Subject: RARE user and assistance email list
List archive
- From: Everson Borges <>
- To: ,
- Cc: "" <>, "Rafael S. Guimaraes" <>
- Subject: Re: [RARE-users] [freertr] Fwd: Access-list by using Freertr/Tofino ASIC
- Date: Thu, 11 Aug 2022 10:02:17 -0300
Thanks, Csaba! I am taking notes of this tip :), it will be very useful.
But I think I did not explain it correctly in the previous email. Our biggest difficulty is regarding the traffic classification because once in Tofino, the ACL didn't work as expected. In my lab at home via p4emu, it worked.
But I think I did not explain it correctly in the previous email. Our biggest difficulty is regarding the traffic classification because once in Tofino, the ACL didn't work as expected. In my lab at home via p4emu, it worked.
So, do you know why the traffic is not going through the ACLs? When I run the command "display access-list polka4" the counters appear as zero.
sequence 10 permit 17 10.1.101.101 255.255.255.255 all 10.2.101.101 255.255.255.255 all tos 32
sequence 20 permit 6 10.1.101.101 255.255.255.255 all 10.2.101.101 255.255.255.255 all tos 32
sequence 30 permit 1 10.1.101.101 255.255.255.255 all 10.2.101.101 255.255.255.255 all tos 32
sequence 20 permit 6 10.1.101.101 255.255.255.255 all 10.2.101.101 255.255.255.255 all tos 32
sequence 30 permit 1 10.1.101.101 255.255.255.255 all 10.2.101.101 255.255.255.255 all tos 32
Best regards,
Everson
Em qui., 11 de ago. de 2022 às 09:19, mc36 <> escreveu:
my bad, after tring this out on my homenet, i found that what i've suggested beforehand was almost the same config...
here is the one that works out to the dataplanes and performs the encapsulation as configured:
vrf def polkav
exit
serv p4 p4
export-vrf polkav
exit
int tun1122
vrf for polkav
ipv4 address 10.11.22.1 0.0.0.0 <------------------- all zeroes euuals to the default route btw... :)
exit
ipv4 pbr CORE sequence 10 polka4 polkav
^^^^^^^ that is, no nexthop specified, just the new vrf, and you just allow pure ip routing to match to the tunnel's default route... :)
br,
cs
On 8/11/22 10:52, mc36 wrote:
>
>
>
> -------- Forwarded Message --------
> Subject: Re: Access-list by using Freertr/Tofino ASIC
> Date: Thu, 11 Aug 2022 10:51:36 +0200
> From: mc36 <>
> To: Everson Borges <>, rafaelsg <>
>
> hi,
>
> as discussed before briefly, there is no such a knob as pbr2polka in the dataplanes yet as they try to provide as minimal is they need...
>
> AMS0001#show running-config | include pbr
> ipv4 pbr CORE sequence 10 polka4 CORE nexthop 10.11.22.2
>
> AMS0001#
>
> what they can provide are the following:
>
> mc36@noti:~$ cat /nfs/own/web/src/misc/p4lang/forwarder.py | grep pbr4
> if cmds[0] == "pbr4norm":
> if cmds[0] == "pbr4vrf":
> if cmds[0] == "pbr4hop":
> if cmds[0] == "pbr4lab":
> mc36@noti:~$
>
> here, as polka will provide a tunnel interface, the best you can do to place it to a fresh new vrf:
>
> vrf def polkav
> exit
> serv p4 p4
> export-vrf polkav
> exit
> int tun1122
> vrf for polkav
> ipv4 address 10.11.22.1 255.255.255.0
> exit
> ipv4 pbr CORE sequence 10 polka4 polkav nexthop 10.11.22.2
>
> this will have the same effect, but expressed in a dataplane friendly way...
>
> br,
> cs
>
>
>
>
> On 8/10/22 17:06, Everson Borges wrote:
>>
>> Hi Csaba, how are you? I hope you are well. :)
>>
>>
>> I am trying to run Freertr/Tofino and PolKa at the RARE Testbed and am facing some problems/doubts about it.
>>
>> As you can see in the attached Figure, we are trying to ping from host 10.1.101.101 to 10.2.101.101. We have set up an access list as described below. However, we are not seeing
>> the packet being classified by the access-list in the routers (AMS and FRA).
>>
>> sequence 10 permit 17 10.1.101.101 255.255.255.255 all 10.2.101.101 255.255.255.255 all tos 32
>> sequence 20 permit 6 10.1.101.101 255.255.255.255 all 10.2.101.101 255.255.255.255 all tos 32
>> sequence 30 permit 1 10.1.101.101 255.255.255.255 all 10.2.101.101 255.255.255.255 all tos 32
>>
>> We pinged by using the following command:
>> Screen Shot 2022-08-10 at 12.00.59.png
>>
>> After pinging, we tried to see the packet coming at the Amsterdam router by using the following command:
>>
>> AMS0001#display access-list polka4
>>
>> However, we are not seeing the counter being incremented in the access list. In my home lab, it works.
>>
>> Do you have any idea what is going on? Is there a command that we can expose the incoming traffic in the routers, such as tcpdump?
>>
>> Best regards,
>> --
>> Att.
>> Everson Scherrer Borges
>
>
> -=-=-=-=-=-=-=-=-=-=-=-
> Groups.io Links: You receive all messages sent to this group.
> View/Reply Online (#483): https://groups.io/g/freertr/message/483
> Mute This Topic: https://groups.io/mt/92954623/6006518
> Group Owner:
> Unsubscribe: https://groups.io/g/freertr/unsub []
> -=-=-=-=-=-=-=-=-=-=-=-
>
>
Att.
Everson Scherrer Borges- Re: [RARE-users] [freertr] Fwd: Access-list by using Freertr/Tofino ASIC, mc36, 08/11/2022
- Re: [RARE-users] [freertr] Fwd: Access-list by using Freertr/Tofino ASIC, Everson Borges, 08/11/2022
- Re: [RARE-users] [freertr] Fwd: Access-list by using Freertr/Tofino ASIC, mc36, 08/11/2022
- Message not available
- Re: [RARE-users] [freertr] Fwd: Access-list by using Freertr/Tofino ASIC, mc36, 08/11/2022
- Re: [RARE-users] [freertr] Fwd: Access-list by using Freertr/Tofino ASIC, Everson Borges, 08/11/2022
- Re: [RARE-users] [freertr] Fwd: Access-list by using Freertr/Tofino ASIC, mc36, 08/11/2022
- Re: [RARE-users] [freertr] Fwd: Access-list by using Freertr/Tofino ASIC, Everson Borges, 08/11/2022
Archive powered by MHonArc 2.6.19.