Hi Florin, Thanks so much for trying this out and for the suggestions. Unfortunately this isn't working in my setup. Here's what I did just to make sure I'm not missing anything.
I generated the key and cert as follows: *openssl req -newkey rsa:2048 -nodes -keyout ldp.key -x509 -days 365 -out ldp.crt* Confirmed settings as per [1] above and applied [2] and recompiled. Did a first run *without* LDP_TRANSPARENT to confirm all other settings: # LD_PRELOAD=$LDP_PATH VCL_CONFIG=$VCL_CFG taskset --cpu-list 4,6,8 iperf3 -s -B 10.0.0.71 ----------------------------------------------------------- Server listening on 5201 ----------------------------------------------------------- Accepted connection from 10.0.0.70, port 11960 [ 34] local 10.0.0.71 port 5201 connected to 10.0.0.70 port 41655 [ ID] Interval Transfer Bandwidth [ 34] 0.00-1.00 sec 1.09 GBytes 9.40 Gbits/sec [ 34] 1.00-2.00 sec 1.10 GBytes 9.41 Gbits/sec [ 34] 2.00-3.00 sec 1.10 GBytes 9.41 Gbits/sec [ 34] 3.00-4.00 sec 1.10 GBytes 9.41 Gbits/sec [ 34] 4.00-5.00 sec 1.10 GBytes 9.41 Gbits/sec [ 34] 5.00-6.00 sec 1.10 GBytes 9.41 Gbits/sec [ 34] 6.00-7.00 sec 1.10 GBytes 9.41 Gbits/sec [ 34] 7.00-8.00 sec 1.10 GBytes 9.41 Gbits/sec [ 34] 8.00-9.00 sec 1.10 GBytes 9.41 Gbits/sec [ 34] 9.00-10.00 sec 1.10 GBytes 9.41 Gbits/sec [ 34] 10.00-10.00 sec 1.24 MBytes 9.33 Gbits/sec - - - - - - - - - - - - - - - - - - - - - - - - - [ ID] Interval Transfer Bandwidth [ 34] 0.00-10.00 sec 0.00 Bytes 0.00 bits/sec sender [ 34] 0.00-10.00 sec 11.0 GBytes 9.41 Gbits/sec receiver ----------------------------------------------------------- Server listening on 5201 ----------------------------------------------------------- Now set LDP_TRANSPARENT and confirm (on both nodes): # export LDP_TRANSPARENT_TLS=1 # env | grep LDP_ LDP_TLS_CERT_FILE=/root/tlstest/ldp.crt LDP_TRANSPARENT_TLS=1 LDP_PATH=/root/vpp.20.01/build-root/build-vpp-native/vpp/lib/libvcl_ldpreload.so LDP_TLS_KEY_FILE=/root/tlstest/ldp.key # Re-started & configured VPP to have a clean run, and get this (server side output): # LD_PRELOAD=$LDP_PATH VCL_CONFIG=$VCL_CFG taskset --cpu-list 4,6,8 iperf3 -s -B 10.0.0.71 ----------------------------------------------------------- Server listening on 5201 ----------------------------------------------------------- Accepted connection from 10.0.0.70, port 40411 [ 34] local 10.0.0.71 port 5201 connected to 10.0.0.70 port 14718 [ ID] Interval Transfer Bandwidth [ 34] 0.00-1.00 sec 0.00 Bytes 0.00 bits/sec [ 34] 1.00-2.00 sec 0.00 Bytes 0.00 bits/sec [ 34] 2.00-3.00 sec 0.00 Bytes 0.00 bits/sec [ 34] 3.00-4.00 sec 0.00 Bytes 0.00 bits/sec [ 34] 4.00-5.00 sec 0.00 Bytes 0.00 bits/sec [ 34] 5.00-6.00 sec 0.00 Bytes 0.00 bits/sec [ 34] 6.00-7.00 sec 0.00 Bytes 0.00 bits/sec [ 34] 7.00-8.00 sec 0.00 Bytes 0.00 bits/sec [ 34] 8.00-9.00 sec 0.00 Bytes 0.00 bits/sec [ 34] 9.00-10.00 sec 0.00 Bytes 0.00 bits/sec [ 34] 10.00-11.00 sec 0.00 Bytes 0.00 bits/sec [ 34] 11.00-12.00 sec 0.00 Bytes 0.00 bits/sec [ 34] 12.00-13.00 sec 0.00 Bytes 0.00 bits/sec [ 34] 13.00-14.00 sec 0.00 Bytes 0.00 bits/sec [ 34] 14.00-15.00 sec 0.00 Bytes 0.00 bits/sec I've tried multiple times, always the same result, the connection seems to be established but no traffic getting through. Here's some output from the server side VPP instance, not sure if there is anything useful in there, I couldn't see anything of interest. Thank again for trying it out and for your suggestions! Regards, Dom vpp# sh int Name Idx State MTU (L3/IP4/IP6/MPLS) Counter Count TenGigabitEthernet5/0/0 1 up 9000/0/0/0 rx packets 22 rx bytes 2263 tx packets 13 tx bytes 4042 drops 5 ip4 17 local0 0 down 0/0/0/0 drops 2 vpp# sh err Count Node Reason 1 dpdk-input no error 10 session-queue Packets transmitted 2 tcp4-listen SYNs received 1 tcp4-rcv-process SYNs received 2 tcp4-rcv-process Pure ACKs received 7 tcp4-established Packets pushed into rx fifo 5 tcp4-established Pure ACKs received 14 tcp4-output Packets sent 1 ip4-glean ARP requests throttled 1 ip4-glean ARP requests sent 6 llc-input unknown llc ssap/dsap vpp# sh hardware-interfaces Name Idx Link Hardware TenGigabitEthernet5/0/0 1 up TenGigabitEthernet5/0/0 Link speed: 10 Gbps Ethernet address a0:36:9f:be:0c:b4 Intel 82599 carrier up full duplex mtu 9206 flags: admin-up pmd maybe-multiseg tx-offload intel-phdr-cksum rx-ip4-cksum Devargs: rx: queues 1 (max 128), desc 4000 (min 32 max 4096 align 8) tx: queues 6 (max 64), desc 4000 (min 32 max 4096 align 8) pci: device 8086:154d subsystem 8086:7b11 address 0000:05:00.00 numa 0 max rx packet len: 15872 promiscuous: unicast off all-multicast on vlan offload: strip off filter off qinq off rx offload avail: vlan-strip ipv4-cksum udp-cksum tcp-cksum tcp-lro macsec-strip vlan-filter vlan-extend jumbo-frame scatter security keep-crc rx offload active: ipv4-cksum udp-cksum jumbo-frame scatter tx offload avail: vlan-insert ipv4-cksum udp-cksum tcp-cksum sctp-cksum tcp-tso macsec-insert multi-segs security tx offload active: udp-cksum tcp-cksum tcp-tso multi-segs rss avail: ipv4-tcp ipv4-udp ipv4 ipv6-tcp-ex ipv6-udp-ex ipv6-tcp ipv6-udp ipv6-ex ipv6 rss active: none tx burst function: ixgbe_xmit_pkts rx burst function: ixgbe_recv_pkts_lro_bulk_alloc tx frames ok 13 tx bytes ok 4060 rx frames ok 25 rx bytes ok 2443 extended stats: rx good packets 25 tx good packets 13 rx good bytes 2443 tx good bytes 4060 rx q0packets 25 rx q0bytes 2443 tx q0packets 13 tx q0bytes 4042 mac local errors 4 mac remote errors 2 rx size 64 packets 8 rx size 65 to 127 packets 10 rx size 128 to 255 packets 7 rx multicast packets 7 rx total packets 27 rx total bytes 2563 tx total packets 13 tx size 64 packets 1 tx size 65 to 127 packets 7 tx size 128 to 255 packets 1 tx size 256 to 511 packets 2 tx size 1024 to max packets 2 tx broadcast packets 1 out pkts untagged 13 local0 0 down local0 Link speed: unknown local vpp# sh run Thread 0 vpp_main (lcore 20) Time 30.5, 10 sec internal node vector rate 0.00 vector rates in 0.0000e0, out 0.0000e0, drop 0.0000e0, punt 0.0000e0 Name State Calls Vectors Suspends Clocks Vectors/Call acl-plugin-fa-cleaner-process event wait 0 0 1 3.39e4 0.00 admin-up-down-process event wait 0 0 1 2.72e3 0.00 api-rx-from-ring any wait 0 0 24 5.81e5 0.00 avf-process event wait 0 0 1 2.42e4 0.00 bfd-process event wait 0 0 1 2.53e4 0.00 bond-process event wait 0 0 1 1.03e4 0.00 dhcp-client-process any wait 0 0 1 1.49e4 0.00 dhcp6-client-cp-process any wait 0 0 1 1.31e4 0.00 dhcp6-pd-client-cp-process any wait 0 0 1 1.49e4 0.00 dhcp6-pd-reply-publisher-proce event wait 0 0 1 7.76e3 0.00 dhcp6-reply-publisher-process event wait 0 0 1 7.14e3 0.00 dpdk-ipsec-process done 1 0 0 1.59e5 0.00 dpdk-process any wait 0 0 11 6.77e5 0.00 fib-walk any wait 0 0 16 5.61e3 0.00 flow-report-process any wait 0 0 1 2.05e3 0.00 flowprobe-timer-process any wait 0 0 1 7.56e3 0.00 gbp-scanner event wait 0 0 1 1.20e4 0.00 igmp-timer-process event wait 0 0 1 7.78e3 0.00 ikev2-manager-process any wait 0 0 31 5.19e3 0.00 ioam-export-process any wait 0 0 1 1.47e4 0.00 ip-neighbor-event event wait 0 0 1 1.32e4 0.00 ip4-full-reassembly-expire-wal any wait 0 0 4 6.08e3 0.00 ip4-neighbor-age-process event wait 0 0 1 7.53e3 0.00 ip4-sv-reassembly-expire-walk any wait 0 0 4 6.15e3 0.00 ip6-full-reassembly-expire-wal any wait 0 0 4 9.60e3 0.00 ip6-mld-process any wait 0 0 31 2.02e3 0.00 ip6-neighbor-age-process event wait 0 0 1 3.53e3 0.00 ip6-ra-process any wait 0 0 31 2.55e3 0.00 ip6-rs-process any wait 0 0 1 3.22e3 0.00 ip6-sv-reassembly-expire-walk any wait 0 0 4 6.92e3 0.00 l2-arp-term-publisher event wait 0 0 1 9.99e3 0.00 l2fib-mac-age-scanner-process event wait 0 0 1 1.29e4 0.00 lldp-process event wait 0 0 1 5.39e6 0.00 memif-process event wait 0 0 1 2.78e4 0.00 nat-det-expire-walk done 1 0 0 2.71e3 0.00 nat-ha-process event wait 0 0 1 1.97e4 0.00 nat64-expire-walk event wait 0 0 1 1.28e4 0.00 nsh-md2-ioam-export-process any wait 0 0 1 3.13e4 0.00 perfmon-periodic-process event wait 0 0 1 6.63e4 0.00 rd-cp-process any wait 0 0 1 1.54e4 0.00 send-dhcp6-client-message-proc any wait 0 0 1 1.58e4 0.00 send-dhcp6-pd-client-message-p any wait 0 0 1 1.83e4 0.00 session-queue-process any wait 0 0 23 1.53e8 0.00 startup-config-process done 1 0 1 5.24e3 0.00 statseg-collector-process time wait 0 0 4 3.89e4 0.00 udp-ping-process any wait 0 0 1 2.73e4 0.00 unix-cli-local:2 done 3 0 6 1.05e15 0.00 unix-cli-new-session event wait 0 0 9 2.59e8 0.00 unix-cli-stdin active 0 0 30 1.09e8 0.00 unix-epoll-input polling 268904 0 0 2.82e5 0.00 vhost-user-process any wait 0 0 1 1.44e4 0.00 vhost-user-send-interrupt-proc any wait 0 0 1 8.19e3 0.00 vpe-link-state-process event wait 0 0 3 5.24e3 0.00 vxlan-gpe-ioam-export-process any wait 0 0 1 1.54e4 0.00 --------------- Thread 1 vpp_wk_0 (lcore 22) Time 30.5, 10 sec internal node vector rate 0.00 vector rates in 1.2768e0, out 4.2560e-1, drop 4.5834e-1, punt 0.0000e0 Name State Calls Vectors Suspends Clocks Vectors/Call TenGigabitEthernet5/0/0-output active 13 13 0 1.75e3 1.00 TenGigabitEthernet5/0/0-tx active 13 13 0 2.89e3 1.00 arp-input active 1 1 0 3.54e3 1.00 arp-reply active 1 1 0 1.54e4 1.00 dpdk-input polling 219391792 29 0 9.66e8 0.00 drop active 14 14 0 1.73e3 1.00 error-drop active 14 14 0 1.41e3 1.00 ethernet-input active 29 29 0 2.97e3 1.00 ip4-drop active 2 2 0 5.03e3 1.00 ip4-glean active 2 2 0 9.92e3 1.00 ip4-input-no-checksum active 17 17 0 1.63e3 1.00 ip4-local active 17 17 0 1.43e3 1.00 ip4-lookup active 30 31 0 1.14e3 1.03 ip4-rewrite active 12 12 0 1.76e3 1.00 llc-input active 11 11 0 1.04e3 1.00 session-queue polling 100875316 10 0 2.93e9 0.00 tcp4-established active 12 12 0 1.28e6 1.00 tcp4-input active 17 17 0 3.59e3 1.00 tcp4-listen active 2 2 0 1.10e6 1.00 tcp4-output active 14 14 0 2.06e3 1.00 tcp4-rcv-process active 3 3 0 1.23e5 1.00 unix-epoll-input polling 214050 0 0 6.51e3 0.00 --------------- Thread 2 vpp_wk_1 (lcore 24) Time 30.5, 10 sec internal node vector rate 0.00 vector rates in 0.0000e0, out 0.0000e0, drop 0.0000e0, punt 0.0000e0 Name State Calls Vectors Suspends Clocks Vectors/Call session-queue polling 284776124 0 0 1.45e2 0.00 unix-epoll-input polling 289161 0 0 5.66e4 0.00 --------------- Thread 3 vpp_wk_2 (lcore 26) Time 30.5, 10 sec internal node vector rate 0.00 vector rates in 0.0000e0, out 0.0000e0, drop 0.0000e0, punt 0.0000e0 Name State Calls Vectors Suspends Clocks Vectors/Call session-queue polling 289588799 0 0 1.48e2 0.00 unix-epoll-input polling 293970 0 0 5.57e4 0.00 --------------- Thread 4 vpp_wk_3 (lcore 28) Time 30.5, 10 sec internal node vector rate 0.00 vector rates in 0.0000e0, out 0.0000e0, drop 0.0000e0, punt 0.0000e0 Name State Calls Vectors Suspends Clocks Vectors/Call session-queue polling 289257520 0 0 1.48e2 0.00 unix-epoll-input polling 293483 0 0 5.58e4 0.00 --------------- Thread 5 vpp_wk_4 (lcore 30) Time 30.5, 10 sec internal node vector rate 0.00 vector rates in 0.0000e0, out 0.0000e0, drop 0.0000e0, punt 0.0000e0 Name State Calls Vectors Suspends Clocks Vectors/Call session-queue polling 296249192 0 0 1.49e2 0.00 unix-epoll-input polling 300521 0 0 5.45e4 0.00
-=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#15562): https://lists.fd.io/g/vpp-dev/message/15562 Mute This Topic: https://lists.fd.io/mt/71542617/21656 Group Owner: vpp-dev+ow...@lists.fd.io Unsubscribe: https://lists.fd.io/g/vpp-dev/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
