Subject: RARE user and assistance email list
List archive
- From: Everson Borges <>
- To: ,
- Cc: "" <>, "Rafael S. Guimaraes" <>
- Subject: Re: [RARE-users] [freertr] Fwd: Access-list by using Freertr/Tofino ASIC
- Date: Thu, 11 Aug 2022 11:40:00 -0300
Thanks again, Csaba! I'm writing everything down.
I was thinking the access list didn't work, but if it just doesn't show up, that's fine.
About, to add a little to the code tofino... :) I would love to try, but at this moment I don't think I will be able to, but this challenge is very interesting. I'll put it on the list...hehehee
I was thinking the access list didn't work, but if it just doesn't show up, that's fine.
About, to add a little to the code tofino... :) I would love to try, but at this moment I don't think I will be able to, but this challenge is very interesting. I'll put it on the list...hehehee
Best regards,
Everson
Em qui., 11 de ago. de 2022 às 10:59, mc36 <> escreveu:
well, and reading through the p4 code real quickly, i just noticed that it don't have a counter attached....
(yeahhh, if i recall correctly, frederic added the counters only those tables that time out without a traffic, like nat,
flow inspection, bridge mac addresses, etc) here is a sample which have a counter attached:
https://github.com/rare-freertr/freeRtr/blob/master/misc/p4bf/include/ig_ctl_nat.p4#L29
the rest of the dataplanes btw do report up on all matching, so if you have some spare time, feel free to add some to the tofino code... :)
until that, you could be able to spot if you succeeded pbring the traffic purely by the ping rtt times:
the longer path should give you bigger rtt whereas the shorter path should give you lower rtt...
br,
cs
On 8/11/22 15:25, mc36 wrote:
> hi,
> my bad, i also missed out a very important part of the puzzle from my explanation:
> so the thing is that, once the given pbr rule cannot be expressed,
> there won't be any ace programmed to the hardware as it cannot point
> to a valid p4 function to get executed upon matching;
> https://github.com/rare-freertr/freeRtr/blob/master/misc/p4bf/include/ig_ctl_pbr.p4#L108
> please see below the hardware's run-time equivalent of the same...
> and since the packets seemingly match to some routing entry, the acic route them
> without giving them up to freerouter, that's why you were not able to see them in
> the debug fwd packet... btw, when it comes to a dataplane, this command basically
> can only show you the control (routing protocol) and exception (ttl<2) packets...
> br,
> cs
>
>
> AMS0001#tna-bfshell
> bfshell> bfrt_python
> In [1]: bfrt
> bfrt> bf_router_GEANT_TESTBED
> bfrt.bf_router_GEANT_TESTBED> pipe
> bfrt.bf_router_GEANT_TESTBED.pipe> ig_ctl
> bfrt.bf_router_GEANT_TESTBED.pipe.ig_ctl> ig_ctl_pbr
> bfrt.bf_router_GEANT_TESTBED.pipe.ig_ctl.ig_ctl_pbr> tbl_ipv4_pbr
> bfrt.bf_router_GEANT_TESTBED.pipe.ig_ctl.ig_ctl_pbr.tbl_ipv4_pbr> dump
> ----------------------------------------------------------------> dump()
> ----- tbl_ipv4_pbr Dump Start -----
> Default Entry:
> Entry data (action : NoAction):
>
> Table pipe.ig_ctl.ig_ctl_pbr.tbl_ipv4_pbr has no entries.
> ----- tbl_ipv4_pbr Dump End -----
>
>
> bfrt.bf_router_GEANT_TESTBED.pipe.ig_ctl.ig_ctl_pbr.tbl_ipv4_pbr>
>
>
>
>
>
> On 8/11/22 15:02, Everson Borges wrote:
>> Thanks, Csaba! I am taking notes of this tip :), it will be very useful.
>>
>> But I think I did not explain it correctly in the previous email. Our biggest difficulty is regarding the traffic classification because once in Tofino, the ACL didn't work as
>> expected. In my lab at home via p4emu, it worked.
>>
>> So, do you know why the traffic is not going through the ACLs? When I run the command "display access-list polka4" the counters appear as zero.
>>
>> sequence 10 permit 17 10.1.101.101 255.255.255.255 all 10.2.101.101 255.255.255.255 all tos 32
>> sequence 20 permit 6 10.1.101.101 255.255.255.255 all 10.2.101.101 255.255.255.255 all tos 32
>> sequence 30 permit 1 10.1.101.101 255.255.255.255 all 10.2.101.101 255.255.255.255 all tos 32
>>
>> Best regards,
>> Everson
>>
>> Em qui., 11 de ago. de 2022 s 09:19, mc36 < <mailto:>> escreveu:
>>
>> my bad, after tring this out on my homenet, i found that what i've suggested beforehand was almost the same config...
>> here is the one that works out to the dataplanes and performs the encapsulation as configured:
>>
>> vrf def polkav
>> exit
>> serv p4 p4
>> export-vrf polkav
>> exit
>> int tun1122
>> vrf for polkav
>> ipv4 address 10.11.22.1 0.0.0.0 <------------------- all zeroes euuals to the default route btw... :)
>> exit
>> ipv4 pbr CORE sequence 10 polka4 polkav
>>
>> ^^^^^^^ that is, no nexthop specified, just the new vrf, and you just allow pure ip routing to match to the tunnel's default route... :)
>>
>> br,
>> cs
>>
>>
>>
>>
>> On 8/11/22 10:52, mc36 wrote:
>> >
>> >
>> >
>> > -------- Forwarded Message --------
>> > Subject: Re: Access-list by using Freertr/Tofino ASIC
>> > Date: Thu, 11 Aug 2022 10:51:36 +0200
>> > From: mc36 < <mailto:>>
>> > To: Everson Borges < <mailto:>>, rafaelsg < <mailto:>>
>> >
>> > hi,
>> >
>> > as discussed before briefly, there is no such a knob as pbr2polka in the dataplanes yet as they try to provide as minimal is they need...
>> >
>> > AMS0001#show running-config | include pbr
>> > ipv4 pbr CORE sequence 10 polka4 CORE nexthop 10.11.22.2
>> >
>> > AMS0001#
>> >
>> > what they can provide are the following:
>> >
>> > mc36@noti:~$ cat /nfs/own/web/src/misc/p4lang/forwarder.py | grep pbr4
>> > if cmds[0] == "pbr4norm":
>> > if cmds[0] == "pbr4vrf":
>> > if cmds[0] == "pbr4hop":
>> > if cmds[0] == "pbr4lab":
>> > mc36@noti:~$
>> >
>> > here, as polka will provide a tunnel interface, the best you can do to place it to a fresh new vrf:
>> >
>> > vrf def polkav
>> > exit
>> > serv p4 p4
>> > export-vrf polkav
>> > exit
>> > int tun1122
>> > vrf for polkav
>> > ipv4 address 10.11.22.1 255.255.255.0
>> > exit
>> > ipv4 pbr CORE sequence 10 polka4 polkav nexthop 10.11.22.2
>> >
>> > this will have the same effect, but expressed in a dataplane friendly way...
>> >
>> > br,
>> > cs
>> >
>> >
>> >
>> >
>> > On 8/10/22 17:06, Everson Borges wrote:
>> >>
>> >> Hi Csaba, how are you? I hope you are well. :)
>> >>
>> >>
>> >> I am trying to run Freertr/Tofino and PolKa at the RARE Testbed and am facing some problems/doubts about it.
>> >>
>> >> As you can see in the attached Figure, we are trying to ping from host 10.1.101.101 to 10.2.101.101. We have set up an access list as described below. However, we are
>> not
>> seeing
>> >> the packet being classified by the access-list in the routers (AMS and FRA).
>> >>
>> >> sequence 10 permit 17 10.1.101.101 255.255.255.255 all 10.2.101.101 255.255.255.255 all tos 32
>> >> sequence 20 permit 6 10.1.101.101 255.255.255.255 all 10.2.101.101 255.255.255.255 all tos 32
>> >> sequence 30 permit 1 10.1.101.101 255.255.255.255 all 10.2.101.101 255.255.255.255 all tos 32
>> >>
>> >> We pinged by using the following command:
>> >> Screen Shot 2022-08-10 at 12.00.59.png
>> >>
>> >> After pinging, we tried to see the packet coming at the Amsterdam router by using the following command:
>> >>
>> >> AMS0001#display access-list polka4
>> >>
>> >> However, we are not seeing the counter being incremented in the access list. In my home lab, it works.
>> >>
>> >> Do you have any idea what is going on? Is there a command that we can expose the incoming traffic in the routers, such as tcpdump?
>> >>
>> >> Best regards,
>> >> --
>> >> Att.
>> >> Everson Scherrer Borges
>> >
>> >
>> >
>> >
>> >
>>
>>
>>
>> --
>> Att.
>> Everson Scherrer Borges
>>
>
>
> -=-=-=-=-=-=-=-=-=-=-=-
> Groups.io Links: You receive all messages sent to this group.
> View/Reply Online (#491): https://groups.io/g/freertr/message/491
> Mute This Topic: https://groups.io/mt/92957675/6006518
> Group Owner:
> Unsubscribe: https://groups.io/g/freertr/unsub []
> -=-=-=-=-=-=-=-=-=-=-=-
>
>
Att.
Everson Scherrer Borges- Re: [RARE-users] [freertr] Fwd: Access-list by using Freertr/Tofino ASIC, mc36, 08/11/2022
- Re: [RARE-users] [freertr] Fwd: Access-list by using Freertr/Tofino ASIC, Everson Borges, 08/11/2022
- Re: [RARE-users] [freertr] Fwd: Access-list by using Freertr/Tofino ASIC, mc36, 08/11/2022
- Message not available
- Re: [RARE-users] [freertr] Fwd: Access-list by using Freertr/Tofino ASIC, mc36, 08/11/2022
- Re: [RARE-users] [freertr] Fwd: Access-list by using Freertr/Tofino ASIC, Everson Borges, 08/11/2022
- Re: [RARE-users] [freertr] Fwd: Access-list by using Freertr/Tofino ASIC, mc36, 08/11/2022
- Re: [RARE-users] [freertr] Fwd: Access-list by using Freertr/Tofino ASIC, Everson Borges, 08/11/2022
Archive powered by MHonArc 2.6.19.