Hi Vijay,
The CLI, whether for ABF or IP routes, cannot parse arbitrary DPOs, especially
your custom one. If you must use the CLI, which is strongly discouraged, you’ll
have to extend it to support parsing your own DPO and to construct the
fib_route_path accordingly.
/neale
From: Vijay Kumar <vjkumar2...@gmail.com>
Date: Thursday, 17 June 2021 at 13:08
To: Neale Ranns <ne...@graphiant.com>
Cc: vpp-dev <vpp-dev@lists.fd.io>
Subject: Re: [vpp-dev] Regarding DPO object
Hi Neale,
I saw the code of abf_plicy_cmd() function. I was hoping to see something
related to DPO in the function unformat_fib_route_path() which parses the ABF
CLI. But I did not find anything.
All I could find within the function was the below code related to source
address matching.
else if (unformat (input, "src-lookup"))
{
rpath->frp_flags |= FIB_ROUTE_PATH_SOURCE_LOOKUP;
}
Could you help to share the exact syntax to attach DPO in the ABFpolicy command?
abf policy add id <ID> acl <INDEX> via 192.168.1.1 GigE0/0
Regards.
On Wed, Jun 16, 2021 at 8:07 PM Neale Ranns
<ne...@graphiant.com<mailto:ne...@graphiant.com>> wrote:
It does use ACLs for matching, that’s what allows you to specify src and dst IP
ranges. Once matched the packet is forwarded on the path the specified by the
policy. You can set this path to use your DPO. Use the EXCLUSIVE flag to do
this.
/neale
From: Vijay Kumar <vjkumar2...@gmail.com<mailto:vjkumar2...@gmail.com>>
Date: Wednesday, 16 June 2021 at 16:28
To: Neale Ranns <ne...@graphiant.com<mailto:ne...@graphiant.com>>
Cc: vpp-dev <vpp-dev@lists.fd.io<mailto:vpp-dev@lists.fd.io>>
Subject: Re: [vpp-dev] Regarding DPO object
Hi Neale,
The ABF is ACL based matching and forwarding plugin right. This would allow one
to match a packet with ACL and forward it on a configured outbound interface.
My case is different, I don't want to match ACL and forward packets out on an
interface. I want the packet matching a certain SRC IP range to be sent to my
new plugin (in this case XYZ ) which would do further processing specific to
our product.
For example, if IPSec traffic is originating from UE, we see the packets flow
through these nodes. After ESP and GRE, the inner packet src IP is that of the
UE. Is it possible for graph node XYZ to request for an IP packet matching
certain SRC IP?
UE ---------->
[ESP4_decrypt----IP----GRE_Input-----IP----XYZ-----IP-----Interface]--------->
internet host
Regards.
On Wed, Jun 16, 2021 at 7:07 PM Neale Ranns
<ne...@graphiant.com<mailto:ne...@graphiant.com>> wrote:
Hi Vijay,
The FIB will only match against a destination prefix. If you want to use DPOs
with more complex matching, try the ABF plugin.
/neale
From: vpp-dev@lists.fd.io<mailto:vpp-dev@lists.fd.io>
<vpp-dev@lists.fd.io<mailto:vpp-dev@lists.fd.io>> on behalf of Vijay Kumar via
lists.fd.io<http://lists.fd.io>
<vjkumar2003=gmail....@lists.fd.io<mailto:gmail....@lists.fd.io>>
Date: Wednesday, 16 June 2021 at 15:04
To: vpp-dev <vpp-dev@lists.fd.io<mailto:vpp-dev@lists.fd.io>>
Subject: [vpp-dev] Regarding DPO object
Hi experts,
I am creating a DPO object (for protocol IP4) and am tying an UE prefix for
this DPO and adding the corresponding entry to the FIB table.
I have a graph node to which I need to post all IP packets matching a range of
source IPs.
Does the DPO work only for packets destined to a certain prefix or range of IP
prefixes or can we use DPO for requesting packets based on source IP range also?
Regards,
Vijay N
Regards,
Vijay N
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#19598): https://lists.fd.io/g/vpp-dev/message/19598
Mute This Topic: https://lists.fd.io/mt/83579849/21656
Group Owner: vpp-dev+ow...@lists.fd.io
Unsubscribe: https://lists.fd.io/g/vpp-dev/unsub [arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-
