Sure. Neither me nor Neale have k8s or ligato.
If you invest some effort into building a small “make test” script(s) that show
the issues then:
1) it will be possible for at least one of us to take a look at them
2) they won’t resurface again.
Does this make sense?
Also, probably ligato folks have some testing as well - have you discussed with
them what kind of scenarios they tested ?
--a
> On 7 Aug 2020, at 21:35, Venkat <venkat.dabb...@gmail.com> wrote:
>
>
> Just to give more context on my test environment... I am using contiv vpp
> Kubernetes environment and configuring ABFs via etcdctl.
>
> eg.
> / # etcdctl --endpoints=10.43.255.42:12379 put
> /vnf-agent/eos-branch-1/config/vpp/abfs/v2/abf/4
> '{"index":4,"acl_name":"023-sjcf
> w-icmp-deny","attached_interfaces":[{"input_interface":"lan","priority":5}],"forwarding_paths":[{"interface_name":"sjc-blr-tunne
> l"}]}'
>
> Just wondering of ABF feature is mature enough in vpp. I am facing a good
> number of issues as I try to experiment with various scenarios.
> I seeing issues when NAT is enabled on the interface, then ABF is not
> exercised.
> I am not sure how to setup deny rules on the interface, if we cannot have ABF
> and ACL co-exist on the interface.
> Observing crashes in VPP while performing some of these tests.
>
> DBGvpp# show version
> vpp v19.08.1-282~ga6a98b546 built by root on 525c154d7fe6 at Tue Aug 4
> 21:10:49 UTC 2020
> DBGvpp#
>
> thanks
> Venkat
>
>> On Fri, Aug 7, 2020 at 10:27 AM Andrew 👽 Yourtchenko <ayour...@gmail.com>
>> wrote:
>> A contribution to “make test” that covers this scenario would be very much
>> appreciated...
>>
>> --a
>>
>>>> On 7 Aug 2020, at 19:07, Venkat <venkat.dabb...@gmail.com> wrote:
>>>>
>>>
>>> Thank you for the response Balaji.
>>> I have noticed VPP crashes when I configure an ABF on the interface that
>>> already has an non-abf ACL attached to the interface.
>>> And when I don't have non-abf ACL, then I am able to install ABF rule.
>>> Hence was wondering if it's a misconfiguration to have both ABF and non-abf
>>> ACL on the same interface. I agree, in any case, it should not result in a
>>> crash.
>>>
>>> thanks
>>> Venkat
>>>
>>>
>>>> On Fri, Aug 7, 2020 at 9:59 AM Balaji Venkatraman via lists.fd.io
>>>> <balajiv=cisco....@lists.fd.io> wrote:
>>>> Hi Venkat,
>>>>
>>>>
>>>>
>>>> Underlying the ABF is another ACL. When we attach an ABF to the interface,
>>>> the ACL it inherits gets applied to the interface. Not sure if another ACL
>>>> independent of the above can be attached to the same interface. But, in
>>>> any case, it should not crash 😊
>>>>
>>>> Thanks!
>>>>
>>>>
>>>>
>>>> --
>>>>
>>>> Regards,
>>>>
>>>> Balaji.
>>>>
>>>>
>>>>
>>>>
>>>>
>>>> From: <vpp-dev@lists.fd.io> on behalf of "vdabb...@infoblox.com"
>>>> <vdabb...@infoblox.com>
>>>> Date: Friday, August 7, 2020 at 9:36 AM
>>>> To: "vpp-dev@lists.fd.io" <vpp-dev@lists.fd.io>
>>>> Subject: [vpp-dev] ABF and ACL co-existence on an Interface
>>>>
>>>>
>>>>
>>>> Hello,
>>>> Experimenting ABF in VPP. Had a question regarding the co-existence of ABF
>>>> and ACL on an interface.
>>>> Seems like we can either attach ABF or ACL to an interface and not both.
>>>> Is this the behavior or am I missing anything?
>>>> When I try to install ABF rule on an interface that already has ACL
>>>> attached, I see vpp resulting in a crash.
>>>> Please confirm.
>>>> thanks
>>>> Venkat
>>>>
>>>>
>>>
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#17171): https://lists.fd.io/g/vpp-dev/message/17171
Mute This Topic: https://lists.fd.io/mt/76052836/21656
Group Owner: vpp-dev+ow...@lists.fd.io
Unsubscribe: https://lists.fd.io/g/vpp-dev/unsub [arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-
