sh ip mfib 232.0.0.1

Regards,
Neale


From: mailto:vpp-dev-boun...@lists.fd.io>> on 
behalf of "Guy Doucet -X (gudoucet - FLEXTRONICS CANADA DESIGN SERVICES INC at 
Cisco)" mailto:gudou...@cisco.com>>
Date: Tuesday, 13 June 2017 at 16:56
To: vpp-dev mailto:vpp-dev@lists.fd.io>>
Subject: [vpp-dev] problem getting udp_register_dst_port interface to work.

I am trying to process the following packets using the udp_register_dst_port 
interface:

  UDP: 10.10.10.34 -> 232.0.0.1
tos 0x00, ttl 0, length 1428, checksum 0x792c
fragment id 0x, flags DONT_FRAGMENT
  UDP: 1234 -> 5001
length 1408, checksum 0x
01:22:29:244229: ip4-input-no-checksum
  UDP: 10.10.10.34 -> 232.0.0.1
tos 0x00, ttl 0, length 1428, checksum 0x792c
fragment id 0x, flags DONT_FRAGMENT
  UDP: 1234 -> 5001

My registration function below is getting called:

#define UDP_DST_PORT_stream 5001
  udp_register_dst_port (vm, UDP_DST_PORT_stream,
 udp4_test_node.index, 1 /* is_ip4 */);

But I never get a call when packets are received. Any idea what could be going 
wrong or how to debug this?

Thanks,

Guy
___
vpp-dev mailing list
vpp-dev@lists.fd.io
https://lists.fd.io/mai

[vpp-dev] [FD.io Helpdesk #41921] connection interruptiones between jenkins executor and VIRL servers

[Anton Baranov via RT]

Jan: 

On  my side I currently don't see any connectivity problems between jenkins and 
VIRL servers. Please let me know if you're still having that issue. I'll keep 
an eye on that problem and if it reapears I'll report that to our cloud 
provider to check further. 

Thanks,
-- 
Anton Baranov
Systems and Network Administrator
The Linux Foundation

On Wed Jun 14 08:12:45 2017, jgel...@cisco.com wrote:
> Dear  held...@fd.io
> 
> We are observing connection issues between Jenkins executors and VIRL
> servers that leads to failures of verify jobs
> (https://jenkins.fd.io/view/vpp/job/vpp-csit-verify-virl-master/,
> https://jenkins.fd.io/view/csit/job/csit-vpp-functional-master-
> ubuntu1604-virl/, https://jenkins.fd.io/view/csit/job/csit-vpp-
> functional-master-centos7-virl/) because of ssh connection timeouts.
> 
> Could you, please, have a look on it?
> 
> Thank you very much.
> 
> Regards,
> Jan



___
vpp-dev mailing list
vpp-dev@lists.fd.io
https://lists.fd.io/mailman/listinfo/vpp-dev

Re: [vpp-dev] QoS/Policy

[Jerome Tollet (jtollet)]

Hi Dana,
Perhaps, you could take it from here: https://jira.fd.io/browse/HC2VPP-39
Jerome

De :  au nom de Dana Kutenicsova 

Date : mercredi 14 juin 2017 à 04:21
À : "vpp-dev@lists.fd.io" 
Objet : [vpp-dev] QoS/Policy

Hi all,
I’m looking for some information about QoS/Policy implementation in VPP.
I’ve found just pieces of documentation about Hierarchical Scheduler and 
policer-api.
Can you please point me to any documentation, presentations dealing
with this topic?
Thanks,
Dana Kutenicsova
Software Engineer
Frinx s.r.o.
Mlynské Nivy 48 / 821 09 Bratislava / Slovakia
+421 2 20 91 01 41 / dkutenics...@frinx.io / 
www.frinx.io
[id:image002.png@01D24FBB.70342570]

___
vpp-dev mailing list
vpp-dev@lists.fd.io
https://lists.fd.io/mailman/listinfo/vpp-dev

Re: [vpp-dev] problem getting udp_register_dst_port interface to work.

[Guy Doucet -X (gudoucet - FLEXTRONICS CANADA DESIGN SERVICES INC at Cisco)]

It turns out I had a bug in my code. I was not freeing the buffers properly.  I 
am still getting some rx-miss. What does this mean?

Thanks,

Guy

From: vpp-dev-boun...@lists.fd.io [mailto:vpp-dev-boun...@lists.fd.io] On 
Behalf Of Guy Doucet -X (gudoucet - FLEXTRONICS CANADA DESIGN SERVICES INC at 
Cisco)
Sent: Wednesday, June 14, 2017 9:26 AM
To: Neale Ranns (nranns); vpp-dev
Subject: Re: [vpp-dev] problem getting udp_register_dst_port interface to work.

I have one more questions,

If I do show int I get the following:
TenGigabitEthernet81/0/0  1 up
 rx packets   
1822911
 rx bytes  
2628637662
 drops
1814278
 ip4  
1822911
 rx-no-buf 
9066818592
 rx-miss  
2893555

My rx packets stop incrementing and the rx-ro-buf and rx-miss are incrementing.

What does this mean?

Thanks,

Guy


From: Neale Ranns (nranns)
Sent: Tuesday, June 13, 2017 4:47 PM
To: Guy Doucet -X (gudoucet - FLEXTRONICS CANADA DESIGN SERVICES INC at Cisco); 
vpp-dev
Subject: Re: [vpp-dev] problem getting udp_register_dst_port interface to work.

Hi Guy,

Your cofing looks fine. But since you’ve programmed an (S,G) can I please see:
  sh ip mfib 10.10.10.34 232.0.0.1

since this is ‘for-us’ traffic you still have to abide by the ‘need a route 
back to the sender’ rule. So please;
  sh ip fib 10.10.10.34

also;
sh error
is helpful in the game of who-dropped-my-packet.

Thanks,
neale

From: "Guy Doucet -X (gudoucet - FLEXTRONICS CANADA DESIGN SERVICES INC at 
Cisco)" mailto:gudou...@cisco.com>>
Date: Tuesday, 13 June 2017 at 20:55
To: "Neale Ranns (nranns)" mailto:nra...@cisco.com>>, vpp-dev 
mailto:vpp-dev@lists.fd.io>>
Subject: RE: [vpp-dev] problem getting udp_register_dst_port interface to work.

I configured mroute as follows:

vppctl ip mroute 10.10.10.34 232.0.0.1 via TenGigabitEthernet81/0/0 Accept
vppctl ip mroute 10.10.10.34 232.0.0.1 via local Forward

Is this correct?

I get the following output for vppclt sh ip mfib 232.0.0.1
ipv4-VRF:0, fib_index 0
(*, 0.0.0.0/0):  flags:D,
fib:0 index:0 locks:1
  src:Default Route:  flags:D,
Extensions:
Interface-Forwarding:

  Interfaces:
  RPF-ID:0
  multicast-ip4-chain
  [@0]: dpo-drop ip4

The full trace back is as follows:

01:22:29:244227: dpdk-input
  TenGigabitEthernet81/0/0 rx queue 0
  buffer 0xdc70d0: current data 14, length 1428, free-list 0, clone-count 0, 
totlen-nifb 0, trace 0x9
  PKT MBUF: port 0, nb_segs 1, pkt_len 1442
buf_len 2176, data_len 1442, ol_flags 0x88, data_off 128, phys_addr 
0x89bd940
packet_type 0x0
Packet Offload Flags
  PKT_RX_L4_CKSUM_BAD (0x0008) L4 cksum of RX pkt. is not OK
  PKT_RX_IP_CKSUM_GOOD (0x0080) IP cksum of RX pkt. is valid
  IP4: 00:02:c5:1b:51:08 -> 01:00:5e:00:00:01
  UDP: 10.10.10.34 -> 232.0.0.1
tos 0x00, ttl 0, length 1428, checksum 0x792c
fragment id 0x, flags DONT_FRAGMENT
  UDP: 1234 -> 5001
length 1408, checksum 0x
01:22:29:244229: ip4-input-no-checksum
  UDP: 10.10.10.34 -> 232.0.0.1
tos 0x00, ttl 0, length 1428, checksum 0x792c
fragment id 0x, flags DONT_FRAGMENT
  UDP: 1234 -> 5001
length 1408, checksum 0x
01:22:29:244231: ip4-mfib-forward-lookup
  fib 0 entry 6
01:22:29:244231: ip4-mfib-forward-rpf
  entry 6 1 Accept,

Thanks,

Guy

From: Neale Ranns (nranns)
Sent: Tuesday, June 13, 2017 12:20 PM
To: Guy Doucet -X (gudoucet - FLEXTRONICS CANADA DESIGN SERVICES INC at Cisco); 
vpp-dev
Subject: Re: [vpp-dev] problem getting udp_register_dst_port interface to work.


Hi Guy,

If that’s the full packet trace, then it looks like the packet was dropped by 
an input feature. Use:
  sh int feat 
To see what’s configured. Do you have an IP address configured on the input 
interface? You’ll need one.

If it’s not that, do you have a route for 232.0.0.1 in the multicast FIB? If so 
what is it:
  sh ip mfib 232.0.0.1

Regards,
Neale


From: mailto:vpp-dev-boun...@lists.fd.io>> on 
behalf of "Guy Doucet -X (gudoucet - FLEXTRONICS CANADA DESIGN SERVICES INC at 
Cisco)" mailto:gudou...@cisco.com>>
Date: Tuesday, 13 June 2017 at 16:56
To: vpp-dev mailto:vpp-dev@lists.fd.io>>
Subject: [vpp-dev] problem getting udp_register_dst_port interface to work.

I am trying to process the following packets using the udp_register_dst_port 
interface:

  UDP: 10.10.10.34 -> 232.0.0.1
tos 0x00, ttl 0, length 1428, checksum 0x792c
fragment id 0x, flags DONT_FRAGMENT
  UDP: 1234 -> 5001
length 1408, checksum 0x
01:22:29:244229: ip4-input-no-checksum
  UDP: 10.10.10.34 -> 232.0.0.1
tos 0x00, ttl 0, length 1428, checksum 0x792c
fragment id 0x, flags DONT_

[vpp-dev] VPP: Answer UDP Packets

[Alessio Silvestro]

Dear all,

I implemented a new VPP node that receives UDP traffic using the following
function:

udp_register_dst_port (vm, PORT, my_node.index , 1 /* is_ip4 */);


I am able to parse the packet and I would like to be able to send back an
UDP packet.


Looking at the source code, the only function that seems fit my scope is
the following (in ~/vpp/src/vnet/udp/udp.h)
ip_udp_encap_one (vlib_main_t * vm, vlib_buffer_t * b0, u8 * ec0, word
ec_len,

  u8 is_ip4)


Is that correct or there is another function for this purpose?


Thanks in advance for any help.

Best regards,

Alessio
___
vpp-dev mailing list
vpp-dev@lists.fd.io
https://lists.fd.io/mailman/listinfo/vpp-dev

Re: [vpp-dev] VPP: Answer UDP Packets

[Klement Sekera -X (ksekera - PANTHEON TECHNOLOGIES at Cisco)]

Hi Alessio,

you can take a look at BFD code which

a.) creates and sends its own UDP packets - bfd_main.c -
bfd_send_periodic() creates, encapsulates (UDP) and sends a packet out
b.) loops back packets received - bfd_udp.c - bfd_udp_echo_input()

I'm not sure what's your use case, whether you are trying to reuse
existing buffer, but one of these should fit it.

Regards,
Klement

Quoting Alessio Silvestro (2017-06-14 17:22:14)
>Dear all,
>I implemented a new VPP node that receives UDP traffic using the following
>function:
> 
>udp_register_dst_port (vm, PORT, my_node.index , 1 /* is_ip4 */);
> 
>I am able to parse the packet and I would like to be able to send back an
>UDP packet.
> 
>Looking at the source code, the only function that seems fit my scope is
>the following (in ~/vpp/src/vnet/udp/udp.h) 
> 
>ip_udp_encap_one (vlib_main_t * vm, vlib_buffer_t * b0, u8 * ec0, word
>ec_len,
> 
>          u8 is_ip4)
> 
>Is that correct or there is another function for this purpose?
> 
>Thanks in advance for any help.
> 
>Best regards,
> 
>Alessio
___
vpp-dev mailing list
vpp-dev@lists.fd.io
https://lists.fd.io/mailman/listinfo/vpp-dev

[vpp-dev] generated packets contain only zeroes

[Idan Lavie]

Hi,

I'm using the packet generator to create packets and send them to a specific 
interface. My stream looks like that:

packet-generator new {
   name s0
   limit 1
   size 115-115
   node GigabitEthernetb/0/0
   data {
  0x0800: 00d7.8f3e.8b6b -> 1402.ec41.4540
  hex 
0x454c28ad40007c06f2415b5a8044ac175c07c4c40016f44a62d80f22f5a0501800fc681faf147bb332ace20645691b80367dc77291bd2fe8da9914fcd1736a6c9ec2a90070c8fe12
 }
   }
However, the packet originated by the packet generator contains only zeros.


This is the trace for the packet:
vpp# show tr
--- Start of thread 0 vpp_main ---
Packet 1

00:48:45:201784: pg-input
  stream s3, 90 bytes
  current data 0, length 90, free-list 5, trace 0x0
  0x: 00:00:00:00:00:00 -> 00:00:00:00:00:00
00:48:45:201809: GigabitEthernetb/0/0-output
  local0
  0x: 00:00:00:00:00:00 -> 00:00:00:00:00:00
00:48:45:201812: GigabitEthernetb/0/0-tx
  GigabitEthernetb/0/0 tx queue 0
  buffer 0x34599: current data 0, length 90, free-list


I also verified it with tcpdump on the connected peer and the packets contains 
only zeroes.
If I change the node in the stream from the output node of an interface to be 
ethernet-input node, everything seems to work fine.

I'm currently using vpp 17.01.

Did someone encountered similar behavior, or alternatively managed to send 
packets using the packet generator to a specific interface (without going 
through the l2/l3 routing decisions)?

Thanks!




___
vpp-dev mailing list
vpp-dev@lists.fd.io
https://lists.fd.io/mailman/listinfo/vpp-dev

Re: [vpp-dev] shadow build system change adding test-debug job

[Ed Kern (ejk)]

alright klement/dave

im a bit stuck again…

i get about an 60+% failure rate out of test-debug even with higher than normal 
cpu settings (higher than just what i use for build verify)

always right here


19:43:38 
==
19:43:38 ERROR: L2 FIB test 7 - flush bd_id
19:43:38 
--
19:43:38 Traceback (most recent call last):
19:43:38   File 
"/workspace/vpp-test-debug-master-ubuntu1604/test/test_l2_fib.py", line 508, in 
test_l2_fib_07
19:43:38 self.run_verify_negat_test(bd_id=1, dst_hosts=flushed)
19:43:38   File 
"/workspace/vpp-test-debug-master-ubuntu1604/test/test_l2_fib.py", line 418, in 
run_verify_negat_test
19:43:38 i.get_capture(0, timeout=timeout)
19:43:38   File 
"/workspace/vpp-test-debug-master-ubuntu1604/test/vpp_pg_interface.py", line 
240, in get_capture
19:43:38 (len(capture.res), expected_count, name))
19:43:38 Exception: Captured packets mismatch, captured 9 packets, expected 0 
packets on pg0
19:43:38
19:43:38 
==
19:43:38 ERROR: L2 FIB test 8 - flush all
19:43:38 
--
19:43:38 Traceback (most recent call last):
19:43:38   File 
"/workspace/vpp-test-debug-master-ubuntu1604/test/test_l2_fib.py", line 522, in 
test_l2_fib_08
19:43:38 self.run_verify_negat_test(bd_id=1, dst_hosts=flushed)
19:43:38   File 
"/workspace/vpp-test-debug-master-ubuntu1604/test/test_l2_fib.py", line 418, in 
run_verify_negat_test
19:43:38 i.get_capture(0, timeout=timeout)
19:43:38   File 
"/workspace/vpp-test-debug-master-ubuntu1604/test/vpp_pg_interface.py", line 
240, in get_capture
19:43:38 (len(capture.res), expected_count, name))
19:43:38 Exception: Captured packets mismatch, captured 9 packets, expected 0 
packets on pg0
19:43:38


when it fails its always the same two tests…always the same exception (captured 
9, expected 0)

its so consistent in its ‘death’ but so intermittent in frequency its freaking 
me out a bit…

any thoughts?

Ed



On May 24, 2017, at 8:42 AM, Klement Sekera -X (ksekera - PANTHEON TECHNOLOGIES 
at Cisco) mailto:ksek...@cisco.com>> wrote:

I know that the functional BFD tests passed so unless there is a bug in
the tests, the failures are pretty much timing issues. From my
experience the load is the culprit as the BFD tests test interactive
sessions, which need to be kept alive. The timings currently are set at
300ms and for most tests two keep-alives can be missed before the session
goes down on vpp side and asserts start failing. While this might seem
like ample time, especially on loaded systems there is a high chance
that at least one test will derp ...

I've also seen derps even on idle systems, where a select() call (used
by python in its own sleep() implementation) with timeout of 100ms returns
after 1-3 seconds.

Try running the bfd tests only (make test-all TEST=bfd) while no other tasks
are running - I think they should pass on your box just fine.

Thanks,
Klement

Quoting Ed Kern (ejk) (2017-05-24 16:27:10)
  right now its a VERY intentional mix…but depending on loading I could
  easily see this coming up if those timings are strict.
  To not dodge your question max loading on my slowest node would be 3
  concurrent builds on an Xeon™ E3-1240 v3 (4 cores @ 3.4Ghz)
yeah yeah stop laughing…..Do you have suggested or even guesstimate
  minimums in this regard…I could pretty trivially route them towards
  the larger set that I have right now if you think magic will result :)
  Ed
  PS thanks though..for whatever reason the type of errors I was getting
  didn’t naturally steer my mind towards cpu/io binding.

On May 24, 2017, at 12:57 AM, Klement Sekera -X (ksekera - PANTHEON
TECHNOLOGIES at Cisco) <[1]ksek...@cisco.com> 
wrote:
Hi Ed,

how fast are your boxes? And how many cores? The BFD tests struggle to
meet
the aggresive timings on slower boxes...

Thanks,
Klement

Quoting Ed Kern (ejk) (2017-05-23 20:43:55)

No problem.
If anyone is curious in rubbernecking the accident that is the
  current
test-all (at least for my build system)
adding a comment of
testall
SHOULD trigger and fire it off on my end.
make it all pass and you win a beer (or beverage of your choice)
Ed

  On May 23, 2017, at 11:34 AM, Dave Wallace
  <[1][2]dwallac...@gmail.com>
  wrote:
  Ed,

  Thanks for adding this to the shadow build system.  Real data on
  the
  cost and effectiveness of this will be most useful.

  -daw-
  On 5/23/2017 1:30 PM, Ed Kern (ejk) wrote:

  In the vpp-dev call a couple hours ago there was a discussion of
  running test-debug on 

Re: [vpp-dev] shadow build system change adding test-debug job

[John Lo (loj)]

These flush tests should be disabled for now, until Eyal put in a fix. It has 
to do with timing, that after flush, there is a slight delay before ager run to 
scan the FIB to delete the stale MACs. We are adding extra code in the L2 
forwarding path to fix this issue. There is an ongoing patch that did part 1 of 
the fix and Eyal will add an update to this patch to complete the fix: 
https://gerrit.fd.io/r/#/c/7136/

Eyal has another patch: https://gerrit.fd.io/r/#/c/7023/ to add VLAN tag 
rewrite tests and also disable these flush tests. However, it kept failing virl 
due to some unrelated IPv6 error which we are not sure why…

Regards,
John


From: vpp-dev-boun...@lists.fd.io [mailto:vpp-dev-boun...@lists.fd.io] On 
Behalf Of Ed Kern (ejk)
Sent: Wednesday, June 14, 2017 4:07 PM
To: Klement Sekera -X (ksekera - PANTHEON TECHNOLOGIES at Cisco) 
; Dave Wallace 
Cc: vpp-dev@lists.fd.io
Subject: Re: [vpp-dev] shadow build system change adding test-debug job


alright klement/dave

im a bit stuck again…

i get about an 60+% failure rate out of test-debug even with higher than normal 
cpu settings (higher than just what i use for build verify)

always right here


19:43:38 
==

19:43:38 ERROR: L2 FIB test 7 - flush bd_id

19:43:38 
--

19:43:38 Traceback (most recent call last):

19:43:38   File 
"/workspace/vpp-test-debug-master-ubuntu1604/test/test_l2_fib.py", line 508, in 
test_l2_fib_07

19:43:38 self.run_verify_negat_test(bd_id=1, dst_hosts=flushed)

19:43:38   File 
"/workspace/vpp-test-debug-master-ubuntu1604/test/test_l2_fib.py", line 418, in 
run_verify_negat_test

19:43:38 i.get_capture(0, timeout=timeout)

19:43:38   File 
"/workspace/vpp-test-debug-master-ubuntu1604/test/vpp_pg_interface.py", line 
240, in get_capture

19:43:38 (len(capture.res), expected_count, name))

19:43:38 Exception: Captured packets mismatch, captured 9 packets, expected 0 
packets on pg0

19:43:38

19:43:38 
==

19:43:38 ERROR: L2 FIB test 8 - flush all

19:43:38 
--

19:43:38 Traceback (most recent call last):

19:43:38   File 
"/workspace/vpp-test-debug-master-ubuntu1604/test/test_l2_fib.py", line 522, in 
test_l2_fib_08

19:43:38 self.run_verify_negat_test(bd_id=1, dst_hosts=flushed)

19:43:38   File 
"/workspace/vpp-test-debug-master-ubuntu1604/test/test_l2_fib.py", line 418, in 
run_verify_negat_test

19:43:38 i.get_capture(0, timeout=timeout)

19:43:38   File 
"/workspace/vpp-test-debug-master-ubuntu1604/test/vpp_pg_interface.py", line 
240, in get_capture

19:43:38 (len(capture.res), expected_count, name))

19:43:38 Exception: Captured packets mismatch, captured 9 packets, expected 0 
packets on pg0

19:43:38


when it fails its always the same two tests…always the same exception (captured 
9, expected 0)

its so consistent in its ‘death’ but so intermittent in frequency its freaking 
me out a bit…

any thoughts?

Ed



On May 24, 2017, at 8:42 AM, Klement Sekera -X (ksekera - PANTHEON TECHNOLOGIES 
at Cisco) mailto:ksek...@cisco.com>> wrote:

I know that the functional BFD tests passed so unless there is a bug in
the tests, the failures are pretty much timing issues. From my
experience the load is the culprit as the BFD tests test interactive
sessions, which need to be kept alive. The timings currently are set at
300ms and for most tests two keep-alives can be missed before the session
goes down on vpp side and asserts start failing. While this might seem
like ample time, especially on loaded systems there is a high chance
that at least one test will derp ...

I've also seen derps even on idle systems, where a select() call (used
by python in its own sleep() implementation) with timeout of 100ms returns
after 1-3 seconds.

Try running the bfd tests only (make test-all TEST=bfd) while no other tasks
are running - I think they should pass on your box just fine.

Thanks,
Klement

Quoting Ed Kern (ejk) (2017-05-24 16:27:10)

  right now its a VERY intentional mix…but depending on loading I could
  easily see this coming up if those timings are strict.
  To not dodge your question max loading on my slowest node would be 3
  concurrent builds on an Xeon™ E3-1240 v3 (4 cores @ 3.4Ghz)
yeah yeah stop laughing…..Do you have suggested or even guesstimate
  minimums in this regard…I could pretty trivially route them towards
  the larger set that I have right now if you think magic will result :)
  Ed
  PS thanks though..for whatever reason the type of errors I was getting
  didn’t naturally steer my mind towards cpu/io binding.

On May 24, 2017, at 12:57 AM, Klement Sekera -X (ksekera - PANTHEON
TECHNOLOGIES at Cisco) <[1]ksek...@cisco.com> 
wrote:
Hi Ed,

how

Re: [vpp-dev] ALG

[Denis Lotarev via vpp-dev]

Hi, Ole!Today we are testing SNAT plugin and PPTP connection by public ip and 
this is not working.Both machines have a static mapping, we are testing pptp by 
snat hairpin.Even if one machine (in outside VPP netwrok) can trying to connect 
to machine in inside VPP network (with static mapping by public ip) - 
connection lost.To be sure, we are testing this connection by local ips and 
this works.
Also, we are testing another two protocols - RTSP and L2TP and this works 
fine...


--
Yours sincerely,
Denis Lotarev


On Wednesday, June 14, 2017, 5:24:03 PM GMT+5,  wrote:

Hi Denis,

> We are trying to test SIP to asterisk (which outside VPP network) port 5060 
> UDP and its work normaly via SNAT plugin (static and dynamic nat working 
> well).Also we are trying to test SIP to yate (minimal sip server) inside VPP 
> network with SNAT hairpin and its work correctly too. And also we are 
> connected to yate from outside VPP network, this simply works! :-)
> 
> Also we are testing FTP client from Internet Explorer Windows 10 and IRC 
> client they are works well too.

That's cool!

> After that testing we need only PPTP protocol via S-NAT plugin, which not 
> work today.

I guess I need to read up on PPTP (sigh).
Does the protocol work through a 1:1 NAT today?

If so... what's the size of your external IPv4 pool?

Are you able to perform some measurements of the number of PPTP sessions?
Or rather the number of sessions you have which are not UDP, TCP. And sort them 
IP src, dst and protocol?

The question I want to answer is. How big must the external IPv4 pool be, for a 
transport layer independent NAT to function.
E.g. if all your PPTP sessions goes to _different_ destination addresses, a 
single IPv4 address works fine.
But if a larger number than the number of source addresses PPTP sessions go to 
the _same_ destination address we would be in trouble.

Best regards,
Ole___
vpp-dev mailing list
vpp-dev@lists.fd.io
https://lists.fd.io/mailman/listinfo/vpp-dev

Re: [vpp-dev] shadow build system change adding test-debug job

[Klement Sekera -X (ksekera - PANTHEON TECHNOLOGIES at Cisco)]

Ed, these tests don't rely on keeping an interactive sesion up, like BFD tests
do. Fast box is required only to pass e.g. the BFD tests reliably enough.
These are only part of test-all and test-debug-all targets because the
jenkins infrastructure wasn't able to pass them reliably enough..
I'm sorry if I didn't explain this deeply enough and caused confusion on
your side..

Thanks,
Klement

Quoting Ed Kern (ejk) (2017-06-14 22:07:18)
>alright klement/dave
>im a bit stuck again…
>i get about an 60+% failure rate out of test-debug even with higher than
>normal cpu settings (higher than just what i use for build verify)
>always right here
> 
>  19:43:38 
> ==
>  19:43:38 ERROR: L2 FIB test 7 - flush bd_id
>  19:43:38 
> --
>  19:43:38 Traceback (most recent call last):
>  19:43:38   File 
> "/workspace/vpp-test-debug-master-ubuntu1604/test/test_l2_fib.py", line 508, 
> in test_l2_fib_07
>  19:43:38 self.run_verify_negat_test(bd_id=1, dst_hosts=flushed)
>  19:43:38   File 
> "/workspace/vpp-test-debug-master-ubuntu1604/test/test_l2_fib.py", line 418, 
> in run_verify_negat_test
>  19:43:38 i.get_capture(0, timeout=timeout)
>  19:43:38   File 
> "/workspace/vpp-test-debug-master-ubuntu1604/test/vpp_pg_interface.py", line 
> 240, in get_capture
>  19:43:38 (len(capture.res), expected_count, name))
>  19:43:38 Exception: Captured packets mismatch, captured 9 packets, expected 
> 0 packets on pg0
>  19:43:38
>  19:43:38 
> ==
>  19:43:38 ERROR: L2 FIB test 8 - flush all
>  19:43:38 
> --
>  19:43:38 Traceback (most recent call last):
>  19:43:38   File 
> "/workspace/vpp-test-debug-master-ubuntu1604/test/test_l2_fib.py", line 522, 
> in test_l2_fib_08
>  19:43:38 self.run_verify_negat_test(bd_id=1, dst_hosts=flushed)
>  19:43:38   File 
> "/workspace/vpp-test-debug-master-ubuntu1604/test/test_l2_fib.py", line 418, 
> in run_verify_negat_test
>  19:43:38 i.get_capture(0, timeout=timeout)
>  19:43:38   File 
> "/workspace/vpp-test-debug-master-ubuntu1604/test/vpp_pg_interface.py", line 
> 240, in get_capture
>  19:43:38 (len(capture.res), expected_count, name))
>  19:43:38 Exception: Captured packets mismatch, captured 9 packets, expected 
> 0 packets on pg0
>  19:43:38
> 
>when it fails its always the same two tests…always the same exception
>(captured 9, expected 0)
>its so consistent in its ‘death’ but so intermittent in frequency its
>freaking me out a bit…
>any thoughts?
>Ed
> 
>  On May 24, 2017, at 8:42 AM, Klement Sekera -X (ksekera - PANTHEON
>  TECHNOLOGIES at Cisco) <[1]ksek...@cisco.com> wrote:
>  I know that the functional BFD tests passed so unless there is a bug in
>  the tests, the failures are pretty much timing issues. From my
>  experience the load is the culprit as the BFD tests test interactive
>  sessions, which need to be kept alive. The timings currently are set at
>  300ms and for most tests two keep-alives can be missed before the
>  session
>  goes down on vpp side and asserts start failing. While this might seem
>  like ample time, especially on loaded systems there is a high chance
>  that at least one test will derp ...
> 
>  I've also seen derps even on idle systems, where a select() call (used
>  by python in its own sleep() implementation) with timeout of 100ms
>  returns
>  after 1-3 seconds.
> 
>  Try running the bfd tests only (make test-all TEST=bfd) while no other
>  tasks
>  are running - I think they should pass on your box just fine.
> 
>  Thanks,
>  Klement
> 
>  Quoting Ed Kern (ejk) (2017-05-24 16:27:10)
> 
>  right now its a VERY intentional mix…but depending on loading I
>could
>  easily see this coming up if those timings are strict.  
>  To not dodge your question max loading on my slowest node would be 3
>  concurrent builds on an Xeon™ E3-1240 v3 (4 cores @ 3.4Ghz)
>    yeah yeah stop laughing…..Do you have suggested or even
>guesstimate
>  minimums in this regard…I could pretty trivially route them towards
>  the larger set that I have right now if you think magic will result
>:)
>  Ed
>  PS thanks though..for whatever reason the type of errors I was
>getting
>  didn’t naturally steer my mind towards cpu/io binding.
> 
>On May 24, 2017, at 12:57 AM, Klement Sekera -X (ksekera -
>PANTHEON
>TECHNOLOGIES at Cisco) <[1][2]ksek...@cisco.com> wrote:
>Hi Ed,
> 
>how fast are your boxes? And how many cores? The BFD tests
>struggle to
>meet
>