From 8a4e9e534fcb1ef718ed5c1089fdc8698b13fb7f Mon Sep 17 00:00:00 2001 From: Bindya Narayan Date: Tue, 18 Apr 2017 12:13:10 +0530 Subject: vACL VNF initial check-in JIRA: SAMPLEVNF-2 Features include: - CLI based Run-time rule configuration. (Add, Delete, List, Display, Clear, Modify) - Ipv4 and ipv6 standard 5 tuple packet Selector support. - Multithread support - Multiple physical port support Change-Id: Ie266be23cd2d81f6d01df508ba44bd0998be13b3 Signed-off-by: Bindya Narayan [Push patch to gerrit] Signed-off-by: Deepak S --- VNFs/vACL/config/IPv4_hwlb_acl.tc | 42 ++++++++++++++++++++++ VNFs/vACL/config/IPv4_hwlb_acl_1LB_1t.cfg | 36 +++++++++++++++++++ VNFs/vACL/config/IPv4_swlb_acl.tc | 33 +++++++++++++++++ VNFs/vACL/config/IPv4_swlb_acl_1LB_1t.cfg | 58 ++++++++++++++++++++++++++++++ VNFs/vACL/config/IPv6_hwlb_acl.tc | 49 +++++++++++++++++++++++++ VNFs/vACL/config/IPv6_hwlb_acl_1LB_1t.cfg | 37 +++++++++++++++++++ VNFs/vACL/config/IPv6_swlb_acl.tc | 40 +++++++++++++++++++++ VNFs/vACL/config/IPv6_swlb_acl_1LB_1t.cfg | 59 +++++++++++++++++++++++++++++++ 8 files changed, 354 insertions(+) create mode 100644 VNFs/vACL/config/IPv4_hwlb_acl.tc create mode 100644 VNFs/vACL/config/IPv4_hwlb_acl_1LB_1t.cfg create mode 100644 VNFs/vACL/config/IPv4_swlb_acl.tc create mode 100644 VNFs/vACL/config/IPv4_swlb_acl_1LB_1t.cfg create mode 100644 VNFs/vACL/config/IPv6_hwlb_acl.tc create mode 100644 VNFs/vACL/config/IPv6_hwlb_acl_1LB_1t.cfg create mode 100644 VNFs/vACL/config/IPv6_swlb_acl.tc create mode 100644 VNFs/vACL/config/IPv6_swlb_acl_1LB_1t.cfg (limited to 'VNFs/vACL/config') diff --git a/VNFs/vACL/config/IPv4_hwlb_acl.tc b/VNFs/vACL/config/IPv4_hwlb_acl.tc new file mode 100644 index 00000000..fa4f1430 --- /dev/null +++ b/VNFs/vACL/config/IPv4_hwlb_acl.tc @@ -0,0 +1,42 @@ +; Copyright (c) 2017 Intel Corporation +; +; Licensed under the Apache License, Version 2.0 (the "License"); +; you may not use this file except in compliance with the License. +; You may obtain a copy of the License at +; +; http:#www.apache.org/licenses/LICENSE-2.0 +; +; Unless required by applicable law or agreed to in writing, software +; distributed under the License is distributed on an "AS IS" BASIS, +; WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +; See the License for the specific language governing permissions and +; limitations under the License. + +link 0 down +link 0 config 192.16.100.10 8 +link 0 up +link 1 down +link 1 config 152.16.40.10 8 +link 1 up + +p 1 arpadd 1 152.16.40.20 00:00:00:00:00:02 +p 1 arpadd 0 192.16.100.20 00:00:00:00:00:01 +p action add 0 accept +p action add 0 fwd 0 +p action add 0 count +p action add 1 accept +p action add 1 fwd 1 +p action add 1 count + +p acl add 1 192.16.100.0 8 152.16.40.0 8 0 65535 0 65535 0 0 1 +p acl add 1 152.16.40.0 8 192.16.100.0 8 0 65535 0 65535 0 0 0 +p acl applyruleset +set fwd rxonly +set_sym_hash_ena_per_port 0 enable +set_hash_global_config 0 simple_xor ipv4-udp enable +set_sym_hash_ena_per_port 1 enable +set_hash_global_config 1 simple_xor ipv4-udp enable + +set_hash_input_set 0 ipv4-udp src-ipv4 udp-src-port add +set_hash_input_set 1 ipv4-udp dst-ipv4 udp-dst-port add + diff --git a/VNFs/vACL/config/IPv4_hwlb_acl_1LB_1t.cfg b/VNFs/vACL/config/IPv4_hwlb_acl_1LB_1t.cfg new file mode 100644 index 00000000..77beeb14 --- /dev/null +++ b/VNFs/vACL/config/IPv4_hwlb_acl_1LB_1t.cfg @@ -0,0 +1,36 @@ +; Copyright (c) 2017 Intel Corporation +; +; Licensed under the Apache License, Version 2.0 (the "License"); +; you may not use this file except in compliance with the License. +; You may obtain a copy of the License at +; +; http:#www.apache.org/licenses/LICENSE-2.0 +; +; Unless required by applicable law or agreed to in writing, software +; distributed under the License is distributed on an "AS IS" BASIS, +; WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +; See the License for the specific language governing permissions and +; limitations under the License. + +[PIPELINE0] +type = MASTER +core = 0 +[PIPELINE1] +type = ARPICMP +core = 1 +pktq_in = SWQ0 +pktq_out = TXQ0.0 TXQ1.0 +arp_route_tbl = (98102814,ff000000,1,98102814) (c0106414,ff000000,0,c0106414) +ports_mac_list = 00:00:00:00:00:01 00:00:00:00:00:02 +pktq_in_prv = RXQ0.0 +prv_to_pub_map = (0,1) +prv_que_handler = (0) +[PIPELINE2] +type = ACL +core = 2 +pktq_in = RXQ0.0 RXQ1.0 +pktq_out = TXQ0.1 TXQ1.1 SWQ0 +n_flows = 1000000 +pkt_type = ipv4 +traffic_type = 4 + diff --git a/VNFs/vACL/config/IPv4_swlb_acl.tc b/VNFs/vACL/config/IPv4_swlb_acl.tc new file mode 100644 index 00000000..25fdfba6 --- /dev/null +++ b/VNFs/vACL/config/IPv4_swlb_acl.tc @@ -0,0 +1,33 @@ +; Copyright (c) 2017 Intel Corporation +; +; Licensed under the Apache License, Version 2.0 (the "License"); +; you may not use this file except in compliance with the License. +; You may obtain a copy of the License at +; +; http:#www.apache.org/licenses/LICENSE-2.0 +; +; Unless required by applicable law or agreed to in writing, software +; distributed under the License is distributed on an "AS IS" BASIS, +; WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +; See the License for the specific language governing permissions and +; limitations under the License. + +link 0 down +link 0 config 192.16.100.10 8 +link 0 up +link 1 down +link 1 config 192.16.40.10 8 +link 1 up + +;p 1 arpadd 1 192.16.40.20 00:00:00:00:00:02 +;p 1 arpadd 0 192.16.100.20 00:00:00:00:00:01 +p action add 0 accept +p action add 0 fwd 0 +p action add 0 count +p action add 1 accept +p action add 1 fwd 1 +p action add 1 count + +p acl add 1 192.16.100.0 8 192.16.40.0 8 0 65535 0 65535 0 0 1 +p acl add 1 192.16.40.0 8 192.16.100.0 8 0 65535 0 65535 0 0 0 +p acl applyruleset diff --git a/VNFs/vACL/config/IPv4_swlb_acl_1LB_1t.cfg b/VNFs/vACL/config/IPv4_swlb_acl_1LB_1t.cfg new file mode 100644 index 00000000..2637ec1d --- /dev/null +++ b/VNFs/vACL/config/IPv4_swlb_acl_1LB_1t.cfg @@ -0,0 +1,58 @@ +; Copyright (c) 2017 Intel Corporation +; +; Licensed under the Apache License, Version 2.0 (the "License"); +; you may not use this file except in compliance with the License. +; You may obtain a copy of the License at +; +; http:#www.apache.org/licenses/LICENSE-2.0 +; +; Unless required by applicable law or agreed to in writing, software +; distributed under the License is distributed on an "AS IS" BASIS, +; WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +; See the License for the specific language governing permissions and +; limitations under the License. + +[PIPELINE0] +type = MASTER +core = 0 +[PIPELINE1] +type = ARPICMP +core = 1 +pktq_in = SWQ2 +pktq_out = TXQ0.0 TXQ1.0 +arp_route_tbl = (c0102814,ffffff00,1,98102814) (c0106414,ffffff00,0,c0106414) +ports_mac_list = 00:00:00:00:00:01 00:00:00:00:00:02 +pktq_in_prv = RXQ0.0 +prv_to_pub_map = (0,1) +prv_que_handler = (0) + +[PIPELINE2] +type = TXRX +core = 2 +pktq_in = RXQ0.0 RXQ1.0 +pktq_out = SWQ0 SWQ1 SWQ2 +pipeline_txrx_type = RXRX +dest_if_offset=176 +[PIPELINE3] +type = LOADB +core = 3 +pktq_in = SWQ0 SWQ1 +pktq_out = SWQ3 SWQ4 +outport_offset = 136 +phyport_offset = 204 +n_vnf_threads = 1 +prv_que_handler = (0) +[PIPELINE4] +type = ACL +core = 4 +pktq_in = SWQ3 SWQ4 +pktq_out = SWQ5 SWQ6 +n_flows = 1000000 +pkt_type = ipv4 +traffic_type = 4 +[PIPELINE5] +type = TXRX +core = 5 +pktq_in = SWQ5 SWQ6 +pktq_out = TXQ0.1 TXQ1.1 +pipeline_txrx_type = TXTX diff --git a/VNFs/vACL/config/IPv6_hwlb_acl.tc b/VNFs/vACL/config/IPv6_hwlb_acl.tc new file mode 100644 index 00000000..3ec5fba7 --- /dev/null +++ b/VNFs/vACL/config/IPv6_hwlb_acl.tc @@ -0,0 +1,49 @@ +; Copyright (c) 2017 Intel Corporation +; +; Licensed under the Apache License, Version 2.0 (the "License"); +; you may not use this file except in compliance with the License. +; You may obtain a copy of the License at +; +; http:#www.apache.org/licenses/LICENSE-2.0 +; +; Unless required by applicable law or agreed to in writing, software +; distributed under the License is distributed on an "AS IS" BASIS, +; WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +; See the License for the specific language governing permissions and +; limitations under the License. + +link 0 down +link 0 config fec0:0000:0000:0000:6a05:caff:fe30:21a0 64 +link 0 up +link 1 down +link 1 config 2012:0000:0000:0000:6a05:caff:fe30:2071 64 +link 1 up +p 1 arpadd 0 fec0::6a05:caff:fe30:21b0 00:00:00:00:00:01 +p 1 arpadd 1 2012::6a05:caff:fe30:2081 00:00:00:00:00:02 +p action add 0 accept +p action add 0 fwd 1 +p action add 0 count + +p action add 1 accept +p action add 1 fwd 0 +p action add 1 count + + +;p action add 0 conntrack +;p action add 1 conntrack +;p action add 2 conntrack +;p action add 3 conntrack + +p acl add 1 fec0::6a05:caff:fe30:21b0 64 2012::6a05:caff:fe30:2081 64 0 65535 0 65535 0 0 0 +p acl add 1 2012::6a05:caff:fe30:2081 64 fec0::6a05:caff:fe30:21b0 64 0 65535 0 65535 0 0 1 +p acl applyruleset +set fwd rxonly +set_sym_hash_ena_per_port 0 enable +set_hash_global_config 0 simple_xor ipv6-udp enable +set_sym_hash_ena_per_port 1 enable +set_hash_global_config 1 simple_xor ipv6-udp enable + +set_hash_input_set 0 ipv6-udp src-ipv6 udp-src-port add +set_hash_input_set 1 ipv6-udp dst-ipv6 udp-dst-port add + + diff --git a/VNFs/vACL/config/IPv6_hwlb_acl_1LB_1t.cfg b/VNFs/vACL/config/IPv6_hwlb_acl_1LB_1t.cfg new file mode 100644 index 00000000..cdb16ca0 --- /dev/null +++ b/VNFs/vACL/config/IPv6_hwlb_acl_1LB_1t.cfg @@ -0,0 +1,37 @@ +; Copyright (c) 2017 Intel Corporation +; +; Licensed under the Apache License, Version 2.0 (the "License"); +; you may not use this file except in compliance with the License. +; You may obtain a copy of the License at +; +; http:#www.apache.org/licenses/LICENSE-2.0 +; +; Unless required by applicable law or agreed to in writing, software +; distributed under the License is distributed on an "AS IS" BASIS, +; WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +; See the License for the specific language governing permissions and +; limitations under the License. + +[PIPELINE0] +type = MASTER +core = 0 +[PIPELINE1] +type = ARPICMP +core = 1 +pktq_in = SWQ0 +pktq_out = TXQ0.0 TXQ1.0 +nd_route_tbl = (fe80::6a05:caff:fe30:21b0,64,0,fe80::6a05:caff:fe30:21b0) +nd_route_tbl = (2012::6a05:caff:fe30:2081,64,1,2012::6a05:caff:fe30:2081) +ports_mac_list = 00:00:00:00:00:01 00:00:00:00:00:02 +pktq_in_prv = RXQ0.0 +prv_to_pub_map = (0,1) +prv_que_handler = (0) +[PIPELINE2] +type = ACL +core = 2 +pktq_in = RXQ0.0 RXQ1.0 +pktq_out = TXQ0.1 TXQ1.1 SWQ0 +n_flows = 1000000 +pkt_type = ipv6 +traffic_type = 6 + diff --git a/VNFs/vACL/config/IPv6_swlb_acl.tc b/VNFs/vACL/config/IPv6_swlb_acl.tc new file mode 100644 index 00000000..0dc82129 --- /dev/null +++ b/VNFs/vACL/config/IPv6_swlb_acl.tc @@ -0,0 +1,40 @@ +; Copyright (c) 2017 Intel Corporation +; +; Licensed under the Apache License, Version 2.0 (the "License"); +; you may not use this file except in compliance with the License. +; You may obtain a copy of the License at +; +; http:#www.apache.org/licenses/LICENSE-2.0 +; +; Unless required by applicable law or agreed to in writing, software +; distributed under the License is distributed on an "AS IS" BASIS, +; WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +; See the License for the specific language governing permissions and +; limitations under the License. + +link 0 down +link 0 config fe80:0000:0000:0000:6a05:caff:fe30:21a0 64 +link 0 up +link 1 down +link 1 config 2012:0000:0000:0000:6a05:caff:fe30:2071 64 +link 1 up +p 1 arpadd 0 fe80::6a05:caff:fe30:21b0 00:00:00:00:00:01 +p 1 arpadd 1 2012::6a05:caff:fe30:2081 3c:fd:fe:a1:37:aa +p action add 0 accept +p action add 0 fwd 1 +p action add 0 count + +p action add 1 accept +p action add 1 fwd 0 +p action add 1 count + + +;p action add 0 conntrack +;p action add 1 conntrack +;p action add 2 conntrack +;p action add 3 conntrack + +p acl add 1 fe80::6a05:caff:fe30:21b0 64 2012::6a05:caff:fe30:2081 64 0 65535 0 65535 0 0 0 +p acl add 1 2012::6a05:caff:fe30:2081 64 fe80::6a05:caff:fe30:21b0 64 0 65535 0 65535 0 0 1 +p acl applyruleset + diff --git a/VNFs/vACL/config/IPv6_swlb_acl_1LB_1t.cfg b/VNFs/vACL/config/IPv6_swlb_acl_1LB_1t.cfg new file mode 100644 index 00000000..43d0e726 --- /dev/null +++ b/VNFs/vACL/config/IPv6_swlb_acl_1LB_1t.cfg @@ -0,0 +1,59 @@ +; Copyright (c) 2017 Intel Corporation +; +; Licensed under the Apache License, Version 2.0 (the "License"); +; you may not use this file except in compliance with the License. +; You may obtain a copy of the License at +; +; http:#www.apache.org/licenses/LICENSE-2.0 +; +; Unless required by applicable law or agreed to in writing, software +; distributed under the License is distributed on an "AS IS" BASIS, +; WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +; See the License for the specific language governing permissions and +; limitations under the License. + +[PIPELINE0] +type = MASTER +core = 0 +[PIPELINE1] +type = ARPICMP +core = 1 +pktq_in = SWQ2 +pktq_out = TXQ0.0 TXQ1.0 +nd_route_tbl = (fe80::6a05:caff:fe30:21b0,64,0,fe80::6a05:caff:fe30:21b0) +nd_route_tbl = (2012::6a05:caff:fe30:2081,64,1,2012::6a05:caff:fe30:2081) +ports_mac_list = 00:00:00:00:00:01 00:00:00:00:00:02 +pktq_in_prv = RXQ0.0 +prv_to_pub_map = (0,1) +prv_que_handler = (0) + +[PIPELINE2] +type = TXRX +core = 2 +pktq_in = RXQ0.0 RXQ1.0 +pktq_out = SWQ0 SWQ1 SWQ2 +pipeline_txrx_type = RXRX +dest_if_offset=176 +[PIPELINE3] +type = LOADB +core = 3 +pktq_in = SWQ0 SWQ1 +pktq_out = SWQ3 SWQ4 +outport_offset = 136 +phyport_offset = 204 +n_vnf_threads = 1 +prv_que_handler = (0) +[PIPELINE4] +type = ACL +core = 4 +pktq_in = SWQ3 SWQ4 +pktq_out = SWQ5 SWQ6 +n_flows = 1000000 +pkt_type = ipv6 +traffic_type = 6 +[PIPELINE5] +type = TXRX +core = 5 +pktq_in = SWQ5 SWQ6 +pktq_out = TXQ0.1 TXQ1.1 +pipeline_txrx_type = TXTX -- cgit 1.2.3-korg