[vpp-dev] About vpp qos

2022-08-29 Thread NUAA无痕 
Hi, vpp experts
im study qos, but i found that hqos is not support, do you have plan for
support it?
if i want use vpp qos, can you give me some suggesions?

best  regards
wanghe

-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#21832): https://lists.fd.io/g/vpp-dev/message/21832
Mute This Topic: https://lists.fd.io/mt/93341609/21656
Group Owner: vpp-dev+ow...@lists.fd.io
Unsubscribe: https://lists.fd.io/g/vpp-dev/leave/1480452/21656/631435203/xyzzy 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

Re: [vpp-dev] ipip0 or ipsec0 is not getting created after executing "ikev2 initiate sa-init pr1"

2022-08-29 Thread Nilesh Inamdar 
Hi Filip,

Thank you for helping.
You were right. After adding the right esp encryption algorithm that does
integrity as well, it worked.

I had one more query.
I wanted to see ikev2 debugs.
So I had set "ikev2 set logging level 5".

But I do know where the debugs will get dumped.
Can you please help ?

Thanks
Nilesh Inamdar

On Fri, Aug 26, 2022 at 6:14 PM Filip Tehlar -X (ftehlar - PANTHEON
TECHNOLOGIES at Cisco) via lists.fd.io 
wrote:

> Hi Nilesh,
>
> looks like you didn't configure esp-integ-alg (it is not a good idea not
> to use integrity algorithm) .
> So, either configure esp-integ-alg, or use crypto algorithm that does
> integrity check too, like "esp-crypto-alg aes-gcm-16 256"
>
> Filip
> --
> *From:* vpp-dev@lists.fd.io  on behalf of Nilesh
> Inamdar 
> *Sent:* Friday, August 26, 2022 2:20 PM
> *To:* vpp-dev@lists.fd.io 
> *Subject:* [vpp-dev] ipip0 or ipsec0 is not getting created after
> executing "ikev2 initiate sa-init pr1"
>
> Hi Team,
>
> I am trying to bringup IPSec session between 2 VPP.
> After configuring and executing "ikev2 initiate sa-init pr1", the tunnel
> ipip0 or ipsec0 is not getting created.
> I see that Child SA is not getting programmed correctly.
>
> Topology:
> vpp-responder (fpeth0) (192.168.4.1) -- (192.168.4.2)
> (fpeth0)vpp-initiator
>
> Following are the logs:
> ##
> Initiator logs
> ##
>
> vpp#
> vpp# sh version
> vpp v22.10-rc0~142-gabd566942 built by root on b804503bfc4e at
> 2022-08-26T09:31:25
> vpp#
> vpp# show plugins
>  Plugin path is: /usr/lib/x86_64-linux-gnu/vpp_plugins
>
>  Plugin   Version
>  Description
>   1. memif_plugin.so  22.10-rc0~142-gabd566942
> Packet Memory Interface (memif) -- Experimental
>   2. ping_plugin.so   22.10-rc0~142-gabd566942
> Ping (ping)
>   3. dpdk_plugin.so   22.10-rc0~142-gabd566942
> Data Plane Development Kit (DPDK)
>   4. linux_nl_plugin.so   22.10-rc0~142-gabd566942
> linux Control Plane - Netlink listener
>   5. crypto_openssl_plugin.so 22.10-rc0~142-gabd566942
> OpenSSL Crypto Engine
>   6. ikev2_plugin.so  22.10-rc0~142-gabd566942
> Internet Key Exchange (IKEv2) Protocol
>   7. linux_cp_plugin.so   22.10-rc0~142-gabd566942
> Linux Control Plane - Interface Mirror
> vpp#
> vpp#
> vpp# set interface state fpeth0 up
> vpp# set interface ip address fpeth0 192.168.4.2/24
> vpp# ikev2 profile add pr1
> vpp# ikev2 profile set pr1 auth shared-key-mic string Vpp123
> vpp# ikev2 profile set pr1 id local fqdn roadwarrior.vpn.example.com
> vpp# ikev2 profile set pr1 id remote fqdn vpp.home
> vpp# ikev2 profile set pr1 traffic-selector local ip-range 192.168.5.0 -
> 192.168.5.255 port-range 0 - 65535 protocol 0
> vpp# ikev2 profile set pr1 traffic-selector remote ip-range 192.168.3.0 -
> 192.168.3.255 port-range 0 - 65535 protocol 0
> vpp#
> vpp# ikev2 profile set pr1 responder fpeth0 192.168.4.1
> vpp# ikev2 profile set pr1 ike-crypto-alg aes-cbc 256 ike-integ-alg
> sha1-96 ike-dh modp-2048
> vpp# ikev2 profile set pr1 esp-crypto-alg aes-cbc 256
> vpp# ikev2 profile set pr1 sa-lifetime 3600 10 5 0
> vpp#
> vpp# ikev2 initiate sa-init pr1
> vpp# sh ikev2 sa details
> iip 192.168.4.2 ispi 289ce7c7aaa086d8 rip 192.168.4.1 rspi 47ee71e432475b6a
>  encr:aes-cbc-256 prf:hmac-sha2-256 integ:sha1-96 dh-group:modp-2048
>  nonce i:6a5359361129c654db012179b4ba6355ee12c72a10cdc8b176034ba9e0f1de19
>r:16b4f3372563fec3241b2f50370ea34c857b9b15304e7592b68ba882ec63d7cb
>  SK_d5b72bc5a285f4542eda61d3b320c50ddb533f3b5a308141f0f732f7cd9c0499a
>  SK_a  i:8d12f619337db39bbbaeb90251707d0dde34321e
>r:12d35535e8572b519d761341c77e34e0146689d9
>  SK_e  i:b62606f7835aa0bb883e95a9880009e6bdd4e219a5e013d2109daf7417838f4b
>r:ee42f7a0af25d7a02c93f1d3e902590f08aa1836bf551c4ea9145251ad0feea9
>  SK_p  i:41f65005aa7003e5b7ed52ed23b59c131486a77fe9943968d5ebc06bb59f95e0
>r:d03cf04e294af3563504a94f9bcff552bce74e17ba7b2485ae90546098cc00bc
>  identifier (i) id-type fqdn data roadwarrior.vpn.example.com
>  identifier (r) id-type fqdn data vpp.home
>child sa 0:
> spi(i) 5714e027 spi(r) 0
> SK_e  i:
>   r:
> traffic selectors (i):0 type 7 protocol_id 0 addr 192.168.5.0 -
> 192.168.5.255 port 0 - 65535
> traffic selectors (r):0 type 7 protocol_id 0 addr 192.168.3.0 -
> 192.168.3.255 port 0 - 65535
> Stats:
>  keepalives :0
>  rekey :0
>  SA init :0 (retransmit: 0)
>  retransmit: 0
>  SA auth :0
>
> vpp# show ipsec
> show ipsec: unknown input `'
> vpp# show ipsec all
> SPD Bindings:
> IPSec async mode: off
> vpp#
>
>
> ##
> Responder logs
> ##
>
> vpp# sh version
> vpp v22.10-rc0~142-gabd566942 built by root on b8045