Skip to Content.
Sympa Menu

rare-users - [RARE-users] Fwd: Access-list by using Freertr/Tofino ASIC

Subject: RARE user and assistance email list

List archive

[RARE-users] Fwd: Access-list by using Freertr/Tofino ASIC


Chronological Thread 
    < Chronological >      < Thread >
  • From: mc36 <>
  • To: "" <>
  • Subject: [RARE-users] Fwd: Access-list by using Freertr/Tofino ASIC
  • Date: Thu, 11 Aug 2022 10:52:18 +0200



-------- Forwarded Message --------
Subject: Re: Access-list by using Freertr/Tofino ASIC
Date: Thu, 11 Aug 2022 10:51:36 +0200
From: mc36 <>
To: Everson Borges <>, rafaelsg <>

hi,

as discussed before briefly, there is no such a knob as pbr2polka in the
dataplanes yet as they try to provide as minimal is they need...

AMS0001#show running-config | include pbr
ipv4 pbr CORE sequence 10 polka4 CORE nexthop 10.11.22.2

AMS0001#

what they can provide are the following:

mc36@noti:~$ cat /nfs/own/web/src/misc/p4lang/forwarder.py | grep pbr4
if cmds[0] == "pbr4norm":
if cmds[0] == "pbr4vrf":
if cmds[0] == "pbr4hop":
if cmds[0] == "pbr4lab":
mc36@noti:~$

here, as polka will provide a tunnel interface, the best you can do to place
it to a fresh new vrf:

vrf def polkav
exit
serv p4 p4
export-vrf polkav
exit
int tun1122
vrf for polkav
ipv4 address 10.11.22.1 255.255.255.0
exit
ipv4 pbr CORE sequence 10 polka4 polkav nexthop 10.11.22.2

this will have the same effect, but expressed in a dataplane friendly way...

br,
cs




On 8/10/22 17:06, Everson Borges wrote:

Hi Csaba, how are you? I hope you are well. :)


I am trying to run Freertr/Tofino and PolKa at the RARE Testbed and am facing
some problems/doubts about it.

As you can see in the attached Figure, we are trying to ping from host 10.1.101.101 to 10.2.101.101. We have set up an access list as described below. However, we are not seeing the packet being classified by the access-list in the routers (AMS and FRA).

sequence 10 permit 17 10.1.101.101 255.255.255.255 all 10.2.101.101
255.255.255.255 all tos 32
sequence 20 permit 6 10.1.101.101 255.255.255.255 all 10.2.101.101
255.255.255.255 all tos 32
sequence 30 permit 1 10.1.101.101 255.255.255.255 all 10.2.101.101
255.255.255.255 all tos 32

We pinged by using the following command:
Screen Shot 2022-08-10 at 12.00.59.png

After pinging, we tried to see the packet coming at the Amsterdam router by
using the following command:

AMS0001#display access-list polka4

However, we are not seeing the counter being incremented in the access list.
In my home lab, it works.

Do you have any idea what is going on? Is there a command that we can
expose the incoming traffic in the routers, such as tcpdump?

Best regards,
--
Att.
Everson Scherrer Borges

  • [RARE-users] Fwd: Access-list by using Freertr/Tofino ASIC, mc36, 08/11/2022

Archive powered by MHonArc 2.6.19.

Top of Page