Hi Andrew, I just found out that ACL action differentiates SF or SL. Following command enables SF and provides better performance.
“acl_add_replace -1 ipv4 permit+reflect dst 192.82.1.1/32” Few more questions: ================= Choosing between VPP Classifiers and ACL Plugin: https://lists.fd.io/g/vpp-dev/message/5716?p=,,,20,0,0,0::relevance,,ACL,20,2,60,10641995 * You mentioned that VPP classifiers are faster than ACL plugin. 1. For <L2, L3, L4> field based classification, which one provides better data plane perf ? 2. Does classifier support ranges ? 3. Which one is better if the rate of ACL rule add/del is high / low? 4. Whether ACL rule priority is supported in both the schemes ? 5. Whether ACL Plugin SF mode will perform better than classifier ? Whether classifier also has SF mode ? ACL Plugin: 1. SF mode – How much of extra memory is needed compared to SL mode ? Thanks Govind From: vpp-dev@lists.fd.io <vpp-dev@lists.fd.io> On Behalf Of Govindarajan Mohandoss via Lists.Fd.Io Sent: Thursday, March 26, 2020 12:37 PM To: Andrew 👽 Yourtchenko <ayour...@gmail.com> Cc: vpp-dev@lists.fd.io Subject: Re: [vpp-dev] ACL question Hi Andrew, Thanks for the document. Can you please share the documents related to ACL plugin CLI config for both stateful & stateless modes ? I tried the following commands for input ACL in VAT CLI. Not sure whether this is SL / SF ? “ vat# acl_add_replace -1 ipv4 permit dst 192.82.1.1/32 vl_api_acl_add_replace_reply_t_handler:70: ACL index: 0 vat# acl_interface_set_acl_list TenGigabitEthernet13/0/0 input 0 vat# acl_interface_list_dump TenGigabitEthernet13/0/0 vl_api_acl_interface_list_details_t_handler:115: sw_if_index: 3, count: 1, n_input: 1 input 0 vat# help acl_add_replace usage: acl_add_replace <acl-idx> [<ipv4|ipv6>] <permit|permit+reflect|deny|action N> [src IP/plen] [dst IP/plen] [sport X-Y] [dport X-Y] [proto P] [tcpflags FL MASK], ... , ... “ Thanks Govind From: Andrew 👽 Yourtchenko <ayour...@gmail.com<mailto:ayour...@gmail.com>> Sent: Thursday, March 26, 2020 4:49 AM To: Govindarajan Mohandoss <govindarajan.mohand...@arm.com<mailto:govindarajan.mohand...@arm.com>> Cc: vpp-dev@lists.fd.io<mailto:vpp-dev@lists.fd.io>; Lijian Zhang <lijian.zh...@arm.com<mailto:lijian.zh...@arm.com>>; Jieqiang Wang <jieqiang.w...@arm.com<mailto:jieqiang.w...@arm.com>>; nd <n...@arm.com<mailto:n...@arm.com>> Subject: Re: [vpp-dev] ACL question As an acl plugin author I can say both stateful and stateless ACLs are used for different consumers. Various matching implementations in vpp are used in different use cases... and there is not a single silver bullet magic answer, because the trade offs are different. https://nonsns.github.io/paper/rossi19ton.pdf Is a reasonable read on the subject - also because it relates to VPP and the real project that we did a while ago. --a On 25 Mar 2020, at 17:26, Govindarajan Mohandoss <govindarajan.mohand...@arm.com<mailto:govindarajan.mohand...@arm.com>> wrote: Hello ACL Maintainer, We want to measure and optimize the ACL performance for ARM servers. As per the foll. link, there are 4 different implementation of ACLs in VPP. https://fd.io/docs/vpp/master/usecases/acls.html We would like to start with most commonly used ACL implementation in VPP which can cover L2, L3 and L4 fields. As per the link above and CSIT reports (link below), it looks like ACL plugin is the right match. Can you please confirm ? ACL plugin has 2 variants – Stateful & Stateless. Which is common and widely used in VPP ? https://docs.fd.io/csit/master/report/detailed_test_results/vpp_performance_results/index.html Thanks Govind IMPORTANT NOTICE: The contents of this email and any attachments are confidential and may also be privileged. If you are not the intended recipient, please notify the sender immediately and do not disclose the contents to any other person, use it for any purpose, or store or copy the information in any medium. Thank you.
-=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#15890): https://lists.fd.io/g/vpp-dev/message/15890 Mute This Topic: https://lists.fd.io/mt/72544608/21656 Group Owner: vpp-dev+ow...@lists.fd.io Unsubscribe: https://lists.fd.io/g/vpp-dev/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
