Hi Pavel, Both DPOs and Feature arcs are both higher layer abstractions to construct the VLIB node graph.
DPOs are an abstract concept, a base class if you like, for objects that represent the actions that should be performed on the packet as it is switched. As you know, an object is both data and functions. Concreate DPO examples are adjacencies, load-balances, MPLS-labels etc, the object’s data then is the rewrite, ECMP choices and label value, respectively. The object’s function is the associated VLIB node. When DPOs are joined (or stacked in the FIB parlance) together into a list/graph or processing pipe-line, the infra code will ensure that the correct ‘underlay’ VLIB graph is constructed. A pipe-line thus consists of multiple VLIB nodes. The use of the DPO concept is relatively new, so it not used by all VPP features, but there is no reason why it could not be. However, when considering whether to use this concept, bear in mind the object based pipe-line that can be constructed. Consider where it begins and where it ends – at present it begins as a result of an L3 destination lookup and terminates at a L2 rewrite (with an adjacency). This is possible because the L3 destination pre-determines all of those actions. Features (like IPSEC and ACLs) are configured to run on (or are bound to) a particular interface. Each feature has a pre-determined order in which it will be run w.r.t. to other features on that interface. A Feature arc defines the resultant ordered set/graph of VLIB nodes that represent the ordered execution of those features. When progressing from feature A to feature B, we are not often able to make an association between a given object in that feature A with another in feature B – say IPSEC security association K, with ACL entry J – so constructing an object based pipe-line between features has no merit. Conversely we can say that FIB entry K is associated with adjacency J. If we take ACLs as an example for possible DPO usage, the question to ask is what pipe-line can we build out of the actions the ACL performs, and, what other pipe-lines can we join it to. The starting point for an ACL (as an input or output feature) is a lookup or match operation; there’s nothing pre-determined there, and so no pipe-line it can be attached to. However, the subsequent actions post match could be modelled as a pipe-line of DPOs, particularly if the result is a set of forwarding actions – like policy based routing. I hope that helps. If you’ve further questions, you know where to find me ☺ Regards, neale From: Pavel Chuprikov <pschupri...@gmail.com> Date: Tuesday, 7 March 2017 at 14:26 To: "vpp-dev@lists.fd.io" <vpp-dev@lists.fd.io>, "Neale Ranns (nranns)" <nra...@cisco.com>, "Damjan Marion (damarion)" <damar...@cisco.com>, Kirill Kogan <kirill.ko...@gmail.com> Subject: Features, DPO and their connection Hello, There are two kinds of overlays on top of a VLIB graph: * Features: An overlay graph representing per-interface optional functionality (introduced here<https://gerrit.fd.io/r/#/c/3445/>). * DPO graph: Another overlay graph, that, if we understand correctly, captures per-protocol functionality (introduced here<https://jira.fd.io/browse/VPP-352>). According to the inline documentation DPOs represents some protocol-specific processing stages, while on the side of features there are, for example, ip4_unicast and ip6_unicast, or ip4_output, mpls_output and ip6_output. Thus it appears, that there are two ways to implement protocol-specific functionality, and we struggle to understand what are the differences between DPOs and feature arcs, what are their interactions and why certain stages are implemented using one overlay functionality and not the other (are they could?). Can we see DPOs as a compound (multi-node) feature representing FIB lookup (at least this<https://jira.fd.io/secure/attachment/10707/VPP-FIB2.pdf> doc gives such an impression)? Concrete example: there are two nodes (with respective featues): ip6-inacl and ip4-inacl, could they (in theory) become DPOs in the future? Unfortunately we were unable to find in the wiki any information about either DPOs or features. Please, help, and thank you in advance! -- Pavel
_______________________________________________ vpp-dev mailing list vpp-dev@lists.fd.io https://lists.fd.io/mailman/listinfo/vpp-dev
