>
> On 8 Aug 2020, at 01:40, Venkat <venkat.dabb...@gmail.com> wrote:
>
>
> Thank you Andrew for the response. Will invest time to put together the test
> cases. Could you please point me to sample test scripts for vpp for
> reference?
You can look in the “test” subdirectories of the ABF and acl plug-ins for the
inspiration, hopefully should be a simple tweak to combine the two...
> Or shall I compile a list of test cases I am executing using vpp dbg shell
> CLI commands?
>
> Also, do you think there are significant changes between 1908 vs 2001 or 2005
> VPP stable branches for ABF plugin code making a case to upgrade vpp?
ACLs didn’t change for quite a while - not sure about the ABF...
You can do git log —oneline | egrep “acl|abf” on master branch to see what
changes were there...
—a
> Please advise.
>
> thanks
> Venkat
>
>
>> On Fri, Aug 7, 2020 at 4:25 PM Andrew 👽 Yourtchenko <ayour...@gmail.com>
>> wrote:
>> Sure. Neither me nor Neale have k8s or ligato.
>>
>> If you invest some effort into building a small “make test” script(s) that
>> show the issues then:
>> 1) it will be possible for at least one of us to take a look at them
>> 2) they won’t resurface again.
>>
>> Does this make sense?
>>
>> Also, probably ligato folks have some testing as well - have you discussed
>> with them what kind of scenarios they tested ?
>>
>> --a
>>
>>>> On 7 Aug 2020, at 21:35, Venkat <venkat.dabb...@gmail.com> wrote:
>>>>
>>>
>>> Just to give more context on my test environment... I am using contiv vpp
>>> Kubernetes environment and configuring ABFs via etcdctl.
>>>
>>> eg.
>>> / # etcdctl --endpoints=10.43.255.42:12379 put
>>> /vnf-agent/eos-branch-1/config/vpp/abfs/v2/abf/4
>>> '{"index":4,"acl_name":"023-sjcf
>>> w-icmp-deny","attached_interfaces":[{"input_interface":"lan","priority":5}],"forwarding_paths":[{"interface_name":"sjc-blr-tunne
>>> l"}]}'
>>>
>>> Just wondering of ABF feature is mature enough in vpp. I am facing a good
>>> number of issues as I try to experiment with various scenarios.
>>> I seeing issues when NAT is enabled on the interface, then ABF is not
>>> exercised.
>>> I am not sure how to setup deny rules on the interface, if we cannot have
>>> ABF and ACL co-exist on the interface.
>>> Observing crashes in VPP while performing some of these tests.
>>>
>>> DBGvpp# show version
>>> vpp v19.08.1-282~ga6a98b546 built by root on 525c154d7fe6 at Tue Aug 4
>>> 21:10:49 UTC 2020
>>> DBGvpp#
>>>
>>> thanks
>>> Venkat
>>>
>>>> On Fri, Aug 7, 2020 at 10:27 AM Andrew 👽 Yourtchenko <ayour...@gmail.com>
>>>> wrote:
>>>> A contribution to “make test” that covers this scenario would be very much
>>>> appreciated...
>>>>
>>>> --a
>>>>
>>>>>> On 7 Aug 2020, at 19:07, Venkat <venkat.dabb...@gmail.com> wrote:
>>>>>>
>>>>>
>>>>> Thank you for the response Balaji.
>>>>> I have noticed VPP crashes when I configure an ABF on the interface that
>>>>> already has an non-abf ACL attached to the interface.
>>>>> And when I don't have non-abf ACL, then I am able to install ABF rule.
>>>>> Hence was wondering if it's a misconfiguration to have both ABF and
>>>>> non-abf ACL on the same interface. I agree, in any case, it should not
>>>>> result in a crash.
>>>>>
>>>>> thanks
>>>>> Venkat
>>>>>
>>>>>
>>>>>> On Fri, Aug 7, 2020 at 9:59 AM Balaji Venkatraman via lists.fd.io
>>>>>> <balajiv=cisco....@lists.fd.io> wrote:
>>>>>> Hi Venkat,
>>>>>>
>>>>>>
>>>>>>
>>>>>> Underlying the ABF is another ACL. When we attach an ABF to the
>>>>>> interface, the ACL it inherits gets applied to the interface. Not sure
>>>>>> if another ACL independent of the above can be attached to the same
>>>>>> interface. But, in any case, it should not crash 😊
>>>>>>
>>>>>> Thanks!
>>>>>>
>>>>>>
>>>>>>
>>>>>> --
>>>>>>
>>>>>> Regards,
>>>>>>
>>>>>> Balaji.
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>> From: <vpp-dev@lists.fd.io> on behalf of "vdabb...@infoblox.com"
>>>>>> <vdabb...@infoblox.com>
>>>>>> Date: Friday, August 7, 2020 at 9:36 AM
>>>>>> To: "vpp-dev@lists.fd.io" <vpp-dev@lists.fd.io>
>>>>>> Subject: [vpp-dev] ABF and ACL co-existence on an Interface
>>>>>>
>>>>>>
>>>>>>
>>>>>> Hello,
>>>>>> Experimenting ABF in VPP. Had a question regarding the co-existence of
>>>>>> ABF and ACL on an interface.
>>>>>> Seems like we can either attach ABF or ACL to an interface and not both.
>>>>>> Is this the behavior or am I missing anything?
>>>>>> When I try to install ABF rule on an interface that already has ACL
>>>>>> attached, I see vpp resulting in a crash.
>>>>>> Please confirm.
>>>>>> thanks
>>>>>> Venkat
>>>>>>
>>>>>>
>>>>>
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#17173): https://lists.fd.io/g/vpp-dev/message/17173
Mute This Topic: https://lists.fd.io/mt/76052836/21656
Group Owner: vpp-dev+ow...@lists.fd.io
Unsubscribe: https://lists.fd.io/g/vpp-dev/unsub [arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-
