Neale, Thank you very much for such a comprehensive answer!
Regards, Pavel вт, 7 мар. 2017 г. в 21:44, Neale Ranns (nranns) <nra...@cisco.com>: Hi Pavel, Both DPOs and Feature arcs are both higher layer abstractions to construct the VLIB node graph. DPOs are an abstract concept, a base class if you like, for objects that represent the actions that should be performed on the packet as it is switched. As you know, an object is both data and functions. Concreate DPO examples are adjacencies, load-balances, MPLS-labels etc, the object’s data then is the rewrite, ECMP choices and label value, respectively. The object’s function is the associated VLIB node. When DPOs are joined (or stacked in the FIB parlance) together into a list/graph or processing pipe-line, the infra code will ensure that the correct ‘underlay’ VLIB graph is constructed. A pipe-line thus consists of multiple VLIB nodes. The use of the DPO concept is relatively new, so it not used by all VPP features, but there is no reason why it could not be. However, when considering whether to use this concept, bear in mind the object based pipe-line that can be constructed. Consider where it begins and where it ends – at present it begins as a result of an L3 destination lookup and terminates at a L2 rewrite (with an adjacency). This is possible because the L3 destination pre-determines all of those actions. Features (like IPSEC and ACLs) are configured to run on (or are bound to) a particular interface. Each feature has a pre-determined order in which it will be run w.r.t. to other features on that interface. A Feature arc defines the resultant ordered set/graph of VLIB nodes that represent the ordered execution of those features. When progressing from feature A to feature B, we are not often able to make an association between a given object in that feature A with another in feature B – say IPSEC security association K, with ACL entry J – so constructing an object based pipe-line between features has no merit. Conversely we can say that FIB entry K is associated with adjacency J. If we take ACLs as an example for possible DPO usage, the question to ask is what pipe-line can we build out of the actions the ACL performs, and, what other pipe-lines can we join it to. The starting point for an ACL (as an input or output feature) is a lookup or match operation; there’s nothing pre-determined there, and so no pipe-line it can be attached to. However, the subsequent actions post match could be modelled as a pipe-line of DPOs, particularly if the result is a set of forwarding actions – like policy based routing. I hope that helps. If you’ve further questions, you know where to find me J Regards, neale *From: *Pavel Chuprikov <pschupri...@gmail.com> *Date: *Tuesday, 7 March 2017 at 14:26 *To: *"vpp-dev@lists.fd.io" <vpp-dev@lists.fd.io>, "Neale Ranns (nranns)" < nra...@cisco.com>, "Damjan Marion (damarion)" <damar...@cisco.com>, Kirill Kogan <kirill.ko...@gmail.com> *Subject: *Features, DPO and their connection Hello, There are two kinds of overlays on top of a VLIB graph: - *Features*: An overlay graph representing per-interface optional functionality (introduced here <https://gerrit.fd.io/r/#/c/3445/>). - *DPO graph*: Another overlay graph, that, if we understand correctly, captures per-protocol functionality (introduced here <https://jira.fd.io/browse/VPP-352>). According to the inline documentation *DPOs *represents some protocol-specific processing stages, while on the side of *features* there are, for example, *ip4_unicast* and *ip6_unicast*, or *ip4_output*, *mpls_output* and *ip6_output*. Thus it appears, that there are *two ways* to implement protocol-specific functionality, and we struggle to understand what are the differences between *DPOs *and *feature arcs*, what are their interactions and why certain stages are implemented using one overlay functionality and not the other (are they could?). Can we see *DPOs* as a compound (multi-node) feature representing *FIB* lookup (at least this <https://jira.fd.io/secure/attachment/10707/VPP-FIB2.pdf> doc gives such an impression)? Concrete example: there are two nodes (with respective featues): *ip6-inacl *and *ip4-inacl*, could they (in theory) become *DPOs *in the future? Unfortunately we were unable to find in the wiki any information about either *DPOs* or *features*. Please, help, and thank you in advance! -- Pavel
_______________________________________________ vpp-dev mailing list vpp-dev@lists.fd.io https://lists.fd.io/mailman/listinfo/vpp-dev
