e both ABF and non-abf
ACL on the same interface. I agree, in any case, it should not result in a
crash.
thanks
Venkat
On Fri, Aug 7, 2020 at 9:59 AM Balaji Venkatraman via lists.fd.io wrote:
> Hi Venkat,
>
>
>
> Underlying the ABF is another ACL. When we attach an ABF to th
these tests.
DBGvpp# show version
vpp v19.08.1-282~ga6a98b546 built by root on 525c154d7fe6 at Tue Aug 4
21:10:49 UTC 2020
DBGvpp#
thanks
Venkat
On Fri, Aug 7, 2020 at 10:27 AM Andrew 👽 Yourtchenko
wrote:
> A contribution to “make test” that covers this scenario would be very much
&g
between 1908 vs 2001 or
2005 VPP stable branches for ABF plugin code making a case to upgrade vpp?
Please advise.
thanks
Venkat
On Fri, Aug 7, 2020 at 4:25 PM Andrew 👽 Yourtchenko
wrote:
> Sure. Neither me nor Neale have k8s or ligato.
>
> If you invest some effort into building a sm
-list:[47] locks:1 flags:shared,no-uRPF, uRPF-list: None
-
Delete ABF Policy and this results in a VPP crash
DBGvpp# abf policy del id 100 acl 0
On Fri, Aug 7, 2020 at 5:36 PM Andrew 👽 Yourtchenko
wrote:
>
>
>
> On 8 Aug 2020, at 01:40, Venkat wrote:
>
>
> Tha
they
provide independent functions, especially when they are matching against
different criteria.
+1. Those two are orthogonal functions. ABF uses the acl as a service infra
to select which traffic it deals with - but that’s it.
+1 [ VENKAT] I expected the same behavior but it doesn't lo
012500 ,
p=0x7fffb5774000, f=0x0, last_time_stamp=0)
at /w/workspace/vpp-merge-2005-ubuntu1804/src/vlib/main.c:1569
On Tue, Aug 11, 2020 at 9:46 AM Venkat via lists.fd.io wrote:
> Andres/Neale,
>
> I confirm to see the same behavior when using ligato etcd proto models
> which I believe
for Neale to comment on the backtrace provided and hopefully get
a fix from him soon.
thanks
Venkat
On Wed, Aug 12, 2020 at 1:47 AM Andrew 👽 Yourtchenko
wrote:
> Hi Venkat,
>
> Cool, thanks a lot!
>
> So the first issue is acl-related,
> you can try out the https://gerrit.fd.
a fix for the issue 1
works.
thanks
Venkat
On Wed, Aug 12, 2020 at 10:05 AM Neale Ranns (nranns)
wrote:
> Hi Venkat,
>
> No fix from me soon, I'm on leave. In the meantime, don't add policies
> with no forwarding paths ;)
>
> /neal
Just curious to know if the fix is verified and merged?
Haven't seen any feedback or confirmation from Berna.
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#17257): https://lists.fd.io/g/vpp-dev/message/17257
Mute This Topic: https://lists.fd.io/mt/
I just verified applying the patch mentioned above to 19.08 VPP version which
is what we are using.
The patch doesn't address the issue. I don't see traffic going to ABF feature
if we have Out NAT enabled on the same interface.
Appreciate any help in this regards.
than
was there any resolution provided for this issue>?
I noticed https://jira.fd.io/browse/VPP-1795 (
https://jira.fd.io/browse/VPP-1795 )
does show any fix or activity. Please comment.
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#17327): https://lis
Hello Andrew,
I am doing a simple test by sending TCP flows from Trex traffic generator.
Traffic source is 16.0.0.1-16.0.0.100 and destination is 48.0.0.1-48.0.0.100.
I am sending TCP traffic with CPS=50 from 100 clients to 100 servers via Trex
http profile.
I have a reflective ACL to permit the
Thank you Andrew for taking the time and responding to my questions.
Much appreciated.
On Tue, Sep 15, 2020 at 2:01 AM Andrew 👽 Yourtchenko
wrote:
> Hi Venkat,
>
> Before doing ACL checks, acl-plugin checks the establshed sessions on
> the given interface.
>
> If an a
a stateful ACL hit
would result in the creation of such a session and subsequent packets would
by-pass ACL rules and continue to be served by special-case "-1".
thanks
Venkat
On Tue, Sep 15, 2020 at 2:01 AM Andrew 👽 Yourtchenko
wrote:
> Hi Venkat,
>
> Before doing ACL chec
avior instead of waiting for the sessions to reclaim and reclassify.
thanks
Venkat
On Thu, Sep 17, 2020 at 10:39 AM Andrew 👽 Yourtchenko
wrote:
>
>
> On 17 Sep 2020, at 19:29, Venkat wrote:
>
>
> Andrew,
>
> I have a few follow up questions on the stated behavior.
build up again based on the current state of ACLs rule? I
would assume, it's the latter case, otherwise, modified ACL would never hit
if traffic continues to flow.
On Thu, Sep 17, 2020 at 10:39 AM Andrew 👽 Yourtchenko
wrote:
>
>
> On 17 Sep 2020, at 19:29, Venkat wrote:
>
>
meout in the range of ~300 secs. I haven't quantified the
behavior with TCP NAT sessions yet.
Are you aware of this issue if persist in VPP 19.08 version?
thanks
Venkat
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#17461): https://lists.f
original Source/Dest
IP pair prior to SNAT.
Return traffic coming into the WAN interface comes with WAN IP (public IP),
gets dropped because of Deny all input ACL and the purpose of stateful ACL
is lost.
How is this scenario typically addressed?
thanks
Venkat
On Thu, Sep 17, 2020 at 3:19 PM
But you could probably work around it by having the ACLs on the inner
interface.
[VENKAT]: We currently are following that approach. Setting ACLs on the LAN
interface. But it comes with its own problems.
- First, the WAN interface is wide open to the internet without any FW
rules
packet.
thanks again for the response
regards
Venkat
On Tue, Sep 22, 2020 at 11:48 AM Matthew Smith wrote:
>
> On Tue, Sep 22, 2020 at 12:21 PM Andrew Yourtchenko
> wrote:
>
>> I suggest making a unit test that captures this behavior and fails, then
>> we can look
Perhaps someone from MLNX can confirm, but this is what we received from
them...but we haven’t had a chance to verify yet.
Since DPDK 17.11 Mellanox PMD moved to work on top of upstream user space
libraries (rdma-core) instead of the Mellanox proprietary ones.
So the pr
Satomi-san
I cant open the attachment, it appears to be passwd protected
-M
On 6/21/18, 4:02 AM, "vpp-dev@lists.fd.io on behalf of 井上里美"
wrote:
Dear VPP team,
I'm Satomi Inoue and I belong to NTT Laboratories.
We evaluate VPP and CSR1KV.
Could you tell me the following
22 matches
Mail list logo