Uploaded image for project: 'vpp'
  1. vpp
  2. VPP-521

Classify API enhancement to redirect traffic to pre-defined VRF

XMLWordPrintable

    • Icon: Improvement Improvement
    • Resolution: Done
    • Icon: Medium Medium
    • None
    • None
    • None

      Policy-based routing(PBR) is applied to incoming packets, and VPP’s input ACL feature can be used to classify and redirect traffic to pre-defined VRF. Especially this feature can be applied to L3 input ACL.

      • Classify API change to add PBR related parameters to update fib index for traffic redirection inside VPP’s input ACL node.

      <define classify_add_del_session>
      @param action -
      0: no action (by default)
      metadata is not used.
      1: Classified IP packets will be looked up from the
      specified ipv4 fib table (configured by metadata as VRF id).
      Only valid for L3 input ACL node
      2: Classified IP packets will be looked up from the
      specified ipv6 fib table (configured by metadata as VRF id).
      Only valid for L3 input ACL node
      @param metadata - valid only if action != 0
      VRF id if action is 1 or 2.

      @@ -1736,6 +1759,8 @@ define classify_add_del_session
      u32 hit_next_index;
      u32 opaque_index;
      i32 advance;
      + u8 action;
      + u32 metadata;
      u8 match[0];
      };

      Here's how it works:
      Ingress packets are punted to the “Input ACL node” where traffic is classified based on n-tuple keys. If no matched session is found from the classify tables, then it will be passed to “the lookup node” for normal routing. If a classify session is hit from one of classify tables, then sw_if_index will be updated depending on action field in the session entry. This action parameter is configured when a classify session creation API is called by the control plane. If action is VRF_SET (1 or 2), user-defined VRF id will be used for destination IP lookup from “the lookup node”.

      Additionally, current classify API needs to be expanded to have a easy & quick way to locate the current node's packet pointer.

      <define classify_add_del_table>
      @param current_data_flag - option to use current node's packet payload
      as the starting point from where packets are classified,
      This option is only valid for L2/L3 input ACL for now.
      0: by default, classify data from the buffer's start location
      1: classify packets from VPP node’s current data pointer
      @param current_data_offset - a signed value to shift the start location of
      the packet to be classified
      For example, if input IP ACL node is used, L2 header’s first byte
      can be accessible by configuring current_data_offset to -14.
      This is valid only if current_data_flag is set to 1.

      @@ -1698,6 +1708,8 @@ define classify_add_del_table
      u32 match_n_vectors;
      u32 next_table_index;
      u32 miss_next_index;
      + u8 current_data_flag;
      + i16 current_data_offset;
      u8 mask[0];
      };

            jonshin Steve Shin
            jonshin Steve Shin
            Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

              Created:
              Updated:
              Resolved:

                Estimated:
                Original Estimate - 2 weeks
                2w
                Remaining:
                Remaining Estimate - 2 weeks
                2w
                Logged:
                Time Spent - Not Specified
                Not Specified