Hi Wei,
I think you need to specify proto=UDP in your ACL setup so that your desired
port is honoured.
You might also want to pass a ‘priority’ to your attachments so they run in a
deterministic order.
/neale
From: Wei Huang <wei.hu.hu...@oracle.com>
Date: Tuesday, 7 December 2021 at 20:13
To: vpp-dev@lists.fd.io <vpp-dev@lists.fd.io>
Cc: Neale Ranns <ne...@graphiant.com>
Subject: Use ABF to route UDP traffic to different paths
On my VPP setup, I have two IPSec tunnels can reach 192.168.200.0/24, the
interfaces for those two IPSec tunnels are ipip0 and ipip1.
I try to set up abf to direct UDP packets to 192.168.200.20 based on
destination port. If dport is 5001, use ipip0, if dport is 5002, use ipip1.
All those packets will be received on interface tn-eth2.
When I send iperf UDP traffic to 192.168.200.20 dport 5001, dport 5002, from
packet trace, I can see they go to abf-input-ip4, but they all use ipip0.
Could you please point me what's wrong in the configuration commands? Thanks in
advance.
This is the commands I used to set the abf:
VAT#acl_add_replace permit dst 192.168.200.0/24 dport 5001
vl_api_acl_add_replace_reply_t_handler:72: ACL index: 0
VAT#acl_add_replace permit dst 192.168.200.0/24 dport 5002
vl_api_acl_add_replace_reply_t_handler:72: ACL index: 1
vppctl abf policy add id 0 acl 0 via ipip0
vppctl abf policy add id 1 acl 1 via ipip1
vppctl abf attach ip4 policy 0 tn-eth2
vppctl abf attach ip4 policy 1 tn-eth2
vpp# show acl-plugin acl
acl-index 0 count 1 tag {}
0: ipv4 permit src 0.0.0.0/0 dst 192.168.200.0/24 proto 0 sport
0-65535 dport 5001
used in lookup context index: 0
acl-index 1 count 1 tag {}
0: ipv4 permit src 0.0.0.0/0 dst 192.168.200.0/24 proto 0 sport
0-65535 dport 5002
used in lookup context index: 0
vpp# show abf policy
abf:[0]: policy:0 acl:0
path-list:[42] locks:1 flags:shared,no-uRPF, uRPF-list: None
path:[53] pl-index:42 ip4 weight=1 pref=0 attached: oper-flags:resolved,
ipip0
abf:[1]: policy:1 acl:1
path-list:[43] locks:1 flags:shared,no-uRPF, uRPF-list: None
path:[54] pl-index:43 ip4 weight=1 pref=0 attached: oper-flags:resolved,
ipip1
vpp# show trace
------------------- Start of thread 0 vpp_main -------------------
Packet 1
00:08:53:122877: dpdk-input
tn-eth2 rx queue 0
buffer 0x96a80: current data 0, length 1512, buffer-pool 0, ref-count 1,
totlen-nifb 0, trace handle 0x0
ext-hdr-valid
l4-cksum-computed l4-cksum-correct
PKT MBUF: port 2, nb_segs 1, pkt_len 1512
buf_len 2176, data_len 1512, ol_flags 0x0, data_off 128, phys_addr
0xac3aa080
packet_type 0x0 l2_len 0 l3_len 0 outer_l2_len 0 outer_l3_len 0
rss 0x0 fdir.hi 0x0 fdir.lo 0x0
IP4: fa:16:3f:a9:2c:cc -> fa:16:3f:3e:79:00
UDP: 192.168.100.20 -> 192.168.200.20
tos 0x00, ttl 64, length 1498, checksum 0x636c dscp CS0 ecn NON_ECN
fragment id 0x242d, flags DONT_FRAGMENT
UDP: 33445 -> 5001
length 1478, checksum 0x2a23
00:08:53:122890: ethernet-input
frame: flags 0x1, hw-if-index 3, sw-if-index 3
IP4: fa:16:3f:a9:2c:cc -> fa:16:3f:3e:79:00
00:08:53:122897: ip4-input
UDP: 192.168.100.20 -> 192.168.200.20
tos 0x00, ttl 64, length 1498, checksum 0x636c dscp CS0 ecn NON_ECN
fragment id 0x242d, flags DONT_FRAGMENT
UDP: 33445 -> 5001
length 1478, checksum 0x2a23
00:08:53:122900: abf-input-ip4
next 1 index 14
00:08:53:122904: ip4-midchain
tx_sw_if_index 4 dpo-idx 14 : ipv4 via 0.0.0.0 ipip0: mtu:9000 next:10
flags:[fixup-ip4o4 ] 45000000000000004004f69dc0a80106c0a80206
stacked-on entry:30:
[@2]: dpo-load-balance: [proto:ip4 index:13 buckets:1 uRPF:12 to:[0:0]
via:[10283:15985180]]
[0] [@5]: ipv4 via 192.168.1.1 tn-eth0: mtu:9000 next:7 flags:[]
fa163fdd32d9fa163f30992d0800 flow hash: 0x00000000
00000000: 450005ee000000004004f0afc0a80106c0a80206450005da242d40003f11646c
00000020: c0a86414c0a8c81482a5138905c62a230000000061afae3a0008c5f6
00:08:53:122908: esp4-encrypt-tun
esp: sa-index 0 spi 1427480065 (0x55159e01) seq 9871 sa-seq-hi 0 crypto
aes-cbc-256 integrity sha1-96
00:08:53:122930: adj-midchain-tx
adj-midchain:[14]:ipv4 via 0.0.0.0 ipip0: mtu:9000 next:10 flags:[fixup-ip4o4
] 45000000000000004004f69dc0a80106c0a80206
stacked-on entry:30:
[@2]: dpo-load-balance: [proto:ip4 index:13 buckets:1 uRPF:12 to:[0:0]
via:[10283:15985180]]
[0] [@5]: ipv4 via 192.168.1.1 tn-eth0: mtu:9000 next:7 flags:[]
fa163fdd32d9fa163f30992d0800
00:08:53:122931: ip4-load-balance
fib 4 dpo-idx 2 flow hash: 0x00000000
IPSEC_ESP: 192.168.1.6 -> 192.168.2.6
tos 0x00, ttl 64, length 1560, checksum 0xf057 dscp CS0 ecn NON_ECN
fragment id 0x0000
00:08:53:122934: ip4-rewrite
tx_sw_if_index 1 dpo-idx 2 : ipv4 via 192.168.1.1 tn-eth0: mtu:9000 next:7
flags:[] fa163fdd32d9fa163f30992d0800 flow hash: 0x00000000
00000000: fa163fdd32d9fa163f30992d080045000618000000003f32f157c0a80106c0a8
00000020: 020655159e010000268f055e5436db87ebe6158d2b9a150933432593
00:08:53:122936: tn-eth0-output
tn-eth0
IP4: fa:16:3f:30:99:2d -> fa:16:3f:dd:32:d9
IPSEC_ESP: 192.168.1.6 -> 192.168.2.6
vpp# show trace
------------------- Start of thread 0 vpp_main -------------------
Packet 1
00:09:58:733679: dpdk-input
tn-eth2 rx queue 0
buffer 0x92493: current data 0, length 1512, buffer-pool 0, ref-count 1,
totlen-nifb 0, trace handle 0x0
ext-hdr-valid
l4-cksum-computed l4-cksum-correct
PKT MBUF: port 2, nb_segs 1, pkt_len 1512
buf_len 2176, data_len 1512, ol_flags 0x0, data_off 128, phys_addr
0xac292540
packet_type 0x0 l2_len 0 l3_len 0 outer_l2_len 0 outer_l3_len 0
rss 0x0 fdir.hi 0x0 fdir.lo 0x0
IP4: fa:16:3f:a9:2c:cc -> fa:16:3f:3e:79:00
UDP: 192.168.100.20 -> 192.168.200.20
tos 0x00, ttl 64, length 1498, checksum 0xd694 dscp CS0 ecn NON_ECN
fragment id 0xb104, flags DONT_FRAGMENT
UDP: 40545 -> 5002
length 1478, checksum 0xf582
00:09:58:733686: ethernet-input
frame: flags 0x1, hw-if-index 3, sw-if-index 3
IP4: fa:16:3f:a9:2c:cc -> fa:16:3f:3e:79:00
00:09:58:733688: ip4-input
UDP: 192.168.100.20 -> 192.168.200.20
tos 0x00, ttl 64, length 1498, checksum 0xd694 dscp CS0 ecn NON_ECN
fragment id 0xb104, flags DONT_FRAGMENT
UDP: 40545 -> 5002
length 1478, checksum 0xf582
00:09:58:733689: abf-input-ip4
next 1 index 14
00:09:58:733690: ip4-midchain
tx_sw_if_index 4 dpo-idx 14 : ipv4 via 0.0.0.0 ipip0: mtu:9000 next:10
flags:[fixup-ip4o4 ] 45000000000000004004f69dc0a80106c0a80206
stacked-on entry:30:
[@2]: dpo-load-balance: [proto:ip4 index:13 buckets:1 uRPF:12 to:[0:0]
via:[15998:24894756]]
[0] [@5]: ipv4 via 192.168.1.1 tn-eth0: mtu:9000 next:7 flags:[]
fa163fdd32d9fa163f30992d0800 flow hash: 0x00000000
00000000: 450005ee000000004004f0afc0a80106c0a80206450005dab10440003f11d794
00000020: c0a86414c0a8c8149e61138a05c6f5820000049461afae7c0002da09
00:09:58:733691: esp4-encrypt-tun
esp: sa-index 0 spi 1427480065 (0x55159e01) seq 15564 sa-seq-hi 0 crypto
aes-cbc-256 integrity sha1-96
00:09:58:733703: adj-midchain-tx
adj-midchain:[14]:ipv4 via 0.0.0.0 ipip0: mtu:9000 next:10 flags:[fixup-ip4o4
] 45000000000000004004f69dc0a80106c0a80206
stacked-on entry:30:
[@2]: dpo-load-balance: [proto:ip4 index:13 buckets:1 uRPF:12 to:[0:0]
via:[15998:24894756]]
[0] [@5]: ipv4 via 192.168.1.1 tn-eth0: mtu:9000 next:7 flags:[]
fa163fdd32d9fa163f30992d0800
00:09:58:733703: ip4-load-balance
fib 4 dpo-idx 2 flow hash: 0x00000000
IPSEC_ESP: 192.168.1.6 -> 192.168.2.6
tos 0x00, ttl 64, length 1560, checksum 0xf057 dscp CS0 ecn NON_ECN
fragment id 0x0000
00:09:58:733704: ip4-rewrite
tx_sw_if_index 1 dpo-idx 2 : ipv4 via 192.168.1.1 tn-eth0: mtu:9000 next:7
flags:[] fa163fdd32d9fa163f30992d0800 flow hash: 0x00000000
00000000: fa163fdd32d9fa163f30992d080045000618000000003f32f157c0a80106c0a8
00000020: 020655159e0100003ccc050cbf56f473022e03ff26a1a09e313ca595
00:09:58:733705: tn-eth0-output
tn-eth0
IP4: fa:16:3f:30:99:2d -> fa:16:3f:dd:32:d9
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#20597): https://lists.fd.io/g/vpp-dev/message/20597
Mute This Topic: https://lists.fd.io/mt/87572291/21656
Group Owner: vpp-dev+ow...@lists.fd.io
Unsubscribe: https://lists.fd.io/g/vpp-dev/unsub [arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-
