[vpp-dev] Possible missing build dependency on debian testing distributions?

[Chuan Han via lists.fd.io]

Hi, vpp experts,

I was building the latest vpp code on a debian testing based system. I hit
the following errors when running: make install-ext-deps

Package libelf was not found in the pkg-config search path.



Perhaps you should add the directory containing `libelf.pc'



to the PKG_CONFIG_PATH environment variable


   No package 'libelf' found



btf.c:17:10: fatal error: gelf.h: No such file or directory



   17 | #include 



  |  ^~~~



compilation terminated.

I have to install a missing package before I can build successfully.

sudo apt-get install libelf-dev

Does this mean vpp makefile shall be updated so that libelf-dev is
installed by default for all debian distributions?

https://github.com/FDio/vpp/blob/master/Makefile#L98

If so, can someone update the makefile?

Thanks.
Chuan

-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#17516): https://lists.fd.io/g/vpp-dev/message/17516
Mute This Topic: https://lists.fd.io/mt/77082190/21656
Group Owner: vpp-dev+ow...@lists.fd.io
Unsubscribe: https://lists.fd.io/g/vpp-dev/unsub [arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[vpp-dev] Does intel x710 under vpp has the same lldp dropping behavior by default like in kernel?

[Chuan Han via lists.fd.io]

Hi, vpp experts,

It is known that intel x710 nic in the kernel will drop lldp pkts by
default.

https://portal.nutanix.com/page/documents/kbs/details?targetId=kA00e00LJEFCA4

Does anyone know it is also true on vpp? If vpp/dpdk drops, is there a
workaround to disable this feature like in kernel?

Thanks.
Chuan
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.

View/Reply Online (#16998): https://lists.fd.io/g/vpp-dev/message/16998
Mute This Topic: https://lists.fd.io/mt/75617352/21656
Group Owner: vpp-dev+ow...@lists.fd.io
Unsubscribe: https://lists.fd.io/g/vpp-dev/unsub  [arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

Re: [vpp-dev] vpp crashes when running "ip punt redirect rx via "

[Chuan Han via lists.fd.io]

Thanks.

The fix works.

On Thu, Jul 2, 2020 at 2:01 AM Mohsin Kazmi (sykazmi) 
wrote:

> Hi Chuan,
>
>
>
> Please find the following fix for it.
>
>
>
> https://gerrit.fd.io/r/c/vpp/+/27760
>
>
>
> It seems that order is issue.
>
>
>
> -br
>
> Mohsin
>
>
>
> *From: * on behalf of "Chuan Han via lists.fd.io"
> 
> *Reply-To: *"chuan...@google.com" 
> *Date: *Thursday, July 2, 2020 at 12:57 AM
> *To: *vpp-dev 
> *Subject: *[vpp-dev] vpp crashes when running "ip punt redirect rx
>  via  "
>
>
>
> It seems this commit causes the issue.
>
>
>
> https://gerrit.fd.io/r/c/vpp/+/27675
>
>
>
>
>
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.

View/Reply Online (#16877): https://lists.fd.io/g/vpp-dev/message/16877
Mute This Topic: https://lists.fd.io/mt/75247302/21656
Group Owner: vpp-dev+ow...@lists.fd.io
Unsubscribe: https://lists.fd.io/g/vpp-dev/unsub  [arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[vpp-dev] vpp crashes when running "ip punt redirect rx via "

[Chuan Han via lists.fd.io]

It seems this commit causes the issue.

https://gerrit.fd.io/r/c/vpp/+/27675
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.

View/Reply Online (#16864): https://lists.fd.io/g/vpp-dev/message/16864
Mute This Topic: https://lists.fd.io/mt/75247302/21656
Group Owner: vpp-dev+ow...@lists.fd.io
Unsubscribe: https://lists.fd.io/g/vpp-dev/unsub  [arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

Re: [vpp-dev] vppctl is broken on master head

[Chuan Han via lists.fd.io]

Yes. It fixes the issue.

On Fri, May 15, 2020 at 4:28 PM Florin Coras  wrote:

> Hi Chuan,
>
> Does this [1] fix the issue?
>
> Regards,
> Florin
>
> [1] https://gerrit.fd.io/r/c/vpp/+/27103
>
> On May 15, 2020, at 4:24 PM, Chuan Han via lists.fd.io <
> chuanhan=google@lists.fd.io> wrote:
>
> The following patch is very suspicious.
>
> * a58be82dd vlib: fix unix cli commands crash without session
>
> vppctl works fine at: * 0ef915398 (HEAD) ikev2: use u32 in unformat
>
>
> On Fri, May 15, 2020 at 4:07 PM Chuan Han via lists.fd.io  google@lists.fd.io> wrote:
>
>> Hi, vpp team,
>>
>> It seems vppctl is broken on the master head: 18a86c6e6 g2: fix the g2
>> build for Ubuntu 20.04
>>
>> The broken functionality is vppctl single command mode: sudo vppctl > command>
>>
>> host# vppctl
>> srv-2-vpp# sh ver
>> vpp v20.09-rc0~15-g18a86c6e6 built by root on host at 2020-05-15T15:31:41
>> srv-2-vpp# quit
>> host#
>> host# vppctl sh ver
>> vpp v20.09-rc0~15-g18a86c6e6 built by root on host at 2020-05-15T15:31:41
>> *quit: invalid for non-interactive sessions*
>> ^C
>>
>> vppctl hangs here. The command does not return. I have to do ctrl+c to
>> break it.
>>
>> ** 18a86c6e6 g2: fix the g2 build for Ubuntu 20.04*
>> * 4362baa33 ikev2: add support for NAT traversal
>> * 17b5c3d6a tcp: fix bogus time update due to missing cast
>> * 1ce60463a nat: unhide tests
>> * d0e646f68 vcl svm: fix rx event loss
>> * 219fbb228 nat: "users" dump for ED-NAT
>>
>> Can this be fixed?
>>
>> Thanks.
>> Chuan
>>
>> 
>
>
>
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.

View/Reply Online (#16420): https://lists.fd.io/g/vpp-dev/message/16420
Mute This Topic: https://lists.fd.io/mt/74239178/21656
Group Owner: vpp-dev+ow...@lists.fd.io
Unsubscribe: https://lists.fd.io/g/vpp-dev/unsub  [arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

Re: [vpp-dev] vppctl is broken on master head

[Chuan Han via lists.fd.io]

The following patch is very suspicious.

* a58be82dd vlib: fix unix cli commands crash without session

vppctl works fine at: * 0ef915398 (HEAD) ikev2: use u32 in unformat


On Fri, May 15, 2020 at 4:07 PM Chuan Han via lists.fd.io  wrote:

> Hi, vpp team,
>
> It seems vppctl is broken on the master head: 18a86c6e6 g2: fix the g2
> build for Ubuntu 20.04
>
> The broken functionality is vppctl single command mode: sudo vppctl  command>
>
> host# vppctl
> srv-2-vpp# sh ver
> vpp v20.09-rc0~15-g18a86c6e6 built by root on host at 2020-05-15T15:31:41
> srv-2-vpp# quit
> host#
> host# vppctl sh ver
> vpp v20.09-rc0~15-g18a86c6e6 built by root on host at 2020-05-15T15:31:41
> *quit: invalid for non-interactive sessions*
> ^C
>
> vppctl hangs here. The command does not return. I have to do ctrl+c to
> break it.
>
> ** 18a86c6e6 g2: fix the g2 build for Ubuntu 20.04*
> * 4362baa33 ikev2: add support for NAT traversal
> * 17b5c3d6a tcp: fix bogus time update due to missing cast
> * 1ce60463a nat: unhide tests
> * d0e646f68 vcl svm: fix rx event loss
> * 219fbb228 nat: "users" dump for ED-NAT
>
> Can this be fixed?
>
> Thanks.
> Chuan
> 
>
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.

View/Reply Online (#16418): https://lists.fd.io/g/vpp-dev/message/16418
Mute This Topic: https://lists.fd.io/mt/74239178/21656
Group Owner: vpp-dev+ow...@lists.fd.io
Unsubscribe: https://lists.fd.io/g/vpp-dev/unsub  [arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[vpp-dev] vppctl is broken on master head

[Chuan Han via lists.fd.io]

Hi, vpp team,

It seems vppctl is broken on the master head: 18a86c6e6 g2: fix the g2
build for Ubuntu 20.04

The broken functionality is vppctl single command mode: sudo vppctl 

host# vppctl
srv-2-vpp# sh ver
vpp v20.09-rc0~15-g18a86c6e6 built by root on host at 2020-05-15T15:31:41
srv-2-vpp# quit
host#
host# vppctl sh ver
vpp v20.09-rc0~15-g18a86c6e6 built by root on host at 2020-05-15T15:31:41
*quit: invalid for non-interactive sessions*
^C

vppctl hangs here. The command does not return. I have to do ctrl+c to
break it.

** 18a86c6e6 g2: fix the g2 build for Ubuntu 20.04*
* 4362baa33 ikev2: add support for NAT traversal
* 17b5c3d6a tcp: fix bogus time update due to missing cast
* 1ce60463a nat: unhide tests
* d0e646f68 vcl svm: fix rx event loss
* 219fbb228 nat: "users" dump for ED-NAT

Can this be fixed?

Thanks.
Chuan
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.

View/Reply Online (#16416): https://lists.fd.io/g/vpp-dev/message/16416
Mute This Topic: https://lists.fd.io/mt/74239178/21656
Group Owner: vpp-dev+ow...@lists.fd.io
Unsubscribe: https://lists.fd.io/g/vpp-dev/unsub  [arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[vpp-dev] Use OSS-Fuzz, and get upto 20K USD reward

[Chuan Han via lists.fd.io]

Hi, vpp developers,

I think someone may be interested in the following.

If you have an ideal integration of google's OSS-Fuzz with vpp, you will
get upto $20,000 for an ideal integration.

See more details, and how to get started:
https://opensource.googleblog.com/2017/05/oss-fuzz-five-months-later-and.html

Thanks.
Chuan
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.

View/Reply Online (#16286): https://lists.fd.io/g/vpp-dev/message/16286
Mute This Topic: https://lists.fd.io/mt/74079776/21656
Group Owner: vpp-dev+ow...@lists.fd.io
Unsubscribe: https://lists.fd.io/g/vpp-dev/unsub  [arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

Re: [vpp-dev] VPP Plugins build errors from IPSec module

[Chuan Han via Lists.Fd.Io]

I am also interested in frr integration with vpp. Could you please share
detailed steps once you figure it out?

On Tue, Feb 25, 2020, 11:34 PM Ray Kinsella  wrote:

>
>
> I am not sure how accurate / current the information from the wiki is.
>
> However looks like you are missing the Intel Multi-buffer Crypto Library.
> Try a `make install-ext-deps`, then wipe and rebuild.
>
> Ray K
>
> On 25/02/2020 22:34, Majumdar, Kausik wrote:
> > Hi folks,
> >
> >
> >
> > I am trying to build VPP netlink and router plugins based on vpp branch
> v20.01 to integrate and run with routing control plane FRR. I am following
> the guidelines based on
> https://github.com/FRRouting/frr/wiki/Alternate-forwarding-planes:-VPP
> >
> >
> >
> > I am finding issues while trying to compile the IPSec plugin code, it is
> exiting with the below error. I have tried with latest VPP master branch,
> the result is pretty much same. Is there any resolution to this issue or am
> I missing something? If I try to use VPP v18.10 branch then I hit other
> netlink issue which I think discussed in this thread in the past. Hence
> moved to latest VPP code base, tried to link VPPSB and build the
> netlink-install and router-install plugins, hitting IPSec build failures.
> Any recommendation would be helpful.
> >
> >
> >
> > I am running Centos 7.4 machine.
> >
> >
> >
> > [root@localhost build-root]# git branch
> >
> > * (detached from v20.01)
> >
> >   master
> >
> >
> >
> > [root@localhost build-root]# *make V=0 PLATFORM=vpp TAG=vpp_debug
> netlink-install router-install*
> >
> >  Arch for platform 'vpp' is native 
> >
> >  Finding source for external 
> >
> >  Makefile fragment found in /root/vpp/build-data/packages/
> external.mk 
> >
> >  Source found in /root/vpp/build 
> >
> >  Arch for platform 'vpp' is native 
> >
> >  Finding source for vpp 
> >
> >  Makefile fragment found in /root/vpp/build-data/packages/vpp.mk
> 
> >
> >  Source found in /root/vpp/src 
> >
> >  Arch for platform 'vpp' is native 
> >
> >  Finding source for netlink 
> >
> >  Makefile fragment found in /root/vpp/build-data/packages/netlink.mk
> 
> >
> >  Source found in /root/vpp/netlink 
> >
> >  Configuring external: nothing to do 
> >
> >  Building external: nothing to do 
> >
> >  Installing external: nothing to do 
> >
> >  Configuring vpp: nothing to do 
> >
> >  Building vpp in /root/vpp/build-root/build-vpp_debug-native/vpp 
> >
> > [1/660] Building C object
> plugins/crypto_ipsecmb/CMakeFiles/crypto_ipsecmb_plugin.dir/ipsecmb.c.o
> >
> > FAILED:
> plugins/crypto_ipsecmb/CMakeFiles/crypto_ipsecmb_plugin.dir/ipsecmb.c.o
> >
> > /opt/rh/devtoolset-7/root/bin/cc -Dcrypto_ipsecmb_plugin_EXPORTS
> -I/root/vpp/src -I. -Iinclude -I/root/vpp/src/plugins -Iplugins
> -I/opt/vpp/external/x86_64/include -Wno-address-of-packed-member -g -fPIC
> -Werror -Wall -march=corei7 -mtune=corei7-avx  -O0 -DCLIB_DEBUG
> -fstack-protector -DFORTIFY_SOURCE=2 -fno-common  -fPIC   -march=silvermont
> -maes -MD -MT
> plugins/crypto_ipsecmb/CMakeFiles/crypto_ipsecmb_plugin.dir/ipsecmb.c.o -MF
> plugins/crypto_ipsecmb/CMakeFiles/crypto_ipsecmb_plugin.dir/ipsecmb.c.o.d
> -o plugins/crypto_ipsecmb/CMakeFiles/crypto_ipsecmb_plugin.dir/ipsecmb.c.o
>   -c /root/vpp/src/plugins/crypto_ipsecmb/ipsecmb.c
> >
> > /root/vpp/src/plugins/crypto_ipsecmb/ipsecmb.c:20:10: fatal error:
> intel-ipsec-mb.h: No such file or directory
> >
> >  #include 
> >
> >   ^~
> >
> > compilation terminated.
> >
> > [4/660] Building C object
> plugins/ct6/CMakeFiles/ct6_test_plugin.dir/ct6_test.c.o
> >
> > ninja: build stopped: subcommand failed.
> >
> > make: *** [vpp-build] Error 1
> >
> > [root@localhost build-root]#
> >
> >
> >
> > Thanks,
> >
> > Kausik
> >
> >
> >
> >
>
> 
>
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.

View/Reply Online (#15551): https://lists.fd.io/g/vpp-dev/message/15551
Mute This Topic: https://lists.fd.io/mt/71543494/21656
Group Owner: vpp-dev+ow...@lists.fd.io
Unsubscribe: https://lists.fd.io/g/vpp-dev/unsub  [arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

Re: [vpp-dev] Did anything ever make vpp's native ipsec stack (ia32) work with dpdk/phy nic?

[Chuan Han via Lists.Fd.Io]

Hi, Damjan,

It worked!

Thanks for helping!

I can see native ipsec stack works with aes-gcm-256 now.

00:44:05:465769: ip4-input-no-checksum
  IPSEC_ESP: 10.10.10.11 -> 10.10.10.10
tos 0x00, ttl 253, length 540, checksum 0x9387
fragment id 0x
00:44:05:465770: ipsec4-input-feature
  IPSEC_ESP: sa_id 2 spd 1 policy 0 spi 255128 (0x0003e498) seq 3478582380
00:44:05:465770: *esp4-decrypt*
  esp: crypto *aes-gcm-256* integrity none pkt-seq -816384916 sa-seq 0
sa-seq-hi 0

vpp# sh ver
vpp v20.01-rc0~735-gbfd7d294d built by root on esdn-lab at Wed Nov 27
19:34:36 UTC 2019
vpp# sh dpdk ver
DPDK Version: DPDK 19.08.0
DPDK EAL init args:   -c 5554 -n 4 --in-memory --log-level debug
--file-prefix vpp -w :1b:10.1 -w :19:00.1 --master-lcore 2
vpp#

8.5Gbps udp/tcp ixia traffic is happy now.

However, I did not see any performance improvement, i.e., still the same
8.5Gbps. Probably, native stack is more stable and well tested as you
mentioned before.

Thanks.
Chuan

On Thu, Dec 5, 2019 at 4:11 PM Damjan Marion  wrote:

>
> Hi Chuan,
>
> You need to specify salt for GCM to work in static config.
>
> i.e.
> ipsec sa add 1 spi 255129 esp crypto-key
> 0123456789012345678901234567890101234567890123456789012345678901 crypto-alg
> aes-gcm-256 salt 0x12345678
>
> LMK if this helps...
>
> --
> Damjan
>
>
> On 27 Nov 2019, at 15:16, Chuan Han  wrote:
>
> I switched cipher from aes-gcm to aes-cbc. native stack works. it seems
> the issue is related to aes-gcm cipher support in native stack?
> Probably some integration bug between aes-gcm and native stack?
>
> On Tue, Nov 19, 2019 at 10:42 AM Chuan Han via Lists.Fd.Io
> <http://lists.fd.io/>  wrote:
>
>> Hi, Damjan,
>>
>> See attachment for detailed logs. no.vdev.xxx files contain the log for
>> the case where vdev is commented out. v.dev.xxx files contain logs for the
>> case where vdev is enabled.
>>
>> I pinged srv-1 from srv-2, i.e., 172.16.2.2 -> 172.16.1.2.
>>
>> When vdev is removed, the srv-1 cannot decrypt the esp pkts. When vdev is
>> enabled, I can see srv-1 decrypted esp pkts and ping worked fine.
>>
>> Thanks.
>> Chuan
>>
>>
>> On Tue, Nov 19, 2019 at 2:08 AM Damjan Marion  wrote:
>>
>>> Hi Chuan,
>>>
>>> Please note that we have daily run of IPSec performance tests in CSIT
>>> with VPP running on the physical NIC with DPDK drivers.
>>> Also please note that every VPP patch is passing unit tests with IETF
>>> and NIST test encryption vectors.
>>>
>>> Other comments inline….
>>>
>>>
>>> > On 18 Nov 2019, at 23:48, Chuan Han via Lists.Fd.Io
>>> <http://lists.fd.io/>  wrote:
>>> >
>>> > Hi, vpp experts,
>>> >
>>> > I was told that vpp's native ipsec stack is stabler and more
>>> performant. We can enable it by commenting out the vdev line in dpdk
>>> stanza.
>>> >
>>> > However, when I did so, ipsec decryption failed.
>>> >
>>> > Ex:
>>> > # commenting out this line makes decryption fail.
>>> > vdev crypto_aesni_mb0,socket_id=0
>>>
>>> Have you validated that in your working case, packets are decrypted
>>> correctly?
>>> Can you share packet trace for both cases?
>>>
>>> >
>>> > Did anyone ever make native ipsec stack, i.e., ia32 work with dpdk/phy
>>> nic?
>>>
>>> yes, it is tested and working on the daily basis.
>>> >
>>> > The interesting thing is no matter whether I comment out the vdev line
>>> or not, ia32 is shown as the active crypto handler for aes-gcm-256. Does
>>> this mean ia32 is used by both cases?
>>> >
>>> > vpp# sh crypto engines
>>> > NamePrioDescription
>>> > ia32100 Intel IA32 ISA Optimized Crypto
>>> > ipsecmb 80  Intel(R) Multi-Buffer Crypto for IPsec
>>> Library 0.52.0
>>> > openssl 50  OpenSSL
>>> > vpp# sh crypto handlers
>>> > AlgoTypeActive  Candidates
>>> > (nil)
>>> > des-cbc encrypt openssl openssl
>>> > decrypt openssl openssl
>>> > 3des-cbcencrypt openssl openssl
>>> > decrypt openssl openssl
>>> > aes-128-cbc encrypt ia32ia32
>>> ipsecmb

Re: [vpp-dev] Did anything ever make vpp's native ipsec stack (ia32) work with dpdk/phy nic?

[Chuan Han via Lists.Fd.Io]

I switched cipher from aes-gcm to aes-cbc. native stack works. it seems the
issue is related to aes-gcm cipher support in native stack? Probably some
integration bug between aes-gcm and native stack?

On Tue, Nov 19, 2019 at 10:42 AM Chuan Han via Lists.Fd.Io  wrote:

> Hi, Damjan,
>
> See attachment for detailed logs. no.vdev.xxx files contain the log for
> the case where vdev is commented out. v.dev.xxx files contain logs for the
> case where vdev is enabled.
>
> I pinged srv-1 from srv-2, i.e., 172.16.2.2 -> 172.16.1.2.
>
> When vdev is removed, the srv-1 cannot decrypt the esp pkts. When vdev is
> enabled, I can see srv-1 decrypted esp pkts and ping worked fine.
>
> Thanks.
> Chuan
>
>
> On Tue, Nov 19, 2019 at 2:08 AM Damjan Marion  wrote:
>
>> Hi Chuan,
>>
>> Please note that we have daily run of IPSec performance tests in CSIT
>> with VPP running on the physical NIC with DPDK drivers.
>> Also please note that every VPP patch is passing unit tests with IETF and
>> NIST test encryption vectors.
>>
>> Other comments inline….
>>
>>
>> > On 18 Nov 2019, at 23:48, Chuan Han via Lists.Fd.Io > google@lists.fd.io> wrote:
>> >
>> > Hi, vpp experts,
>> >
>> > I was told that vpp's native ipsec stack is stabler and more
>> performant. We can enable it by commenting out the vdev line in dpdk
>> stanza.
>> >
>> > However, when I did so, ipsec decryption failed.
>> >
>> > Ex:
>> > # commenting out this line makes decryption fail.
>> > vdev crypto_aesni_mb0,socket_id=0
>>
>> Have you validated that in your working case, packets are decrypted
>> correctly?
>> Can you share packet trace for both cases?
>>
>> >
>> > Did anyone ever make native ipsec stack, i.e., ia32 work with dpdk/phy
>> nic?
>>
>> yes, it is tested and working on the daily basis.
>> >
>> > The interesting thing is no matter whether I comment out the vdev line
>> or not, ia32 is shown as the active crypto handler for aes-gcm-256. Does
>> this mean ia32 is used by both cases?
>> >
>> > vpp# sh crypto engines
>> > NamePrioDescription
>> > ia32100 Intel IA32 ISA Optimized Crypto
>> > ipsecmb 80  Intel(R) Multi-Buffer Crypto for IPsec
>> Library 0.52.0
>> > openssl 50  OpenSSL
>> > vpp# sh crypto handlers
>> > AlgoTypeActive  Candidates
>> > (nil)
>> > des-cbc encrypt openssl openssl
>> > decrypt openssl openssl
>> > 3des-cbcencrypt openssl openssl
>> > decrypt openssl openssl
>> > aes-128-cbc encrypt ia32ia32
>> ipsecmb openssl
>> > decrypt ia32ia32
>> ipsecmb openssl
>> > aes-192-cbc encrypt ia32ia32
>> ipsecmb openssl
>> > decrypt ia32ia32
>> ipsecmb openssl
>> > aes-256-cbc encrypt ia32ia32
>> ipsecmb openssl
>> > decrypt ia32ia32
>> ipsecmb openssl
>> > aes-128-ctr encrypt openssl openssl
>> > decrypt openssl openssl
>> > aes-192-ctr encrypt openssl openssl
>> > decrypt openssl openssl
>> > aes-256-ctr encrypt openssl openssl
>> > decrypt openssl openssl
>> > aes-128-gcm aead-encryptia32ia32
>> ipsecmb openssl
>> > aead-decryptia32ia32
>> ipsecmb openssl
>> > aes-192-gcm aead-encryptia32ia32
>> ipsecmb openssl
>> > aead-decryptia32ia32
>> ipsecmb openssl
>> > aes-256-gcm aead-encryptia32ia32
>> ipsecmb openssl
>> > aead-decryptia32ia32
>> ipsecmb openssl
>> > hmac-md5hmacopenssl openssl
>> > hmac-sha-1  hmacipsecmb  

[vpp-dev] Did anything ever make vpp's native ipsec stack (ia32) work with dpdk/phy nic?

[Chuan Han via Lists.Fd.Io]

Hi, vpp experts,

I was told that vpp's native ipsec stack is stabler and more performant. We
can enable it by commenting out the vdev line in dpdk stanza.

However, when I did so, ipsec decryption failed.

Ex:
# commenting out this line makes decryption fail.
vdev crypto_aesni_mb0,socket_id=0

Did anyone ever make native ipsec stack, i.e., ia32 work with dpdk/phy nic?

The interesting thing is no matter whether I comment out the vdev line or
not, ia32 is shown as the active crypto handler for aes-gcm-256. Does this
mean ia32 is used by both cases?

vpp# sh crypto engines
NamePrioDescription
ia32100 Intel IA32 ISA Optimized Crypto
ipsecmb 80  Intel(R) Multi-Buffer Crypto for IPsec Library
0.52.0
openssl 50  OpenSSL
vpp# sh crypto handlers
AlgoTypeActive  Candidates
(nil)
des-cbc encrypt openssl openssl
decrypt openssl openssl
3des-cbcencrypt openssl openssl
decrypt openssl openssl
aes-128-cbc encrypt ia32ia32 ipsecmb
openssl
decrypt ia32ia32 ipsecmb
openssl
aes-192-cbc encrypt ia32ia32 ipsecmb
openssl
decrypt ia32ia32 ipsecmb
openssl
aes-256-cbc encrypt ia32ia32 ipsecmb
openssl
decrypt ia32ia32 ipsecmb
openssl
aes-128-ctr encrypt openssl openssl
decrypt openssl openssl
aes-192-ctr encrypt openssl openssl
decrypt openssl openssl
aes-256-ctr encrypt openssl openssl
decrypt openssl openssl
aes-128-gcm aead-encryptia32ia32 ipsecmb
openssl
aead-decryptia32ia32 ipsecmb
openssl
aes-192-gcm aead-encryptia32ia32 ipsecmb
openssl
aead-decryptia32ia32 ipsecmb
openssl
aes-256-gcm aead-encryptia32ia32 ipsecmb
openssl
aead-decryptia32ia32 ipsecmb
openssl
hmac-md5hmacopenssl openssl
hmac-sha-1  hmacipsecmb ipsecmb openssl
hmac-sha-224hmacipsecmb ipsecmb openssl
hmac-sha-256hmacipsecmb ipsecmb openssl
hmac-sha-384hmacipsecmb ipsecmb openssl
hmac-sha-512hmacipsecmb ipsecmb openssl
vpp#

I attached the two servers' startup conf files and topology diagram.

Any input/comments are welcome.

Thanks.
Chuan


vpp testbed - iperf3.pdf
Description: Adobe PDF document


srv-2 vpp startup.conf
Description: Binary data


srv-1 vpp switch startup.cfg
Description: Binary data


srv-1 vpp startup.conf
Description: Binary data


srv-2 vpp switch startup.cfg
Description: Binary data
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.

View/Reply Online (#14619): https://lists.fd.io/g/vpp-dev/message/14619
Mute This Topic: https://lists.fd.io/mt/60327762/21656
Group Owner: vpp-dev+ow...@lists.fd.io
Unsubscribe: https://lists.fd.io/g/vpp-dev/unsub  [arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

Re: [vpp-dev] Is there a limit when assigning corelist-workers in vpp?

[Chuan Han via Lists.Fd.Io]

Ah... I see. That explains everything!

Thanks for catching this.

It will be more helpful to let vpp print more meaningful logs or have
better documentation.

On Thu, Nov 14, 2019 at 7:17 AM Benoit Ganne (bganne) 
wrote:

> Hi Chuan,
>
> I took a deeper look at your conf and actually realized that the dpdk
> 'workers' stanza does not refer to core number but to worker id.
> So, when you say "cpu { corelist-workers 4,6,8,10,12,14,16,18,20,22 }" you
> define 10 workers with id from 0 to 9 and pin them to specific cores (4,6
> etc.).
> Then, with "dpdk { ... dev ... { workers 4,6,8,10,12 } ..." you refer to
> the *workers id*, numbered from 0 to 9, not to cores.
> So the correct dpdk stanzas should be "workers 0,1,2,3,4" and "workers
> 5,6,7,8,9" instead (note: you can also use "workers 0-4" and "workers 5-9").
> What is confusing is the dpdk will happily parse inexistent workers id,
> and then when assigning queues to workers, it will respect the conf for
> known ones (4,6,8) and do round-robin assignment for the unknown ones
> ignoring already set manual assignment.
>
> Best
> Ben
>
> > -Original Message-
> > From: Chuan Han 
> > Sent: lundi 11 novembre 2019 23:23
> > To: Benoit Ganne (bganne) 
> > Cc: Dave Barach (dbarach) ; vpp-dev  > d...@lists.fd.io>
> > Subject: Re: [vpp-dev] Is there a limit when assigning corelist-workers
> in
> > vpp?
> >
> > If I do not manually assign cores to nic, and let vpp assign cores, vpp
> > only assign one core per nic queue. If I also assign number of queues to
> > 10, all cores are used. Otherwise, only core 4 and 6 are assigned to each
> > nic, which has only one queue.
> >
> > Probably, there is some smart logic adaptively assigning cores to nics?
> > Anyway, a single core per nic is good enough to us for now.
> >
> > Without specifying number of rx queues per nic, only core 4 and 6 are
> > assigned.
> >
> > vpp# sh threads
> > ID NameTypeLWP Sched Policy (Priority)
> > lcore  Core   Socket State
> > 0  vpp_main16886   other (0)2
> > 0  0
> > 1  vpp_wk_0workers 16888   other (0)4
> > 1  0
> > 2  vpp_wk_1workers 16889   other (0)6
> > 4  0
> > 3  vpp_wk_2workers 16890   other (0)8
> > 2  0
> > 4  vpp_wk_3workers 16891   other (0)
> 10
> > 3  0
> > 5  vpp_wk_4workers 16892   other (0)
> 12
> > 8  0
> > 6  vpp_wk_5workers 16893   other (0)
> 14
> > 13 0
> > 7  vpp_wk_6workers 16894   other (0)
> 16
> > 9  0
> > 8  vpp_wk_7workers 16895   other (0)
> 18
> > 12 0
> > 9  vpp_wk_8workers 16896   other (0)
> 20
> > 10 0
> > 10 vpp_wk_9workers 16897   other (0)
> 22
> > 11 0
> > vpp# sh interface rx-placement
> > Thread 1 (vpp_wk_0):
> >   node dpdk-input:
> > eth1 queue 0 (polling)
> > Thread 2 (vpp_wk_1):
> >   node dpdk-input:
> > eth0 queue 0 (polling)
> > vpp#
> >
> >
> > cpu {
> >   main-core 2
> >   corelist-workers 4,6,8,10,12,14,16,18,20,22
> > }
> >
> > dpdk {
> >   socket-mem 2048,0
> >   log-level debug
> >   no-tx-checksum-offload
> >   dev default{
> > num-tx-desc 512
> > num-rx-desc 512
> >   }
> >   dev :1a:00.0 {
> > name eth0
> >   }
> >   dev :19:00.1 {
> > name eth1
> >   }
> >   # Use aesni mb lib.
> >   vdev crypto_aesni_mb0,socket_id=0
> >   no-multi-seg
> > }
> >
> >
> > When specifying number of queues per nic, all cores are used.
> >
> > vpp# sh int rx-placement
> > Thread 1 (vpp_wk_0):
> >   node dpdk-input:
> > eth1 queue 0 (polling)
> > eth0 queue 0 (polling)
> > Thread 2 (vpp_wk_1):
> >   node dpdk-input:
> > eth1 queue 1 (polling)
> > eth0 queue 1 (polling)
> > Thread 3 (vpp_wk_2):
> >   node dpdk-input:
> > eth1 queue 2 (polling)
> > eth0 queue 2 (polling)
> > Thread 4 (vpp_wk_3):
> >   node dpdk-input:
> > eth1 queue 3 (polling)
> > eth0 queue 3 (polling)
> > Thread 5 (vpp_wk_4):
> >   node dpdk-input:
> > eth1 queue 4 (polling)
> > eth0 queue 4 (polling)
> > Thread 6 (vpp_wk_5):
> >   node dpdk-input:
> > eth1 queue 5 (polling)
> > eth0 queue 5 (polling)
> > Thread 7 (vpp_wk_6):
> >   node dpdk-input:
> > eth1 queue 6 (polling)
> > eth0 queue 6 (polling)
> > Thread 8 (vpp_wk_7):
> >   node dpdk-input:
> > eth1 queue 7 (polling)
> > eth0 queue 7 (polling)
> > Thread 9 (vpp_wk_8):
> >   node dpdk-input:
> > eth1 queue 8 (polling)
> > eth0 queue 8 (polling)
> > Thread 10 (vpp_wk_9):
> >   node dpdk-input:
> > eth1 queue 9 (polling)
> > eth0 queue 9 (polling)
> > vpp#  sh threads
> > ID NameTypeLWP Sched Policy (Priority)
> > lcore  Core   Socket State
> > 0  vpp_main16905   other (0)2
> > 0   

Re: [vpp-dev] Is there a limit when assigning corelist-workers in vpp?

[Chuan Han via Lists.Fd.Io]

If I do not manually assign cores to nic, and let vpp assign cores, vpp
only assign one core per nic queue. If I also assign number of queues to
10, all cores are used. Otherwise, only core 4 and 6 are assigned to each
nic, which has only one queue.

Probably, there is some smart logic adaptively assigning cores to nics?
Anyway, a single core per nic is good enough to us for now.

Without specifying number of rx queues per nic, only core 4 and 6 are
assigned.

vpp# sh threads
ID NameTypeLWP Sched Policy (Priority)
 lcore  Core   Socket State
0  vpp_main16886   other (0)2
   0  0
1  vpp_wk_0workers 16888   other (0)4
   1  0
2  vpp_wk_1workers 16889   other (0)6
   4  0
3  vpp_wk_2workers 16890   other (0)8
   2  0
4  vpp_wk_3workers 16891   other (0)10
3  0
5  vpp_wk_4workers 16892   other (0)12
8  0
6  vpp_wk_5workers 16893   other (0)14
13 0
7  vpp_wk_6workers 16894   other (0)16
9  0
8  vpp_wk_7workers 16895   other (0)18
12 0
9  vpp_wk_8workers 16896   other (0)20
10 0
10 vpp_wk_9workers 16897   other (0)22
11 0
vpp# sh interface rx-placement
Thread 1 (vpp_wk_0):
  node dpdk-input:
eth1 queue 0 (polling)
Thread 2 (vpp_wk_1):
  node dpdk-input:
eth0 queue 0 (polling)
vpp#

cpu {
  main-core 2
  corelist-workers 4,6,8,10,12,14,16,18,20,22
}

dpdk {
  socket-mem 2048,0
  log-level debug
  no-tx-checksum-offload
  dev default{
num-tx-desc 512
num-rx-desc 512
  }
  dev :1a:00.0 {
name eth0
  }
  dev :19:00.1 {
name eth1
  }
  # Use aesni mb lib.
  vdev crypto_aesni_mb0,socket_id=0
  no-multi-seg
}

When specifying number of queues per nic, all cores are used.

vpp# sh int rx-placement
Thread 1 (vpp_wk_0):
  node dpdk-input:
eth1 queue 0 (polling)
eth0 queue 0 (polling)
Thread 2 (vpp_wk_1):
  node dpdk-input:
eth1 queue 1 (polling)
eth0 queue 1 (polling)
Thread 3 (vpp_wk_2):
  node dpdk-input:
eth1 queue 2 (polling)
eth0 queue 2 (polling)
Thread 4 (vpp_wk_3):
  node dpdk-input:
eth1 queue 3 (polling)
eth0 queue 3 (polling)
Thread 5 (vpp_wk_4):
  node dpdk-input:
eth1 queue 4 (polling)
eth0 queue 4 (polling)
Thread 6 (vpp_wk_5):
  node dpdk-input:
eth1 queue 5 (polling)
eth0 queue 5 (polling)
Thread 7 (vpp_wk_6):
  node dpdk-input:
eth1 queue 6 (polling)
eth0 queue 6 (polling)
Thread 8 (vpp_wk_7):
  node dpdk-input:
eth1 queue 7 (polling)
eth0 queue 7 (polling)
Thread 9 (vpp_wk_8):
  node dpdk-input:
eth1 queue 8 (polling)
eth0 queue 8 (polling)
Thread 10 (vpp_wk_9):
  node dpdk-input:
eth1 queue 9 (polling)
eth0 queue 9 (polling)
vpp#  sh threads
ID NameTypeLWP Sched Policy (Priority)
 lcore  Core   Socket State
0  vpp_main16905   other (0)2
   0  0
1  vpp_wk_0workers 16907   other (0)4
   1  0
2  vpp_wk_1workers 16908   other (0)6
   4  0
3  vpp_wk_2workers 16909   other (0)8
   2  0
4  vpp_wk_3workers 16910   other (0)10
3  0
5  vpp_wk_4workers 16911   other (0)12
8  0
6  vpp_wk_5workers 16912   other (0)14
13 0
7  vpp_wk_6workers 16913   other (0)16
9  0
8  vpp_wk_7workers 16914   other (0)18
12 0
9  vpp_wk_8workers 16915   other (0)20
10 0
10 vpp_wk_9workers 16916   other (0)22
11 0
vpp#

cpu {
  main-core 2
  corelist-workers 4,6,8,10,12,14,16,18,20,22
}

dpdk {
  socket-mem 2048,0
  log-level debug
  no-tx-checksum-offload
  dev default{
num-tx-desc 512
num-rx-desc 512
num-rx-queues 10
  }
  dev :1a:00.0 {
name eth0
  }
  dev :19:00.1 {
name eth1
  }
  # Use aesni mb lib.
  vdev crypto_aesni_mb0,socket_id=0
  no-multi-seg
}

On Fri, Nov 8, 2019 at 12:54 AM Benoit Ganne (bganne) via Lists.Fd.Io
 wrote:

> Hi Chuan,
>
> > The weird thing is that when I reduced the number of workers
> > everything worked fine. I did send 8.5Gbps udp/tcp traffic over the two
> > machines. I also saw encryption/decryption happening. How could this be
> > possible without crypto engine?
>
> Hmm that should not have happened :)
> Frankly I have no idea, but maybe there was other difference in

Re: [vpp-dev] Is there a limit when assigning corelist-workers in vpp?

[Chuan Han via Lists.Fd.Io]

gt; >   >
>> >   >
>> >   >   Not sure how to get all symbols. Can someone share
>> > some steps?
>> >   >
>> >   >   (gdb) list
>> >   >   46  in ../sysdeps/unix/sysv/linux/raise.c
>> >   >   (gdb) bt full
>> >   >   #0  __GI_raise (sig=sig@entry=6) at
>> >   > ../sysdeps/unix/sysv/linux/raise.c:51
>> >   >   set = {__val = {1024, 140192549297216,
>> >   > 140191458925760, 94479452800528, 140191458925744,
>> > 14738652586040953856,
>> >   > 12, 94479452800528, 0, 14738652586040953856, 12, 1,
>> 94479452800528,
>> > 1, 12,
>> >   > 140192554943764}}
>> >   >   pid = 
>> >   >   tid = 
>> >   >   ret = 
>> >   >   #1  0x7f811edf2801 in __GI_abort () at
>> > abort.c:79
>> >   >   save_stage = 1
>> >   >   act = {__sigaction_handler = {sa_handler =
>> > 0x0,
>> >   > sa_sigaction = 0x0}, sa_mask = {__val = {140192549484596,
>> > 140192549745376,
>> >   > 140192549484596, 140192554638615, 140192554894358,
>> 140192549484596,
>> >   > 140191451682880, 4294967295, 4, 1024, 140191451683548,
>> > 140191451691708,
>> >   > 14738652586040953856,
>> >   > 140191436101232, 8, 8}}, sa_flags =
>> > 853347328,
>> >   > sa_restorer = 0x7f80de1c1ef0}
>> >   >   sigs = {__val = {32, 0 > times>}}
>> >   >   __cnt = 
>> >   >   __set = 
>> >   >   __cnt = 
>> >   >   __set = 
>> >   >   #2  0x55edb4f0ad44 in os_exit ()
>> >   >   No symbol table info available.
>> >   >   #3  0x7f811f6f53d9 in ?? () from
>> > /usr/lib/x86_64-linux-
>> >   > gnu/libvlib.so.19.08.1
>> >   >   No symbol table info available.
>> >   >   #4  
>> >   >   No locals.
>> >   >   #5  0x7f811f6db793 in ?? () from
>> > /usr/lib/x86_64-linux-
>> >   > gnu/libvlib.so.19.08.1
>> >   >   No symbol table info available.
>> >   >   #6  0x7f811f6df4d9 in ?? () from
>> > /usr/lib/x86_64-linux-
>> >   > gnu/libvlib.so.19.08.1
>> >   >   No symbol table info available.
>> >   >   #7  0x7f811f6a4eee in
>> > vlib_call_init_exit_functions ()
>> >   > from /usr/lib/x86_64-linux-gnu/libvlib.so.19.08.1
>> >   >   No symbol table info available.
>> >   >   #8  0x7f811f6b5d17 in vlib_main () from
>> > /usr/lib/x86_64-
>> >   > linux-gnu/libvlib.so.19.08.1
>> >   >   No symbol table info available.
>> >   >   #9  0x7f811f6f4416 in ?? () from
>> > /usr/lib/x86_64-linux-
>> >   > gnu/libvlib.so.19.08.1
>> >   >   No symbol table info available.
>> >   >   #10 0x7f811f1cb834 in clib_calljmp () from
>> >   > /usr/lib/x86_64-linux-gnu/libvppinfra.so.19.08.1
>> >   >   No symbol table info available.
>> >   >   #11 0x7ffe3cb01770 in ?? ()
>> >   >   No symbol table info available.
>> >   >   #12 0x7f811f6f586f in vlib_unix_main () from
>> >   > /usr/lib/x86_64-linux-gnu/libvlib.so.19.08.1
>> >   >
>> >   >
>> >   >   On Mon, Nov 4, 2019 at 10:45 AM Chuan Han via
>> > Lists.Fd.Io <http://Lists.Fd.Io>
>> >   > <http://Lists.Fd.Io>  > > <mailto:google@lists.fd.io>
>> >   > <mailto:google@lists.fd.io <mailto:google@lists.fd.io>
>> > >
>> > wrote:
>> >   >
>> >   >
>> >   >   Here is the gdb vpp core output
>> >   &g

Re: [vpp-dev] Is there a limit when assigning corelist-workers in vpp?

[Chuan Han via Lists.Fd.Io]

t;   >
> >   >
> >   >   More details.
> >   >
> >   >   warning: core file may not match specified executable file.
> >   >   [New LWP 10851]
> >   >   [New LWP 10855]
> >   >   [New LWP 10853]
> >   >   [New LWP 10854]
> >   >   [New LWP 10856]
> >   >   [New LWP 10857]
> >   >   [New LWP 10858]
> >   >   [New LWP 10852]
> >   >   [New LWP 10859]
> >   >   [New LWP 10860]
> >   >   [New LWP 10861]
> >   >   [Thread debugging using libthread_db enabled]
> >   >   Using host libthread_db library "/lib/x86_64-linux-
> >   > gnu/libthread_db.so.1".
> >   >   Core was generated by `vpp -c vpp_startup/startup.conf'.
> >   >   Program terminated with signal SIGABRT, Aborted.
> >   >   #0  __GI_raise (sig=sig@entry=6) at
> >   > ../sysdeps/unix/sysv/linux/raise.c:51
> >   >   51  ../sysdeps/unix/sysv/linux/raise.c: No such file or
> >   > directory.
> >   >   [Current thread is 1 (Thread 0x7f8120c00780 (LWP 10851))]
> >   >   (gdb)
> >   >
> >   >
> >   >   On Mon, Nov 4, 2019 at 10:46 AM Chuan Han
> > mailto:chuan...@google.com>
> >   > <mailto:chuan...@google.com <mailto:chuan...@google.com> > >
> > wrote:
> >   >
> >   >
> >   >   Not sure how to get all symbols. Can someone share
> > some steps?
> >   >
> >   >   (gdb) list
> >   >   46  in ../sysdeps/unix/sysv/linux/raise.c
> >   >   (gdb) bt full
> >   >   #0  __GI_raise (sig=sig@entry=6) at
> >   > ../sysdeps/unix/sysv/linux/raise.c:51
> >   >   set = {__val = {1024, 140192549297216,
> >   > 140191458925760, 94479452800528, 140191458925744,
> > 14738652586040953856,
> >   > 12, 94479452800528, 0, 14738652586040953856, 12, 1,
> 94479452800528,
> > 1, 12,
> >   > 140192554943764}}
> >   >   pid = 
> >   >   tid = 
> >   >   ret = 
> >   >   #1  0x7f811edf2801 in __GI_abort () at
> > abort.c:79
> >   >   save_stage = 1
> >   >   act = {__sigaction_handler = {sa_handler =
> > 0x0,
> >   > sa_sigaction = 0x0}, sa_mask = {__val = {140192549484596,
> > 140192549745376,
> >   > 140192549484596, 140192554638615, 140192554894358,
> 140192549484596,
> >   > 140191451682880, 4294967295, 4, 1024, 140191451683548,
> > 140191451691708,
> >   > 14738652586040953856,
> >   > 140191436101232, 8, 8}}, sa_flags =
> > 853347328,
> >   > sa_restorer = 0x7f80de1c1ef0}
> >   >   sigs = {__val = {32, 0 }}
> >   >   __cnt = 
> >   >   __set = 
> >   >   __cnt = 
> >   >   __set = 
> >   >   #2  0x55edb4f0ad44 in os_exit ()
> >   >   No symbol table info available.
> >   >   #3  0x7f811f6f53d9 in ?? () from
> > /usr/lib/x86_64-linux-
> >   > gnu/libvlib.so.19.08.1
> >   >   No symbol table info available.
> >   >   #4  
> >   >   No locals.
> >   >   #5  0x7f811f6db793 in ?? () from
> > /usr/lib/x86_64-linux-
> >   > gnu/libvlib.so.19.08.1
> >   >   No symbol table info available.
> >   >   #6  0x7f811f6df4d9 in ?? () from
> > /usr/lib/x86_64-linux-
> >   > gnu/libvlib.so.19.08.1
> >   >   No symbol table info available.
> >   >   #7  0x7f811f6a4eee in
> > vlib_call_init_exit_functions ()
> >   > from /usr/lib/x86_64-linux-gnu/libvlib.so.19.08.1
> >   >   No symbol table info available.
> >   >   #8  0x7f811f6b5d17 in vlib_main () from
> > /usr/lib/x86_64-
> >   > linux-gnu/libvlib.so.19.08.1
> >   >   No symbol table info available.
> >   >   

Re: [vpp-dev] Is there a limit when assigning corelist-workers in vpp?

[Chuan Han via Lists.Fd.Io]

 locals.
> >   #5  0x7f811f6db793 in ?? () from /usr/lib/x86_64-linux-
> > gnu/libvlib.so.19.08.1
> >   No symbol table info available.
> >   #6  0x7f811f6df4d9 in ?? () from /usr/lib/x86_64-linux-
> > gnu/libvlib.so.19.08.1
> >   No symbol table info available.
> >   #7  0x7f811f6a4eee in vlib_call_init_exit_functions ()
> > from /usr/lib/x86_64-linux-gnu/libvlib.so.19.08.1
> >   No symbol table info available.
> >   #8  0x7f811f6b5d17 in vlib_main () from
> /usr/lib/x86_64-
> > linux-gnu/libvlib.so.19.08.1
> >   No symbol table info available.
> >       #9  0x7f811f6f4416 in ?? () from /usr/lib/x86_64-linux-
> > gnu/libvlib.so.19.08.1
> >   No symbol table info available.
> >   #10 0x7f811f1cb834 in clib_calljmp () from
> > /usr/lib/x86_64-linux-gnu/libvppinfra.so.19.08.1
> >   No symbol table info available.
> >   #11 0x7ffe3cb01770 in ?? ()
> >   No symbol table info available.
> >   #12 0x7f811f6f586f in vlib_unix_main () from
> > /usr/lib/x86_64-linux-gnu/libvlib.so.19.08.1
> >
> >
> >   On Mon, Nov 4, 2019 at 10:45 AM Chuan Han via Lists.Fd.Io
> > <http://Lists.Fd.Io>   > <mailto:google@lists.fd.io> > wrote:
> >
> >
> >   Here is the gdb vpp core output
> >
> >   (gdb) f
> >   #0  __GI_raise (sig=sig@entry=6) at
> > ../sysdeps/unix/sysv/linux/raise.c:51
> >   51  in ../sysdeps/unix/sysv/linux/raise.c
> >   (gdb) bt
> >   #0  __GI_raise (sig=sig@entry=6) at
> > ../sysdeps/unix/sysv/linux/raise.c:51
> >   #1  0x7f811edf2801 in __GI_abort () at
> abort.c:79
> >   #2  0x55edb4f0ad44 in os_exit ()
> >   #3  0x7f811f6f53d9 in ?? () from
> /usr/lib/x86_64-
> > linux-gnu/libvlib.so.19.08.1
> >   #4  
> >   #5  0x7f811f6db793 in ?? () from
> /usr/lib/x86_64-
> > linux-gnu/libvlib.so.19.08.1
> >   #6  0x7f811f6df4d9 in ?? () from
> /usr/lib/x86_64-
> > linux-gnu/libvlib.so.19.08.1
> >   #7  0x7f811f6a4eee in
> vlib_call_init_exit_functions
> > () from /usr/lib/x86_64-linux-gnu/libvlib.so.19.08.1
> >   #8  0x7f811f6b5d17 in vlib_main () from
> > /usr/lib/x86_64-linux-gnu/libvlib.so.19.08.1
> >   #9  0x7f811f6f4416 in ?? () from
> /usr/lib/x86_64-
> > linux-gnu/libvlib.so.19.08.1
> >   #10 0x7f811f1cb834 in clib_calljmp () from
> > /usr/lib/x86_64-linux-gnu/libvppinfra.so.19.08.1
> >   #11 0x7ffe3cb01770 in ?? ()
> >   #12 0x7f811f6f586f in vlib_unix_main () from
> > /usr/lib/x86_64-linux-gnu/libvlib.so.19.08.1
> >       #13 0x3de8f6310400 in ?? ()
> >   #14 0x8100458b49ffd49d in ?? ()
> >   #15 0x8b480100f868 in ?? ()
> >   #16 0x6d8141fb6085 in ?? ()
> >   #17 0x408b48010008 in ?? ()
> >   #18 0x4800c740 in ?? ()
> >
> >
> >   let me know more specific steps to pinpoint the
> issues.
> >
> >   On Mon, Nov 4, 2019 at 10:13 AM Damjan Marion
> > mailto:dmar...@me.com> > wrote:
> >
> >
> >   i remember doing corelist-workers  with >
> 50
> > cores…..
> >
> >   If you paste traceback we may have better
> clue
> > what is wrong…
> >
> >   —
> >       Damjan
> >
> >
> >
> >
> >   On 4 Nov 2019, at 18:51, Chuan Han
> via
> > Lists.Fd.Io <http://Lists.Fd.Io>   > <mailto:chuanhan=google@lists.fd.io> > wrote:
> >
> >   All even number cores are on numa
> 0, which
> > also hosts all nics.
> >
> >   It seems corelist-workers can only
> take
> > maximum 8 cores.
> >
> >   On Mon, Nov 4, 2019 at 9:45 AM
> Tkachuk,
> > Georgii mailto:georgii.tkac...@intel.co

Re: [vpp-dev] Is there a limit when assigning corelist-workers in vpp?

[Chuan Han via Lists.Fd.Io]

Hi, Damjan,

I downloaded the glibc source file. Now, I can see the symbols. See
attachment for all details. Hope they help fix the issue.

Thanks.
Chuan



On Mon, Nov 4, 2019 at 11:00 AM Chuan Han  wrote:

> More details.
>
> warning: core file may not match specified executable file.
> [New LWP 10851]
> [New LWP 10855]
> [New LWP 10853]
> [New LWP 10854]
> [New LWP 10856]
> [New LWP 10857]
> [New LWP 10858]
> [New LWP 10852]
> [New LWP 10859]
> [New LWP 10860]
> [New LWP 10861]
> [Thread debugging using libthread_db enabled]
> Using host libthread_db library "/lib/x86_64-linux-gnu/libthread_db.so.1".
> Core was generated by `vpp -c vpp_startup/startup.conf'.
> Program terminated with signal SIGABRT, Aborted.
> #0  __GI_raise (sig=sig@entry=6) at ../sysdeps/unix/sysv/linux/raise.c:51
> 51  ../sysdeps/unix/sysv/linux/raise.c: No such file or directory.
> [Current thread is 1 (Thread 0x7f8120c00780 (LWP 10851))]
> (gdb)
>
> On Mon, Nov 4, 2019 at 10:46 AM Chuan Han  wrote:
>
>> Not sure how to get all symbols. Can someone share some steps?
>>
>> (gdb) list
>>
>>
>>
>> 46  in ../sysdeps/unix/sysv/linux/raise.c
>>
>>
>>
>> (gdb) bt full
>>
>>
>>
>> #0  __GI_raise (sig=sig@entry=6) at
>> ../sysdeps/unix/sysv/linux/raise.c:51
>>
>>
>>
>> set = {__val = {1024, 140192549297216, 140191458925760,
>> 94479452800528, 140191458925744, 14738652586040953856, 12, 94479452800528,
>> 0, 14738652586040953856, 12, 1, 94479452800528, 1, 12, 140192554943764}}
>> pid = 
>> tid = 
>> ret = 
>> #1  0x7f811edf2801 in __GI_abort () at abort.c:79
>> save_stage = 1
>> act = {__sigaction_handler = {sa_handler = 0x0, sa_sigaction =
>> 0x0}, sa_mask = {__val = {140192549484596, 140192549745376,
>> 140192549484596, 140192554638615, 140192554894358, 140192549484596,
>> 140191451682880, 4294967295, 4, 1024, 140191451683548, 140191451691708,
>> 14738652586040953856,
>>   140191436101232, 8, 8}}, sa_flags = 853347328, sa_restorer
>> = 0x7f80de1c1ef0}
>> sigs = {__val = {32, 0 }}
>> __cnt = 
>> __set = 
>> __cnt = 
>> __set = 
>> #2  0x55edb4f0ad44 in os_exit ()
>> No symbol table info available.
>> #3  0x7f811f6f53d9 in ?? () from
>> /usr/lib/x86_64-linux-gnu/libvlib.so.19.08.1
>> No symbol table info available.
>> #4  
>> No locals.
>> #5  0x7f811f6db793 in ?? () from
>> /usr/lib/x86_64-linux-gnu/libvlib.so.19.08.1
>> No symbol table info available.
>> #6  0x7f811f6df4d9 in ?? () from
>> /usr/lib/x86_64-linux-gnu/libvlib.so.19.08.1
>> No symbol table info available.
>> #7  0x7f811f6a4eee in vlib_call_init_exit_functions () from
>> /usr/lib/x86_64-linux-gnu/libvlib.so.19.08.1
>> No symbol table info available.
>> #8  0x7f811f6b5d17 in vlib_main () from
>> /usr/lib/x86_64-linux-gnu/libvlib.so.19.08.1
>> No symbol table info available.
>> #9  0x7f811f6f4416 in ?? () from
>> /usr/lib/x86_64-linux-gnu/libvlib.so.19.08.1
>> No symbol table info available.
>> #10 0x7f811f1cb834 in clib_calljmp () from
>> /usr/lib/x86_64-linux-gnu/libvppinfra.so.19.08.1
>> No symbol table info available.
>> #11 0x7ffe3cb01770 in ?? ()
>> No symbol table info available.
>> #12 0x7f811f6f586f in vlib_unix_main () from
>> /usr/lib/x86_64-linux-gnu/libvlib.so.19.08.1
>>
>> On Mon, Nov 4, 2019 at 10:45 AM Chuan Han via Lists.Fd.Io > google@lists.fd.io> wrote:
>>
>>> Here is the gdb vpp core output
>>>
>>> (gdb) f
>>>
>>>
>>>
>>> #0  __GI_raise (sig=sig@entry=6) at
>>> ../sysdeps/unix/sysv/linux/raise.c:51
>>>
>>>
>>>
>>> 51  in ../sysdeps/unix/sysv/linux/raise.c
>>>
>>>
>>>
>>> (gdb) bt
>>>
>>>
>>>
>>> #0  __GI_raise (sig=sig@entry=6) at
>>> ../sysdeps/unix/sysv/linux/raise.c:51
>>>
>>>
>>>
>>> #1  0x7f811edf2801 in __GI_abort () at abort.c:79
>>> #2  0x55edb4f0ad44 in os_exit ()
>>> #3  0x7f811f6f53d9 in ?? () from
>>> /usr/lib/x86_64-linux-gnu/libvlib.so.19.08.1
>>> #4  
>>> #5  0x7f811f6db793 in ?? () from
>>> /usr/lib/x86_64-linux-gnu/libvlib.so.19.08.1
>>> #6  0x7f811f6df4d9 in ?? () from
>>> /usr/lib/x86_64-linux-gnu/libvlib.so.19.08.1
>>> #7  0x7f811f6a4eee in vlib_ca

Re: [vpp-dev] Is there a limit when assigning corelist-workers in vpp?

[Chuan Han via Lists.Fd.Io]

More details.

warning: core file may not match specified executable file.
[New LWP 10851]
[New LWP 10855]
[New LWP 10853]
[New LWP 10854]
[New LWP 10856]
[New LWP 10857]
[New LWP 10858]
[New LWP 10852]
[New LWP 10859]
[New LWP 10860]
[New LWP 10861]
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/lib/x86_64-linux-gnu/libthread_db.so.1".
Core was generated by `vpp -c vpp_startup/startup.conf'.
Program terminated with signal SIGABRT, Aborted.
#0  __GI_raise (sig=sig@entry=6) at ../sysdeps/unix/sysv/linux/raise.c:51
51  ../sysdeps/unix/sysv/linux/raise.c: No such file or directory.
[Current thread is 1 (Thread 0x7f8120c00780 (LWP 10851))]
(gdb)

On Mon, Nov 4, 2019 at 10:46 AM Chuan Han  wrote:

> Not sure how to get all symbols. Can someone share some steps?
>
> (gdb) list
>
>
>
> 46  in ../sysdeps/unix/sysv/linux/raise.c
>
>
>
> (gdb) bt full
>
>
>
> #0  __GI_raise (sig=sig@entry=6) at ../sysdeps/unix/sysv/linux/raise.c:51
>
>
>
> set = {__val = {1024, 140192549297216, 140191458925760,
> 94479452800528, 140191458925744, 14738652586040953856, 12, 94479452800528,
> 0, 14738652586040953856, 12, 1, 94479452800528, 1, 12, 140192554943764}}
> pid = 
> tid = 
> ret = 
> #1  0x7f811edf2801 in __GI_abort () at abort.c:79
> save_stage = 1
> act = {__sigaction_handler = {sa_handler = 0x0, sa_sigaction =
> 0x0}, sa_mask = {__val = {140192549484596, 140192549745376,
> 140192549484596, 140192554638615, 140192554894358, 140192549484596,
> 140191451682880, 4294967295, 4, 1024, 140191451683548, 140191451691708,
> 14738652586040953856,
>   140191436101232, 8, 8}}, sa_flags = 853347328, sa_restorer =
> 0x7f80de1c1ef0}
> sigs = {__val = {32, 0 }}
> __cnt = 
> __set = 
> __cnt = 
> __set = 
> #2  0x55edb4f0ad44 in os_exit ()
> No symbol table info available.
> #3  0x7f811f6f53d9 in ?? () from
> /usr/lib/x86_64-linux-gnu/libvlib.so.19.08.1
> No symbol table info available.
> #4  
> No locals.
> #5  0x7f811f6db793 in ?? () from
> /usr/lib/x86_64-linux-gnu/libvlib.so.19.08.1
> No symbol table info available.
> #6  0x7f811f6df4d9 in ?? () from
> /usr/lib/x86_64-linux-gnu/libvlib.so.19.08.1
> No symbol table info available.
> #7  0x7f811f6a4eee in vlib_call_init_exit_functions () from
> /usr/lib/x86_64-linux-gnu/libvlib.so.19.08.1
> No symbol table info available.
> #8  0x7f811f6b5d17 in vlib_main () from
> /usr/lib/x86_64-linux-gnu/libvlib.so.19.08.1
> No symbol table info available.
> #9  0x7f811f6f4416 in ?? () from
> /usr/lib/x86_64-linux-gnu/libvlib.so.19.08.1
> No symbol table info available.
> #10 0x7f811f1cb834 in clib_calljmp () from
> /usr/lib/x86_64-linux-gnu/libvppinfra.so.19.08.1
> No symbol table info available.
> #11 0x00007ffe3cb01770 in ?? ()
> No symbol table info available.
> #12 0x7f811f6f586f in vlib_unix_main () from
> /usr/lib/x86_64-linux-gnu/libvlib.so.19.08.1
>
> On Mon, Nov 4, 2019 at 10:45 AM Chuan Han via Lists.Fd.Io  google@lists.fd.io> wrote:
>
>> Here is the gdb vpp core output
>>
>> (gdb) f
>>
>>
>>
>> #0  __GI_raise (sig=sig@entry=6) at
>> ../sysdeps/unix/sysv/linux/raise.c:51
>>
>>
>>
>> 51  in ../sysdeps/unix/sysv/linux/raise.c
>>
>>
>>
>> (gdb) bt
>>
>>
>>
>> #0  __GI_raise (sig=sig@entry=6) at
>> ../sysdeps/unix/sysv/linux/raise.c:51
>>
>>
>>
>> #1  0x7f811edf2801 in __GI_abort () at abort.c:79
>> #2  0x55edb4f0ad44 in os_exit ()
>> #3  0x7f811f6f53d9 in ?? () from
>> /usr/lib/x86_64-linux-gnu/libvlib.so.19.08.1
>> #4  
>> #5  0x7f811f6db793 in ?? () from
>> /usr/lib/x86_64-linux-gnu/libvlib.so.19.08.1
>> #6  0x7f811f6df4d9 in ?? () from
>> /usr/lib/x86_64-linux-gnu/libvlib.so.19.08.1
>> #7  0x7f811f6a4eee in vlib_call_init_exit_functions () from
>> /usr/lib/x86_64-linux-gnu/libvlib.so.19.08.1
>> #8  0x7f811f6b5d17 in vlib_main () from
>> /usr/lib/x86_64-linux-gnu/libvlib.so.19.08.1
>> #9  0x7f811f6f4416 in ?? () from
>> /usr/lib/x86_64-linux-gnu/libvlib.so.19.08.1
>> #10 0x7f811f1cb834 in clib_calljmp () from
>> /usr/lib/x86_64-linux-gnu/libvppinfra.so.19.08.1
>> #11 0x7ffe3cb01770 in ?? ()
>> #12 0x7f811f6f586f in vlib_unix_main () from
>> /usr/lib/x86_64-linux-gnu/libvlib.so.19.08.1
>> #13 0x3de8f6310400 in ?? ()
>> #14 0x8100458b49ffd49d in ?? ()
>> #15 0x8b480100f868 in ?? ()
>> #16 0x6d8141fb6085 in ?? ()
>> #17 0x408b480100

Re: [vpp-dev] Is there a limit when assigning corelist-workers in vpp?

[Chuan Han via Lists.Fd.Io]

Not sure how to get all symbols. Can someone share some steps?

(gdb) list



46  in ../sysdeps/unix/sysv/linux/raise.c



(gdb) bt full



#0  __GI_raise (sig=sig@entry=6) at ../sysdeps/unix/sysv/linux/raise.c:51



set = {__val = {1024, 140192549297216, 140191458925760,
94479452800528, 140191458925744, 14738652586040953856, 12, 94479452800528,
0, 14738652586040953856, 12, 1, 94479452800528, 1, 12, 140192554943764}}
pid = 
tid = 
ret = 
#1  0x7f811edf2801 in __GI_abort () at abort.c:79
save_stage = 1
act = {__sigaction_handler = {sa_handler = 0x0, sa_sigaction =
0x0}, sa_mask = {__val = {140192549484596, 140192549745376,
140192549484596, 140192554638615, 140192554894358, 140192549484596,
140191451682880, 4294967295, 4, 1024, 140191451683548, 140191451691708,
14738652586040953856,
  140191436101232, 8, 8}}, sa_flags = 853347328, sa_restorer =
0x7f80de1c1ef0}
sigs = {__val = {32, 0 }}
__cnt = 
__set = 
__cnt = 
__set = 
#2  0x55edb4f0ad44 in os_exit ()
No symbol table info available.
#3  0x7f811f6f53d9 in ?? () from
/usr/lib/x86_64-linux-gnu/libvlib.so.19.08.1
No symbol table info available.
#4  
No locals.
#5  0x7f811f6db793 in ?? () from
/usr/lib/x86_64-linux-gnu/libvlib.so.19.08.1
No symbol table info available.
#6  0x7f811f6df4d9 in ?? () from
/usr/lib/x86_64-linux-gnu/libvlib.so.19.08.1
No symbol table info available.
#7  0x7f811f6a4eee in vlib_call_init_exit_functions () from
/usr/lib/x86_64-linux-gnu/libvlib.so.19.08.1
No symbol table info available.
#8  0x7f811f6b5d17 in vlib_main () from
/usr/lib/x86_64-linux-gnu/libvlib.so.19.08.1
No symbol table info available.
#9  0x7f811f6f4416 in ?? () from
/usr/lib/x86_64-linux-gnu/libvlib.so.19.08.1
No symbol table info available.
#10 0x7f811f1cb834 in clib_calljmp () from
/usr/lib/x86_64-linux-gnu/libvppinfra.so.19.08.1
No symbol table info available.
#11 0x7ffe3cb01770 in ?? ()
No symbol table info available.
#12 0x7f811f6f586f in vlib_unix_main () from
/usr/lib/x86_64-linux-gnu/libvlib.so.19.08.1

On Mon, Nov 4, 2019 at 10:45 AM Chuan Han via Lists.Fd.Io  wrote:

> Here is the gdb vpp core output
>
> (gdb) f
>
>
>
> #0  __GI_raise (sig=sig@entry=6) at ../sysdeps/unix/sysv/linux/raise.c:51
>
>
>
> 51  in ../sysdeps/unix/sysv/linux/raise.c
>
>
>
> (gdb) bt
>
>
>
> #0  __GI_raise (sig=sig@entry=6) at ../sysdeps/unix/sysv/linux/raise.c:51
>
>
>
> #1  0x7f811edf2801 in __GI_abort () at abort.c:79
> #2  0x55edb4f0ad44 in os_exit ()
> #3  0x7f811f6f53d9 in ?? () from
> /usr/lib/x86_64-linux-gnu/libvlib.so.19.08.1
> #4  
> #5  0x7f811f6db793 in ?? () from
> /usr/lib/x86_64-linux-gnu/libvlib.so.19.08.1
> #6  0x7f811f6df4d9 in ?? () from
> /usr/lib/x86_64-linux-gnu/libvlib.so.19.08.1
> #7  0x7f811f6a4eee in vlib_call_init_exit_functions () from
> /usr/lib/x86_64-linux-gnu/libvlib.so.19.08.1
> #8  0x7f811f6b5d17 in vlib_main () from
> /usr/lib/x86_64-linux-gnu/libvlib.so.19.08.1
> #9  0x7f811f6f4416 in ?? () from
> /usr/lib/x86_64-linux-gnu/libvlib.so.19.08.1
> #10 0x7f811f1cb834 in clib_calljmp () from
> /usr/lib/x86_64-linux-gnu/libvppinfra.so.19.08.1
> #11 0x7ffe3cb01770 in ?? ()
> #12 0x7f811f6f586f in vlib_unix_main () from
> /usr/lib/x86_64-linux-gnu/libvlib.so.19.08.1
> #13 0x3de8f6310400 in ?? ()
> #14 0x8100458b49ffd49d in ?? ()
> #15 0x8b480100f868 in ?? ()
> #16 0x6d8141fb6085 in ?? ()
> #17 0x408b48010008 in ?? ()
> #18 0x4800c740 in ?? ()
>
> let me know more specific steps to pinpoint the issues.
>
> On Mon, Nov 4, 2019 at 10:13 AM Damjan Marion  wrote:
>
>> i remember doing corelist-workers  with > 50 cores…..
>>
>> If you paste traceback we may have better clue what is wrong…
>>
>> —
>> Damjan
>>
>>
>>
>> On 4 Nov 2019, at 18:51, Chuan Han via Lists.Fd.Io <
>> chuanhan=google@lists.fd.io> wrote:
>>
>> All even number cores are on numa 0, which also hosts all nics.
>>
>> It seems corelist-workers can only take maximum 8 cores.
>>
>> On Mon, Nov 4, 2019 at 9:45 AM Tkachuk, Georgii <
>> georgii.tkac...@intel.com> wrote:
>>
>>> Hi Chuan,  are cores 20 and 22 on socket0 or socket1? If they are on
>>> socket1, the application is crashing because the aesni_mb driver is
>>> pointing to socket0: vdev crypto_aesni_mb0,socket_id=0.
>>>
>>>
>>>
>>> George
>>>
>>>
>>>
>>> *From:* vpp-dev@lists.fd.io  *On Behalf Of *Chuan
>>> Han via Lists.Fd.Io <http://lists.fd.io/>
>>> *Sent:* Monday, November 04, 2019 10:27 AM
>>> *To:* vpp-dev

Re: [vpp-dev] Is there a limit when assigning corelist-workers in vpp?

[Chuan Han via Lists.Fd.Io]

Here is the gdb vpp core output

(gdb) f



#0  __GI_raise (sig=sig@entry=6) at ../sysdeps/unix/sysv/linux/raise.c:51



51  in ../sysdeps/unix/sysv/linux/raise.c



(gdb) bt



#0  __GI_raise (sig=sig@entry=6) at ../sysdeps/unix/sysv/linux/raise.c:51



#1  0x7f811edf2801 in __GI_abort () at abort.c:79
#2  0x55edb4f0ad44 in os_exit ()
#3  0x7f811f6f53d9 in ?? () from
/usr/lib/x86_64-linux-gnu/libvlib.so.19.08.1
#4  
#5  0x7f811f6db793 in ?? () from
/usr/lib/x86_64-linux-gnu/libvlib.so.19.08.1
#6  0x7f811f6df4d9 in ?? () from
/usr/lib/x86_64-linux-gnu/libvlib.so.19.08.1
#7  0x7f811f6a4eee in vlib_call_init_exit_functions () from
/usr/lib/x86_64-linux-gnu/libvlib.so.19.08.1
#8  0x7f811f6b5d17 in vlib_main () from
/usr/lib/x86_64-linux-gnu/libvlib.so.19.08.1
#9  0x7f811f6f4416 in ?? () from
/usr/lib/x86_64-linux-gnu/libvlib.so.19.08.1
#10 0x7f811f1cb834 in clib_calljmp () from
/usr/lib/x86_64-linux-gnu/libvppinfra.so.19.08.1
#11 0x7ffe3cb01770 in ?? ()
#12 0x7f811f6f586f in vlib_unix_main () from
/usr/lib/x86_64-linux-gnu/libvlib.so.19.08.1
#13 0x3de8f6310400 in ?? ()
#14 0x8100458b49ffd49d in ?? ()
#15 0x8b480100f868 in ?? ()
#16 0x6d8141fb6085 in ?? ()
#17 0x408b48010008 in ?? ()
#18 0x4800c740 in ?? ()

let me know more specific steps to pinpoint the issues.

On Mon, Nov 4, 2019 at 10:13 AM Damjan Marion  wrote:

> i remember doing corelist-workers  with > 50 cores…..
>
> If you paste traceback we may have better clue what is wrong…
>
> —
> Damjan
>
>
>
> On 4 Nov 2019, at 18:51, Chuan Han via Lists.Fd.Io <
> chuanhan=google@lists.fd.io> wrote:
>
> All even number cores are on numa 0, which also hosts all nics.
>
> It seems corelist-workers can only take maximum 8 cores.
>
> On Mon, Nov 4, 2019 at 9:45 AM Tkachuk, Georgii 
> wrote:
>
>> Hi Chuan,  are cores 20 and 22 on socket0 or socket1? If they are on
>> socket1, the application is crashing because the aesni_mb driver is
>> pointing to socket0: vdev crypto_aesni_mb0,socket_id=0.
>>
>>
>>
>> George
>>
>>
>>
>> *From:* vpp-dev@lists.fd.io  *On Behalf Of *Chuan
>> Han via Lists.Fd.Io <http://lists.fd.io/>
>> *Sent:* Monday, November 04, 2019 10:27 AM
>> *To:* vpp-dev 
>> *Cc:* vpp-dev@lists.fd.io
>> *Subject:* [vpp-dev] Is there a limit when assigning corelist-workers in
>> vpp?
>>
>>
>>
>> Hi, vpp experts,
>>
>>
>>
>> I am trying to allocate more cores to a phy nic. I want to allocate cores
>> 4,6,8,10 to eth0, and cores 12,14,16,18 to eth1.
>>
>>
>>
>> cpu {
>>   main-core 2
>> *  # corelist-workers 4,6,8,10,12,14,16,18,20,22   <== This does not
>> work. vpp crashes when starting. *
>>   corelist-workers 4,6,8,10,12,14,16,18
>> }
>>
>> dpdk {
>>   socket-mem 2048,0
>>   log-level debug
>>   no-tx-checksum-offload
>>   dev default{
>> num-tx-desc 512
>> num-rx-desc 512
>>   }
>>   dev :1a:00.0 {
>> # workers 4,6,8,10,12
>> workers 4,6,8,10
>> name eth0
>>   }
>>   dev :19:00.1 {
>> # workers 14,16,18,20,22
>> workers 12,14,16,18
>> name eth1
>>   }
>>   # Use aesni mb lib.
>>   vdev crypto_aesni_mb0,socket_id=0
>>   # Use qat VF pcie addresses.
>> #  dev :3d:01.0
>>   no-multi-seg
>> }
>>
>>
>>
>> Afte vpp starts, I can see eth1 got 4 cores but eth0 only got 3 cores.
>>
>>
>>
>> vpp# sh thread
>> ID NameTypeLWP Sched Policy (Priority)
>>  lcore  Core   Socket State
>> 0  vpp_main10653   other (0)2
>>  0  0
>> 1  vpp_wk_0workers 10655   other (0)4
>>  1  0
>> 2  vpp_wk_1workers 10656   other (0)6
>>  4  0
>> 3  vpp_wk_2workers 10657   other (0)8
>>  2  0
>> 4  vpp_wk_3workers 10658   other (0)
>>  10 3  0
>> 5  vpp_wk_4workers 10659   other (0)
>>  12 8  0
>> 6  vpp_wk_5workers 10660   other (0)
>>  14 13 0
>> 7  vpp_wk_6workers 10661   other (0)
>>  16 9  0
>> *8  vpp_wk_7workers 10662   other (0)
>>  18 12 0   <=== core 18 is not used by eth0.*
>> vpp# sh interface rx-placement
>> Thread 1 (vpp_wk_0):
>>   node dpdk-input:
>> eth1 queue 0 (polling)
>> Thr

Re: [vpp-dev] Is there a limit when assigning corelist-workers in vpp?

[Chuan Han via Lists.Fd.Io]

I was able to manually fix the nic queue assignment by issuing this command.

set interface rx-placement eth0 queue 2 worker 7

vpp# sh interface rx-placement
Thread 1 (vpp_wk_0):
  node dpdk-input:
eth1 queue 0 (polling)
Thread 2 (vpp_wk_1):
  node dpdk-input:
eth1 queue 1 (polling)
Thread 3 (vpp_wk_2):
  node dpdk-input:
eth1 queue 2 (polling)
Thread 4 (vpp_wk_3):
  node dpdk-input:
eth1 queue 3 (polling)



*Thread 5 (vpp_wk_4):   <=== not sure why this thread got two queues.
node dpdk-input:eth0 queue 0 (polling)eth0 queue 2 (polling)*
Thread 6 (vpp_wk_5):
  node dpdk-input:
eth0 queue 3 (polling)
Thread 7 (vpp_wk_6):
  node dpdk-input:
eth0 queue 1 (polling)
vpp# set interface p
promiscuous  proxy-arp
vpp# set interface rx
rx-mode   rx-placement
vpp# set interface rx-placement eth0 queue 2 thread 8
set interface rx-placement: parse error: 'thread 8'
vpp# set interface rx-placement eth0 queue 2 thread 7
set interface rx-placement: parse error: 'thread 7'
vpp# set interface rx-placement eth0 queue 2 ?
set interface rx-placement: parse error: '?'
vpp# set interface rx-placement ?
  set interface rx-placement   set interface rx-placement
 [queue ] [worker  | main]
vpp# set interface rx-placement eth0 queue 2 worker 7
vpp# sh interface rx-placement
Thread 1 (vpp_wk_0):
  node dpdk-input:
eth1 queue 0 (polling)
Thread 2 (vpp_wk_1):
  node dpdk-input:
eth1 queue 1 (polling)
Thread 3 (vpp_wk_2):
  node dpdk-input:
eth1 queue 2 (polling)
Thread 4 (vpp_wk_3):
  node dpdk-input:
eth1 queue 3 (polling)
Thread 5 (vpp_wk_4):
  node dpdk-input:
eth0 queue 0 (polling)
Thread 6 (vpp_wk_5):
  node dpdk-input:
eth0 queue 3 (polling)
Thread 7 (vpp_wk_6):
  node dpdk-input:
eth0 queue 1 (polling)
Thread 8 (vpp_wk_7):
  node dpdk-input:
eth0 queue 2 (polling)

On Mon, Nov 4, 2019 at 10:13 AM Damjan Marion  wrote:

> i remember doing corelist-workers  with > 50 cores…..
>
> If you paste traceback we may have better clue what is wrong…
>
> —
> Damjan
>
>
>
> On 4 Nov 2019, at 18:51, Chuan Han via Lists.Fd.Io <
> chuanhan=google@lists.fd.io> wrote:
>
> All even number cores are on numa 0, which also hosts all nics.
>
> It seems corelist-workers can only take maximum 8 cores.
>
> On Mon, Nov 4, 2019 at 9:45 AM Tkachuk, Georgii 
> wrote:
>
>> Hi Chuan,  are cores 20 and 22 on socket0 or socket1? If they are on
>> socket1, the application is crashing because the aesni_mb driver is
>> pointing to socket0: vdev crypto_aesni_mb0,socket_id=0.
>>
>>
>>
>> George
>>
>>
>>
>> *From:* vpp-dev@lists.fd.io  *On Behalf Of *Chuan
>> Han via Lists.Fd.Io <http://lists.fd.io/>
>> *Sent:* Monday, November 04, 2019 10:27 AM
>> *To:* vpp-dev 
>> *Cc:* vpp-dev@lists.fd.io
>> *Subject:* [vpp-dev] Is there a limit when assigning corelist-workers in
>> vpp?
>>
>>
>>
>> Hi, vpp experts,
>>
>>
>>
>> I am trying to allocate more cores to a phy nic. I want to allocate cores
>> 4,6,8,10 to eth0, and cores 12,14,16,18 to eth1.
>>
>>
>>
>> cpu {
>>   main-core 2
>> *  # corelist-workers 4,6,8,10,12,14,16,18,20,22   <== This does not
>> work. vpp crashes when starting. *
>>   corelist-workers 4,6,8,10,12,14,16,18
>> }
>>
>> dpdk {
>>   socket-mem 2048,0
>>   log-level debug
>>   no-tx-checksum-offload
>>   dev default{
>> num-tx-desc 512
>> num-rx-desc 512
>>   }
>>   dev :1a:00.0 {
>> # workers 4,6,8,10,12
>> workers 4,6,8,10
>> name eth0
>>   }
>>   dev :19:00.1 {
>> # workers 14,16,18,20,22
>> workers 12,14,16,18
>> name eth1
>>   }
>>   # Use aesni mb lib.
>>   vdev crypto_aesni_mb0,socket_id=0
>>   # Use qat VF pcie addresses.
>> #  dev :3d:01.0
>>   no-multi-seg
>> }
>>
>>
>>
>> Afte vpp starts, I can see eth1 got 4 cores but eth0 only got 3 cores.
>>
>>
>>
>> vpp# sh thread
>> ID NameTypeLWP Sched Policy (Priority)
>>  lcore  Core   Socket State
>> 0  vpp_main10653   other (0)2
>>  0  0
>> 1  vpp_wk_0workers 10655   other (0)4
>>  1  0
>> 2  vpp_wk_1workers 10656   other (0)6
>>  4  0
>> 3  vpp_wk_2workers 10657   other (0)8
>>  2  0
>> 4  vpp_wk_3workers 10658   other (0)
>>  10 3  0
>> 5  vpp

Re: [vpp-dev] Is there a limit when assigning corelist-workers in vpp?

[Chuan Han via Lists.Fd.Io]

All even number cores are on numa 0, which also hosts all nics.

It seems corelist-workers can only take maximum 8 cores.

On Mon, Nov 4, 2019 at 9:45 AM Tkachuk, Georgii 
wrote:

> Hi Chuan,  are cores 20 and 22 on socket0 or socket1? If they are on
> socket1, the application is crashing because the aesni_mb driver is
> pointing to socket0: vdev crypto_aesni_mb0,socket_id=0.
>
>
>
> George
>
>
>
> *From:* vpp-dev@lists.fd.io  *On Behalf Of *Chuan
> Han via Lists.Fd.Io
> *Sent:* Monday, November 04, 2019 10:27 AM
> *To:* vpp-dev 
> *Cc:* vpp-dev@lists.fd.io
> *Subject:* [vpp-dev] Is there a limit when assigning corelist-workers in
> vpp?
>
>
>
> Hi, vpp experts,
>
>
>
> I am trying to allocate more cores to a phy nic. I want to allocate cores
> 4,6,8,10 to eth0, and cores 12,14,16,18 to eth1.
>
>
>
> cpu {
>   main-core 2
> *  # corelist-workers 4,6,8,10,12,14,16,18,20,22   <== This does not work.
> vpp crashes when starting. *
>   corelist-workers 4,6,8,10,12,14,16,18
> }
>
> dpdk {
>   socket-mem 2048,0
>   log-level debug
>   no-tx-checksum-offload
>   dev default{
> num-tx-desc 512
> num-rx-desc 512
>   }
>   dev :1a:00.0 {
> # workers 4,6,8,10,12
> workers 4,6,8,10
> name eth0
>   }
>   dev :19:00.1 {
> # workers 14,16,18,20,22
> workers 12,14,16,18
> name eth1
>   }
>   # Use aesni mb lib.
>   vdev crypto_aesni_mb0,socket_id=0
>   # Use qat VF pcie addresses.
> #  dev :3d:01.0
>   no-multi-seg
> }
>
>
>
> Afte vpp starts, I can see eth1 got 4 cores but eth0 only got 3 cores.
>
>
>
> vpp# sh thread
> ID NameTypeLWP Sched Policy (Priority)
>  lcore  Core   Socket State
> 0  vpp_main10653   other (0)2
>  0  0
> 1  vpp_wk_0workers 10655   other (0)4
>  1  0
> 2  vpp_wk_1workers 10656   other (0)6
>  4  0
> 3  vpp_wk_2workers 10657   other (0)8
>  2  0
> 4  vpp_wk_3workers 10658   other (0)10
> 3  0
> 5  vpp_wk_4workers 10659   other (0)12
> 8  0
> 6  vpp_wk_5workers 10660   other (0)14
> 13 0
> 7  vpp_wk_6workers 10661   other (0)16
> 9  0
> *8  vpp_wk_7workers 10662   other (0)
>  18 12 0   <=== core 18 is not used by eth0.*
> vpp# sh interface rx-placement
> Thread 1 (vpp_wk_0):
>   node dpdk-input:
> eth1 queue 0 (polling)
> Thread 2 (vpp_wk_1):
>   node dpdk-input:
> eth1 queue 1 (polling)
> Thread 3 (vpp_wk_2):
>   node dpdk-input:
> eth1 queue 2 (polling)
> Thread 4 (vpp_wk_3):
>   node dpdk-input:
> eth1 queue 3 (polling)
>
>
>
> *Thread 5 (vpp_wk_4):   node dpdk-input: eth0 queue 0 (polling)
> eth0 queue 2 (polling)*
> Thread 6 (vpp_wk_5):
>   node dpdk-input:
> eth0 queue 3 (polling)
> Thread 7 (vpp_wk_6):
>   node dpdk-input:
> eth0 queue 1 (polling)
> vpp#
>
>
>
> It seems there is a limitation on assigning cores to nic.
>
> 1. I cannot allocate cores after 20 to corelist-workers.
>
> 2. Cores after 18 cannot be allocated to nic.
>
>
>
> Is this some bug? Or, some undocumented limitation?
>
>
>
> Thanks.
>
> Chuan
>
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.

View/Reply Online (#14491): https://lists.fd.io/g/vpp-dev/message/14491
Mute This Topic: https://lists.fd.io/mt/41334952/21656
Group Owner: vpp-dev+ow...@lists.fd.io
Unsubscribe: https://lists.fd.io/g/vpp-dev/unsub  [arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[vpp-dev] Is there a limit when assigning corelist-workers in vpp?

[Chuan Han via Lists.Fd.Io]

Hi, vpp experts,

I am trying to allocate more cores to a phy nic. I want to allocate cores
4,6,8,10 to eth0, and cores 12,14,16,18 to eth1.

cpu {
  main-core 2
*  # corelist-workers 4,6,8,10,12,14,16,18,20,22   <== This does not work.
vpp crashes when starting. *
  corelist-workers 4,6,8,10,12,14,16,18
}

dpdk {
  socket-mem 2048,0
  log-level debug
  no-tx-checksum-offload
  dev default{
num-tx-desc 512
num-rx-desc 512
  }
  dev :1a:00.0 {
# workers 4,6,8,10,12
workers 4,6,8,10
name eth0
  }
  dev :19:00.1 {
# workers 14,16,18,20,22
workers 12,14,16,18
name eth1
  }
  # Use aesni mb lib.
  vdev crypto_aesni_mb0,socket_id=0
  # Use qat VF pcie addresses.
#  dev :3d:01.0
  no-multi-seg
}

Afte vpp starts, I can see eth1 got 4 cores but eth0 only got 3 cores.

vpp# sh thread
ID NameTypeLWP Sched Policy (Priority)
 lcore  Core   Socket State
0  vpp_main10653   other (0)2
   0  0
1  vpp_wk_0workers 10655   other (0)4
   1  0
2  vpp_wk_1workers 10656   other (0)6
   4  0
3  vpp_wk_2workers 10657   other (0)8
   2  0
4  vpp_wk_3workers 10658   other (0)10
3  0
5  vpp_wk_4workers 10659   other (0)12
8  0
6  vpp_wk_5workers 10660   other (0)14
13 0
7  vpp_wk_6workers 10661   other (0)16
9  0
*8  vpp_wk_7workers 10662   other (0)18
12 0   <=== core 18 is not used by eth0.*
vpp# sh interface rx-placement
Thread 1 (vpp_wk_0):
  node dpdk-input:
eth1 queue 0 (polling)
Thread 2 (vpp_wk_1):
  node dpdk-input:
eth1 queue 1 (polling)
Thread 3 (vpp_wk_2):
  node dpdk-input:
eth1 queue 2 (polling)
Thread 4 (vpp_wk_3):
  node dpdk-input:
eth1 queue 3 (polling)



*Thread 5 (vpp_wk_4):  node dpdk-input:eth0 queue 0 (polling)eth0
queue 2 (polling)*
Thread 6 (vpp_wk_5):
  node dpdk-input:
eth0 queue 3 (polling)
Thread 7 (vpp_wk_6):
  node dpdk-input:
eth0 queue 1 (polling)
vpp#

It seems there is a limitation on assigning cores to nic.
1. I cannot allocate cores after 20 to corelist-workers.
2. Cores after 18 cannot be allocated to nic.

Is this some bug? Or, some undocumented limitation?

Thanks.
Chuan
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.

View/Reply Online (#14489): https://lists.fd.io/g/vpp-dev/message/14489
Mute This Topic: https://lists.fd.io/mt/41334952/21656
Group Owner: vpp-dev+ow...@lists.fd.io
Unsubscribe: https://lists.fd.io/g/vpp-dev/unsub  [arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

Re: [vpp-dev] Basic l2 bridging does not work

[Chuan Han via Lists.Fd.Io]

Just for record purposes, we did not continue trying this R740-R230 setup.
We moved to R740-R740 setup. We did not see this phy nic down issue. It
seems some compatibility bug within R230 + some nic.

On Sun, Oct 20, 2019 at 9:37 PM Balaji Venkatraman via Lists.Fd.Io  wrote:

> I see in the log of “ethtool enp6s0f1“ on R230:
>
>
>
> root@esdn-relay:~/gnxi/perf_testing/r230# ethtool enp6s0f1
>
>
>
> Supported ports: [ *FIBRE* ]   <<<<<<<<<<<<<<<<
>
> Supported link modes:   1baseT/Full
>
> Supports auto-negotiation: No
>
> Advertised link modes:  1baseT/Full <<<<<
>
> Speed: 1Mb/s
>
> Port: Direct Attach Copper
>
> *Auto-negotiation: off*
>
>
>
>
>
> While on R 230:
>
> root@esdn-lab:~/gnxi/perf_testing/r740/vpp# ethtool eno3
> Settings for eno3:
> Supported ports: [ *TP* ]. <<<<<<<<<<<<<<<<<
>
>
> *Supported link modes:   100baseT/Full
>   1000baseT/Full  1baseT/Full *<<<<<
> Supported pause frame use: Symmetric
> Supports auto-negotiation: Yes
> Supported FEC modes: Not reported
> Advertised link modes:  100baseT/Full
> 1000baseT/Full
> 1baseT/Full
> Advertised pause frame use: Symmetric
> Advertised auto-negotiation: Yes
> Advertised FEC modes: Not reported
> Speed: 1Mb/s
> Duplex: Full
> *Port: Twisted Pair*
> PHYAD: 0
> Transceiver: internal
> *Auto-negotiation: on*
> MDI-X: Unknown
>
>
>
>
>
> The supported ports seem mismatched at either end with AutoNeg disabled at
> one, I doubt the parameters are exchanged to get the transmissions going.
> Some expert in the ethernet might want to comment if this could be an issue.
>
> Regards,
>
> Balaji.
>
>
>
>
>
> *From: * on behalf of "steven luong via Lists.Fd.Io"
> 
> *Reply-To: *"Steven Luong (sluong)" 
> *Date: *Friday, October 18, 2019 at 10:06 PM
> *To: *"vpp-dev@lists.fd.io" 
> *Cc: *"vpp-dev@lists.fd.io" 
> *Subject: *Re: [vpp-dev] Basic l2 bridging does not work
>
>
>
> Can you reduce your rx and tx queues to 1 and try again?
>
>
>
> rx: queues 2 (max 128), desc 512 (min 32 max 4096 align 8)
> tx: queues 3 (max 64), desc 512 (min 32 max 4096 align 8)
>
>
> Steven
>
>
>
> *From: * on behalf of "Chuan Han via Lists.Fd.Io"
> 
> *Reply-To: *"chuan...@google.com" 
> *Date: *Friday, October 18, 2019 at 4:05 PM
> *To: *Chuan Han 
> *Cc: *"vpp-dev@lists.fd.io" 
> *Subject: *Re: [vpp-dev] Basic l2 bridging does not work
>
>
>
> Hi, Damjan,
>
>
>
> It seems the bug is in vpp.
>
>
>
> On R230, vpp shows eth0 is down.
>
>
>
> vpp# sh hardware-interfaces eth0
>   NameIdx   Link  Hardware
> eth0   2down  eth0
>   Link speed: unknown
>
>
> *  Ethernet address b4:96:91:23:1e:d6   Intel 82599 carrier down*
> flags: admin-up promisc pmd rx-ip4-cksum
> rx: queues 2 (max 128), desc 512 (min 32 max 4096 align 8)
> tx: queues 3 (max 64), desc 512 (min 32 max 4096 align 8)
> pci: device 8086:154d subsystem 8086:7b11 address :06:00.01 numa 0
> max rx packet len: 15872
> promiscuous: unicast on all-multicast on
> vlan offload: strip off filter off qinq off
> rx offload avail:  vlan-strip ipv4-cksum udp-cksum tcp-cksum tcp-lro
>macsec-strip vlan-filter vlan-extend jumbo-frame
> scatter
>security keep-crc
> rx offload active: ipv4-cksum
> tx offload avail:  vlan-insert ipv4-cksum udp-cksum tcp-cksum
> sctp-cksum
>tcp-tso macsec-insert multi-segs security
> tx offload active: none
> rss avail: ipv4-tcp ipv4-udp ipv4 ipv6-tcp-ex ipv6-udp-ex
> ipv6-tcp
>ipv6-udp ipv6-ex ipv6
> rss active:none
> tx burst function: (nil)
> rx burst function: ixgbe_recv_pkts_vec
>
> extended stats:
>   mac local errors   318
> vpp#
>
>
>
> However, the testpmd tool shows it is up.
>
>
>
> testpmd> show port summary 1
> Number of available ports: 2
> Port MAC Address   Name Driver Status   Link
> *1B4:96:91:23:1E:D6 :06:00.1 net_ixgbe  up   1Mbps*
> testpmd>
>
>
>
&g

Re: [vpp-dev] How to configure l2 gre over ipsec in vpp 19.08

[Chuan Han via Lists.Fd.Io]

Just for record purposes, here are the configs I figured out on l2 gretap +
ipsec transport mode. The other party config is similar with proper changes
in ip, mac address and spi. Make sure spi matches. Otherwise, pkt will be
punted on the receiving side.

set int state eth0 up
set int ip address eth0 10.10.10.11/24
set int promiscuous on eth0

set ip arp eth0 10.10.10.10 24:6e:96:b4:b2:07

set int state eth1 up
set int promiscuous on eth1

create gre tunnel src 10.10.10.11 dst 10.10.10.10 teb
set int state gre0 up

create bridge-domain 1
set interface l2 bridge gre0 1
set interface l2 bridge eth1 1

ipsec spd add 1
set interface ipsec spd eth0 1

ipsec sa add 1 spi 255128 esp crypto-key
0123456789012345678901234567890101234567890123456789012345678901 crypto-alg
aes-gcm-256
ipsec sa add 2 spi 255129 esp crypto-key
0123456789012345678901234567890101234567890123456789012345678901 crypto-alg
aes-gcm-256

ipsec policy add spd 1 priority 90 inbound action protect sa 2
local-ip-range 10.10.10.11-10.10.10.11 remote-ip-range
10.10.10.10-10.10.10.10
ipsec policy add spd 1 priority 90 outbound action protect sa 1
local-ip-range 10.10.10.11-10.10.10.11 remote-ip-range
10.10.10.10-10.10.10.10

trace add dpdk-input 10

On Tue, Oct 8, 2019 at 3:23 PM Chuan Han via Lists.Fd.Io  wrote:

> Hi, Neale/vpp experts,
>
> Can you help check why the receiving side drops all the incoming pkts
> because of unknown ip protocol?
>
> I looked at TestIpsecGreTebIfEsp, but had no clue how it is mapped to cli
> commands.
>
> I am new to vpp.
>
> Thanks.
> Chuan
>
> On Fri, Oct 4, 2019 at 11:41 AM Chuan Han via Lists.Fd.Io  google@lists.fd.io> wrote:
>
>> Thanks for helping.
>>
>> I removed spd configs on both sides, but still no luck. I am pinging from
>> r230 side.
>>
>> It seems r230 is able to sending ping pkts over dpdk interface. However,
>> on r740 side, gre0 interface drops all of them. See the attached updated
>> cfg files and log files for more details.
>>
>>   IPSec: remote:10.10.10.11 spi:255129 (0x0003e499) seq 418
>> 00:06:52:367944: esp4-decrypt-tun
>>   esp: crypto aes-cbc-128 integrity sha1-96 pkt-seq 418 sa-seq 0
>> sa-seq-hi 0
>> 00:06:52:367948: ip4-input-no-checksum
>>   GRE: 10.10.10.11 -> 10.10.10.10
>> tos 0x00, ttl 254, length 66, checksum 0x9464
>> fragment id 0x
>>   GRE teb
>> 00:06:52:367948: ip4-not-enabled
>> GRE: 10.10.10.11 -> 10.10.10.10
>>   tos 0x00, ttl 254, length 66, checksum 0x9464
>>   fragment id 0x
>> GRE teb
>> 00:06:52:367948: error-drop
>>   rx:gre0
>> 00:06:52:367949: drop
>>   ip4-input: unknown ip protocol
>>
>>
>> On Fri, Oct 4, 2019 at 8:39 AM Neale Ranns (nranns) 
>> wrote:
>>
>>>
>>>
>>> Hi Chuan,
>>>
>>>
>>>
>>> Please remove the SPD config. For tunnels all packets that
>>> ingress/egress the tunnel are decrypted/encrypted, so no policy is
>>> required. The presence of the SPD on the ingress eth0 link could be why
>>> it’s not working.
>>>
>>> Please provide packet traces when you are reporting packet loss
>>> problems, it helps us debug.
>>>
>>>
>>>
>>> For reference the setup for GRE TEB IPSec can be found in the python UT
>>> TestIpsecGreTebIfEsp.
>>>
>>>
>>>
>>> Regards,
>>>
>>> neale
>>>
>>>
>>>
>>>
>>>
>>> *From: * on behalf of "Chuan Han via Lists.Fd.Io"
>>> 
>>> *Reply to: *"chuan...@google.com" 
>>> *Date: *Friday 4 October 2019 at 02:15
>>> *To: *"John Lo (loj)" 
>>> *Cc: *"vpp-dev@lists.fd.io" 
>>> *Subject: *Re: [vpp-dev] How to configure l2 gre over ipsec in vpp 19.08
>>>
>>>
>>>
>>> Hi,
>>>
>>>
>>>
>>> Thanks for information.
>>>
>>>
>>>
>>> I am trying to configure l2 gre over ipsec transport mode.
>>>
>>>
>>>
>>> Here are my startup.cfg files. Can you help check if my configuration is
>>> correct or not?
>>>
>>>
>>>
>>> r230 and r740 are two servers which are directly connected.
>>>
>>>
>>>
>>> eth0 is the phy nic. host-veth1 is one endpoint of veth pair. the other
>>> end is connected to a network namespace with ip address 172.16.1.2.
>>>
>>>
>>>
>>> From the network namespace, I cannot ping the other end 172.16.1.1.
>>>
>>>
>>>

Re: [vpp-dev] Basic l2 bridging does not work

[Chuan Han via Lists.Fd.Io]

The same problem still exists.

vpp# sh hardware-interfaces eth0
  NameIdx   Link  Hardware
eth0   2down  eth0
  Link speed: unknown
  Ethernet address b4:96:91:23:1e:d6
  Intel 82599
*carrier down *
flags: admin-up promisc pmd rx-ip4-cksum

*rx: queues 1 (max 128), desc 512 (min 32 max 4096 align 8)tx:
queues 1 (max 64), desc 512 (min 32 max 4096 align 8)*
pci: device 8086:154d subsystem 8086:7b11 address :06:00.01 numa 0
max rx packet len: 15872
promiscuous: unicast on all-multicast on
vlan offload: strip off filter off qinq off
rx offload avail:  vlan-strip ipv4-cksum udp-cksum tcp-cksum tcp-lro
   macsec-strip vlan-filter vlan-extend jumbo-frame
scatter
   security keep-crc
rx offload active: ipv4-cksum
tx offload avail:  vlan-insert ipv4-cksum udp-cksum tcp-cksum
sctp-cksum
   tcp-tso macsec-insert multi-segs security
tx offload active: none
rss avail: ipv4-tcp ipv4-udp ipv4 ipv6-tcp-ex ipv6-udp-ex
ipv6-tcp
   ipv6-udp ipv6-ex ipv6
rss active:none
tx burst function: (nil)
rx burst function: ixgbe_recv_pkts_vec

vpp#

testpmd shows that interface is up.

testpmd> show port summary 1
Number of available ports: 2
Port MAC Address   Name Driver Status   Link
*1B4:96:91:23:1E:D6 :06:00.1 net_ixgbe  up   1Mbps*
testpmd>

On Fri, Oct 18, 2019 at 8:16 PM Steven Luong (sluong) 
wrote:

> Can you reduce your rx and tx queues to 1 and try again?
>
>
>
> rx: queues 2 (max 128), desc 512 (min 32 max 4096 align 8)
> tx: queues 3 (max 64), desc 512 (min 32 max 4096 align 8)
>
> Steven
>
>
>
> *From: * on behalf of "Chuan Han via Lists.Fd.Io"
> 
> *Reply-To: *"chuan...@google.com" 
> *Date: *Friday, October 18, 2019 at 4:05 PM
> *To: *Chuan Han 
> *Cc: *"vpp-dev@lists.fd.io" 
> *Subject: *Re: [vpp-dev] Basic l2 bridging does not work
>
>
>
> Hi, Damjan,
>
>
>
> It seems the bug is in vpp.
>
>
>
> On R230, vpp shows eth0 is down.
>
>
>
> vpp# sh hardware-interfaces eth0
>   NameIdx   Link  Hardware
> eth0   2down  eth0
>   Link speed: unknown
>
>
> *  Ethernet address b4:96:91:23:1e:d6   Intel 82599 carrier down*
> flags: admin-up promisc pmd rx-ip4-cksum
> rx: queues 2 (max 128), desc 512 (min 32 max 4096 align 8)
> tx: queues 3 (max 64), desc 512 (min 32 max 4096 align 8)
> pci: device 8086:154d subsystem 8086:7b11 address :06:00.01 numa 0
> max rx packet len: 15872
> promiscuous: unicast on all-multicast on
> vlan offload: strip off filter off qinq off
> rx offload avail:  vlan-strip ipv4-cksum udp-cksum tcp-cksum tcp-lro
>macsec-strip vlan-filter vlan-extend jumbo-frame
> scatter
>security keep-crc
> rx offload active: ipv4-cksum
> tx offload avail:  vlan-insert ipv4-cksum udp-cksum tcp-cksum
> sctp-cksum
>tcp-tso macsec-insert multi-segs security
> tx offload active: none
> rss avail: ipv4-tcp ipv4-udp ipv4 ipv6-tcp-ex ipv6-udp-ex
> ipv6-tcp
>ipv6-udp ipv6-ex ipv6
> rss active:none
> tx burst function: (nil)
> rx burst function: ixgbe_recv_pkts_vec
>
> extended stats:
>   mac local errors   318
> vpp#
>
>
>
> However, the testpmd tool shows it is up.
>
>
>
> testpmd> show port summary 1
> Number of available ports: 2
> Port MAC Address   Name Driver Status   Link
> *1B4:96:91:23:1E:D6 :06:00.1 net_ixgbe  up   1Mbps*
> testpmd>
>
>
>
> Does this prove something wrong on vpp side?
>
>
>
> Thanks.
>
> Chuan
>
>
>
> On Fri, Oct 18, 2019 at 3:06 PM Chuan Han  wrote:
>
> I built testpmd binary on both r740 and r230, and ran the test. I did see
> testpmd reports some link status change on r230 server. testpmd report on
> r740 is stabler. no status change reported.
>
>
>
> r230 log
>
> ====
>
> Press enter to exit
>
> Port 0: link state change event
>
> Port 1: link state change event
>
> Port 1: link state change event
>
> r740 log
>
> 
>
> Press enter to exitx0 - TX RS bit threshold=32
>
> If it is a dpdk bug, what shall I do? Report to dpdk mailing list?
>
>
>
> On Fri, Oct 18, 2019 at 11:55 AM Chuan Han via Lists.Fd.Io  google@lists.fd.io> wrote:
>
> So, it is 

Re: [vpp-dev] Basic l2 bridging does not work

[Chuan Han via Lists.Fd.Io]

Hi, Damjan,

It seems the bug is in vpp.

On R230, vpp shows eth0 is down.

vpp# sh hardware-interfaces eth0
  NameIdx   Link  Hardware
eth0   2down  eth0
  Link speed: unknown


*  Ethernet address b4:96:91:23:1e:d6  Intel 82599carrier down*
flags: admin-up promisc pmd rx-ip4-cksum
rx: queues 2 (max 128), desc 512 (min 32 max 4096 align 8)
tx: queues 3 (max 64), desc 512 (min 32 max 4096 align 8)
pci: device 8086:154d subsystem 8086:7b11 address :06:00.01 numa 0
max rx packet len: 15872
promiscuous: unicast on all-multicast on
vlan offload: strip off filter off qinq off
rx offload avail:  vlan-strip ipv4-cksum udp-cksum tcp-cksum tcp-lro
   macsec-strip vlan-filter vlan-extend jumbo-frame
scatter
   security keep-crc
rx offload active: ipv4-cksum
tx offload avail:  vlan-insert ipv4-cksum udp-cksum tcp-cksum sctp-cksum
   tcp-tso macsec-insert multi-segs security
tx offload active: none
rss avail: ipv4-tcp ipv4-udp ipv4 ipv6-tcp-ex ipv6-udp-ex
ipv6-tcp
   ipv6-udp ipv6-ex ipv6
rss active:none
tx burst function: (nil)
rx burst function: ixgbe_recv_pkts_vec

extended stats:
  mac local errors   318
vpp#

However, the testpmd tool shows it is up.

testpmd> show port summary 1
Number of available ports: 2
Port MAC Address   Name Driver Status   Link
*1B4:96:91:23:1E:D6 :06:00.1 net_ixgbe  up   1Mbps*
testpmd>

Does this prove something wrong on vpp side?

Thanks.
Chuan

On Fri, Oct 18, 2019 at 3:06 PM Chuan Han  wrote:

> I built testpmd binary on both r740 and r230, and ran the test. I did see
> testpmd reports some link status change on r230 server. testpmd report on
> r740 is stabler. no status change reported.
>
> r230 log
> 
> Press enter to exit
>
> Port 0: link state change event
>
> Port 1: link state change event
>
> Port 1: link state change event
>
> r740 log
> 
> Press enter to exitx0 - TX RS bit threshold=32
>
> If it is a dpdk bug, what shall I do? Report to dpdk mailing list?
>
> On Fri, Oct 18, 2019 at 11:55 AM Chuan Han via Lists.Fd.Io  google@lists.fd.io> wrote:
>
>> So, it is a dpdk bug?
>>
>> I am new to dpdk/vpp.
>>
>> How do I run dpdk testpmd? Shall I install dpdk separately on the r230
>> server? Are there any steps to follow?
>>
>> On Fri, Oct 18, 2019 at 10:30 AM Damjan Marion  wrote:
>>
>>> In this case we are purely relying on link state provided by DPDK.
>>> Have you tried to check if same problem exists with DPDK testpmd app?
>>>
>>>
>>> On 18 Oct 2019, at 10:26, Chuan Han via Lists.Fd.Io <
>>> chuanhan=google@lists.fd.io> wrote:
>>>
>>> I cleaned up startup config a bit. I can still see eth0 down.
>>>
>>> See attachment for config file and log. There are some errors in log,
>>> but I am not sure they are worrisome or not.
>>>
>>> On Thu, Oct 17, 2019 at 5:22 PM Florin Coras 
>>> wrote:
>>>
>>>> This looks like a DPDK issue, but I’ll let Damjan be the judge of that.
>>>>
>>>> To see if this is a config issues, could you simplify your startup
>>>> config by
>>>> - removing “workers 0” from the two nics and adding “num-rx-queues 2”
>>>> to the nics or to the default stanza, if you’re running with 2 workers
>>>> - comment out the cryptodev config
>>>>
>>>> If the two nics don’t come up, check if there’s any obvious dpdk error
>>>> in “show log”.
>>>>
>>>> Florin
>>>>
>>>> On Oct 17, 2019, at 4:56 PM, Chuan Han via Lists.Fd.Io
>>>> <http://lists.fd.io/>  wrote:
>>>>
>>>> I tried disabling autoneg on R740 side. It is not allowed too. If vpp
>>>> cannot allow two nics to be successfully added to the same vpp instance, it
>>>> seems to be a bug. Is it something which can be easily spotted in the code
>>>> base?
>>>>
>>>> It is also not possible to enforce symmetricity on internet. The other
>>>> party can do anything as long as basic ping works.
>>>>
>>>> On Thu, Oct 17, 2019 at 3:55 PM Chuan Han  wrote:
>>>>
>>>>> If I only put one phy nic, i.e., eth0, to vpp, 'sh hardware' shows it
>>>>> is up. If I put both eth0 and eth1 in vpp, eth0 is always down. It seems
>>>>> something is wron

Re: [vpp-dev] Basic l2 bridging does not work

[Chuan Han via Lists.Fd.Io]

I built testpmd binary on both r740 and r230, and ran the test. I did see
testpmd reports some link status change on r230 server. testpmd report on
r740 is stabler. no status change reported.

r230 log

Press enter to exit

Port 0: link state change event

Port 1: link state change event

Port 1: link state change event

r740 log

Press enter to exitx0 - TX RS bit threshold=32

If it is a dpdk bug, what shall I do? Report to dpdk mailing list?

On Fri, Oct 18, 2019 at 11:55 AM Chuan Han via Lists.Fd.Io  wrote:

> So, it is a dpdk bug?
>
> I am new to dpdk/vpp.
>
> How do I run dpdk testpmd? Shall I install dpdk separately on the r230
> server? Are there any steps to follow?
>
> On Fri, Oct 18, 2019 at 10:30 AM Damjan Marion  wrote:
>
>> In this case we are purely relying on link state provided by DPDK.
>> Have you tried to check if same problem exists with DPDK testpmd app?
>>
>>
>> On 18 Oct 2019, at 10:26, Chuan Han via Lists.Fd.Io <
>> chuanhan=google@lists.fd.io> wrote:
>>
>> I cleaned up startup config a bit. I can still see eth0 down.
>>
>> See attachment for config file and log. There are some errors in log, but
>> I am not sure they are worrisome or not.
>>
>> On Thu, Oct 17, 2019 at 5:22 PM Florin Coras 
>> wrote:
>>
>>> This looks like a DPDK issue, but I’ll let Damjan be the judge of that.
>>>
>>> To see if this is a config issues, could you simplify your startup
>>> config by
>>> - removing “workers 0” from the two nics and adding “num-rx-queues 2” to
>>> the nics or to the default stanza, if you’re running with 2 workers
>>> - comment out the cryptodev config
>>>
>>> If the two nics don’t come up, check if there’s any obvious dpdk error
>>> in “show log”.
>>>
>>> Florin
>>>
>>> On Oct 17, 2019, at 4:56 PM, Chuan Han via Lists.Fd.Io
>>> <http://lists.fd.io/>  wrote:
>>>
>>> I tried disabling autoneg on R740 side. It is not allowed too. If vpp
>>> cannot allow two nics to be successfully added to the same vpp instance, it
>>> seems to be a bug. Is it something which can be easily spotted in the code
>>> base?
>>>
>>> It is also not possible to enforce symmetricity on internet. The other
>>> party can do anything as long as basic ping works.
>>>
>>> On Thu, Oct 17, 2019 at 3:55 PM Chuan Han  wrote:
>>>
>>>> If I only put one phy nic, i.e., eth0, to vpp, 'sh hardware' shows it
>>>> is up. If I put both eth0 and eth1 in vpp, eth0 is always down. It seems
>>>> something is wrong with the nic or vpp does not support this type of
>>>> hardware?
>>>>
>>>> We tried enabling autoneg on R230. It is not allowed. To avoid
>>>> asymmetric settings, disabling autoneg on R740 will help?
>>>>
>>>> On Thu, Oct 17, 2019 at 3:46 PM Balaji Venkatraman (balajiv) <
>>>> bala...@cisco.com> wrote:
>>>>
>>>>> It plays a role if it is asymmetric at both ends. You could enable it
>>>>> at both ends and check.
>>>>>
>>>>> On Oct 17, 2019, at 3:15 PM, Chuan Han  wrote:
>>>>>
>>>>> 
>>>>> I rebooted the r230 machine and found the phy nic corresponding to eth
>>>>> has autoneg off.
>>>>>
>>>>> root@esdn-relay:~/gnxi/perf_testing/r230# ethtool enp6s0f1
>>>>> Settings for enp6s0f1:
>>>>> Supported ports: [ FIBRE ]
>>>>> Supported link modes:   1baseT/Full
>>>>> Supported pause frame use: Symmetric
>>>>> Supports auto-negotiation: No
>>>>> Supported FEC modes: Not reported
>>>>> Advertised link modes:  1baseT/Full
>>>>> Advertised pause frame use: Symmetric
>>>>> Advertised auto-negotiation: No
>>>>> Advertised FEC modes: Not reported
>>>>> Speed: 1Mb/s
>>>>> Duplex: Full
>>>>> *Port: Direct Attach Copper*
>>>>> PHYAD: 0
>>>>> Transceiver: internal
>>>>> *Auto-negotiation: off*
>>>>> Supports Wake-on: d
>>>>> Wake-on: d
>>>>> Current message level: 0x0007 (7)
>>>>>drv probe link
>>>>>   

Re: [vpp-dev] Basic l2 bridging does not work

[Chuan Han via Lists.Fd.Io]

So, it is a dpdk bug?

I am new to dpdk/vpp.

How do I run dpdk testpmd? Shall I install dpdk separately on the r230
server? Are there any steps to follow?

On Fri, Oct 18, 2019 at 10:30 AM Damjan Marion  wrote:

> In this case we are purely relying on link state provided by DPDK.
> Have you tried to check if same problem exists with DPDK testpmd app?
>
>
> On 18 Oct 2019, at 10:26, Chuan Han via Lists.Fd.Io <
> chuanhan=google@lists.fd.io> wrote:
>
> I cleaned up startup config a bit. I can still see eth0 down.
>
> See attachment for config file and log. There are some errors in log, but
> I am not sure they are worrisome or not.
>
> On Thu, Oct 17, 2019 at 5:22 PM Florin Coras 
> wrote:
>
>> This looks like a DPDK issue, but I’ll let Damjan be the judge of that.
>>
>> To see if this is a config issues, could you simplify your startup config
>> by
>> - removing “workers 0” from the two nics and adding “num-rx-queues 2” to
>> the nics or to the default stanza, if you’re running with 2 workers
>> - comment out the cryptodev config
>>
>> If the two nics don’t come up, check if there’s any obvious dpdk error in
>> “show log”.
>>
>> Florin
>>
>> On Oct 17, 2019, at 4:56 PM, Chuan Han via Lists.Fd.Io
>> <http://lists.fd.io/>  wrote:
>>
>> I tried disabling autoneg on R740 side. It is not allowed too. If vpp
>> cannot allow two nics to be successfully added to the same vpp instance, it
>> seems to be a bug. Is it something which can be easily spotted in the code
>> base?
>>
>> It is also not possible to enforce symmetricity on internet. The other
>> party can do anything as long as basic ping works.
>>
>> On Thu, Oct 17, 2019 at 3:55 PM Chuan Han  wrote:
>>
>>> If I only put one phy nic, i.e., eth0, to vpp, 'sh hardware' shows it is
>>> up. If I put both eth0 and eth1 in vpp, eth0 is always down. It seems
>>> something is wrong with the nic or vpp does not support this type of
>>> hardware?
>>>
>>> We tried enabling autoneg on R230. It is not allowed. To avoid
>>> asymmetric settings, disabling autoneg on R740 will help?
>>>
>>> On Thu, Oct 17, 2019 at 3:46 PM Balaji Venkatraman (balajiv) <
>>> bala...@cisco.com> wrote:
>>>
>>>> It plays a role if it is asymmetric at both ends. You could enable it
>>>> at both ends and check.
>>>>
>>>> On Oct 17, 2019, at 3:15 PM, Chuan Han  wrote:
>>>>
>>>> 
>>>> I rebooted the r230 machine and found the phy nic corresponding to eth
>>>> has autoneg off.
>>>>
>>>> root@esdn-relay:~/gnxi/perf_testing/r230# ethtool enp6s0f1
>>>> Settings for enp6s0f1:
>>>> Supported ports: [ FIBRE ]
>>>> Supported link modes:   1baseT/Full
>>>> Supported pause frame use: Symmetric
>>>> Supports auto-negotiation: No
>>>> Supported FEC modes: Not reported
>>>> Advertised link modes:  1baseT/Full
>>>> Advertised pause frame use: Symmetric
>>>> Advertised auto-negotiation: No
>>>> Advertised FEC modes: Not reported
>>>> Speed: 1Mb/s
>>>> Duplex: Full
>>>> *Port: Direct Attach Copper*
>>>> PHYAD: 0
>>>> Transceiver: internal
>>>> *Auto-negotiation: off*
>>>> Supports Wake-on: d
>>>> Wake-on: d
>>>> Current message level: 0x0007 (7)
>>>>drv probe link
>>>> Link detected: yes
>>>> root@esdn-relay:~/gnxi/perf_testing/r230#
>>>>
>>>> On r740, autoneg is on. It is copper.
>>>>
>>>> root@esdn-lab:~/gnxi/perf_testing/r740/vpp# ethtool eno3
>>>> Settings for eno3:
>>>> Supported ports: [ TP ]
>>>> Supported link modes:   100baseT/Full
>>>> 1000baseT/Full
>>>> 1baseT/Full
>>>> Supported pause frame use: Symmetric
>>>> Supports auto-negotiation: Yes
>>>> Supported FEC modes: Not reported
>>>> Advertised link modes:  100baseT/Full
>>>> 1000baseT/Full
>>>> 1baseT/Full
>>>> Advertised pause frame use: Symmetric
>>>>

Re: [vpp-dev] Basic l2 bridging does not work

[Chuan Han via Lists.Fd.Io]

I cleaned up startup config a bit. I can still see eth0 down.

See attachment for config file and log. There are some errors in log, but I
am not sure they are worrisome or not.

On Thu, Oct 17, 2019 at 5:22 PM Florin Coras  wrote:

> This looks like a DPDK issue, but I’ll let Damjan be the judge of that.
>
> To see if this is a config issues, could you simplify your startup config
> by
> - removing “workers 0” from the two nics and adding “num-rx-queues 2” to
> the nics or to the default stanza, if you’re running with 2 workers
> - comment out the cryptodev config
>
> If the two nics don’t come up, check if there’s any obvious dpdk error in
> “show log”.
>
> Florin
>
> On Oct 17, 2019, at 4:56 PM, Chuan Han via Lists.Fd.Io <
> chuanhan=google@lists.fd.io> wrote:
>
> I tried disabling autoneg on R740 side. It is not allowed too. If vpp
> cannot allow two nics to be successfully added to the same vpp instance, it
> seems to be a bug. Is it something which can be easily spotted in the code
> base?
>
> It is also not possible to enforce symmetricity on internet. The other
> party can do anything as long as basic ping works.
>
> On Thu, Oct 17, 2019 at 3:55 PM Chuan Han  wrote:
>
>> If I only put one phy nic, i.e., eth0, to vpp, 'sh hardware' shows it is
>> up. If I put both eth0 and eth1 in vpp, eth0 is always down. It seems
>> something is wrong with the nic or vpp does not support this type of
>> hardware?
>>
>> We tried enabling autoneg on R230. It is not allowed. To avoid asymmetric
>> settings, disabling autoneg on R740 will help?
>>
>> On Thu, Oct 17, 2019 at 3:46 PM Balaji Venkatraman (balajiv) <
>> bala...@cisco.com> wrote:
>>
>>> It plays a role if it is asymmetric at both ends. You could enable it at
>>> both ends and check.
>>>
>>> On Oct 17, 2019, at 3:15 PM, Chuan Han  wrote:
>>>
>>> 
>>> I rebooted the r230 machine and found the phy nic corresponding to eth
>>> has autoneg off.
>>>
>>> root@esdn-relay:~/gnxi/perf_testing/r230# ethtool enp6s0f1
>>> Settings for enp6s0f1:
>>> Supported ports: [ FIBRE ]
>>> Supported link modes:   1baseT/Full
>>> Supported pause frame use: Symmetric
>>> Supports auto-negotiation: No
>>> Supported FEC modes: Not reported
>>> Advertised link modes:  1baseT/Full
>>> Advertised pause frame use: Symmetric
>>> Advertised auto-negotiation: No
>>> Advertised FEC modes: Not reported
>>> Speed: 1Mb/s
>>> Duplex: Full
>>> *Port: Direct Attach Copper*
>>> PHYAD: 0
>>> Transceiver: internal
>>> *Auto-negotiation: off*
>>> Supports Wake-on: d
>>> Wake-on: d
>>> Current message level: 0x0007 (7)
>>>drv probe link
>>> Link detected: yes
>>> root@esdn-relay:~/gnxi/perf_testing/r230#
>>>
>>> On r740, autoneg is on. It is copper.
>>>
>>> root@esdn-lab:~/gnxi/perf_testing/r740/vpp# ethtool eno3
>>> Settings for eno3:
>>> Supported ports: [ TP ]
>>> Supported link modes:   100baseT/Full
>>> 1000baseT/Full
>>> 1baseT/Full
>>> Supported pause frame use: Symmetric
>>> Supports auto-negotiation: Yes
>>> Supported FEC modes: Not reported
>>> Advertised link modes:  100baseT/Full
>>> 1000baseT/Full
>>> 1baseT/Full
>>> Advertised pause frame use: Symmetric
>>> Advertised auto-negotiation: Yes
>>> Advertised FEC modes: Not reported
>>> Speed: 1Mb/s
>>> Duplex: Full
>>> *Port: Twisted Pair*
>>> PHYAD: 0
>>> Transceiver: internal
>>> *Auto-negotiation: on*
>>> MDI-X: Unknown
>>> Supports Wake-on: umbg
>>> Wake-on: g
>>> Current message level: 0x0007 (7)
>>>drv probe link
>>> Link detected: yes
>>> root@esdn-lab:~/gnxi/perf_testing/r740/vpp#
>>>
>>> not clear if this plays a role or not.
>>>
>>> On Thu, Oct 17, 2019 at 2:41 PM Chuan Han via Lists.Fd.Io
>>> <http://lists.fd.io/>  wrote:
>&

Re: [vpp-dev] Basic l2 bridging does not work

[Chuan Han via Lists.Fd.Io]

I tried disabling autoneg on R740 side. It is not allowed too. If vpp
cannot allow two nics to be successfully added to the same vpp instance, it
seems to be a bug. Is it something which can be easily spotted in the code
base?

It is also not possible to enforce symmetricity on internet. The other
party can do anything as long as basic ping works.

On Thu, Oct 17, 2019 at 3:55 PM Chuan Han  wrote:

> If I only put one phy nic, i.e., eth0, to vpp, 'sh hardware' shows it is
> up. If I put both eth0 and eth1 in vpp, eth0 is always down. It seems
> something is wrong with the nic or vpp does not support this type of
> hardware?
>
> We tried enabling autoneg on R230. It is not allowed. To avoid asymmetric
> settings, disabling autoneg on R740 will help?
>
> On Thu, Oct 17, 2019 at 3:46 PM Balaji Venkatraman (balajiv) <
> bala...@cisco.com> wrote:
>
>> It plays a role if it is asymmetric at both ends. You could enable it at
>> both ends and check.
>>
>> On Oct 17, 2019, at 3:15 PM, Chuan Han  wrote:
>>
>> 
>> I rebooted the r230 machine and found the phy nic corresponding to eth
>> has autoneg off.
>>
>> root@esdn-relay:~/gnxi/perf_testing/r230# ethtool enp6s0f1
>> Settings for enp6s0f1:
>> Supported ports: [ FIBRE ]
>> Supported link modes:   1baseT/Full
>> Supported pause frame use: Symmetric
>> Supports auto-negotiation: No
>> Supported FEC modes: Not reported
>> Advertised link modes:  1baseT/Full
>> Advertised pause frame use: Symmetric
>> Advertised auto-negotiation: No
>> Advertised FEC modes: Not reported
>> Speed: 1Mb/s
>> Duplex: Full
>> *Port: Direct Attach Copper*
>> PHYAD: 0
>> Transceiver: internal
>> *Auto-negotiation: off*
>> Supports Wake-on: d
>> Wake-on: d
>> Current message level: 0x0007 (7)
>>drv probe link
>> Link detected: yes
>> root@esdn-relay:~/gnxi/perf_testing/r230#
>>
>> On r740, autoneg is on. It is copper.
>>
>> root@esdn-lab:~/gnxi/perf_testing/r740/vpp# ethtool eno3
>> Settings for eno3:
>> Supported ports: [ TP ]
>> Supported link modes:   100baseT/Full
>> 1000baseT/Full
>> 1baseT/Full
>> Supported pause frame use: Symmetric
>> Supports auto-negotiation: Yes
>> Supported FEC modes: Not reported
>> Advertised link modes:  100baseT/Full
>> 1000baseT/Full
>> 1baseT/Full
>> Advertised pause frame use: Symmetric
>> Advertised auto-negotiation: Yes
>> Advertised FEC modes: Not reported
>> Speed: 1Mb/s
>> Duplex: Full
>> *Port: Twisted Pair*
>> PHYAD: 0
>> Transceiver: internal
>> *Auto-negotiation: on*
>> MDI-X: Unknown
>> Supports Wake-on: umbg
>> Wake-on: g
>> Current message level: 0x0007 (7)
>>drv probe link
>> Link detected: yes
>> root@esdn-lab:~/gnxi/perf_testing/r740/vpp#
>>
>> not clear if this plays a role or not.
>>
>> On Thu, Oct 17, 2019 at 2:41 PM Chuan Han via Lists.Fd.Io > google@lists.fd.io> wrote:
>>
>>> Restarting ixia controller does not help. We ended up with both ixia
>>> ports having '!'.
>>>
>>> We are not sure how ixia port plays a role here. eth0 interfaces are the
>>> interfaces connecting two servers, not to ixia.
>>>
>>> On Thu, Oct 17, 2019 at 11:26 AM Balaji Venkatraman (balajiv) <
>>> bala...@cisco.com> wrote:
>>>
>>>> Hi Chuan,
>>>>
>>>>
>>>>
>>>> Could you please try to reset the ixia controller connected to port 4?
>>>>
>>>> I have seen issues with ‘!’ on ixia. Given the carrier on eth0 is
>>>> down, I suspect the ixia port.
>>>>
>>>>
>>>>
>>>> --
>>>>
>>>> Regards,
>>>>
>>>> Balaji.
>>>>
>>>>
>>>>
>>>>
>>>>
>>>> *From: *Chuan Han 
>>>> *Date: *Thursday, October 17, 2019 at 11:09 AM
>>>> *To: *"Balaji Venkatraman (balajiv)" 
>>>> *Cc: *"vpp-dev@lists.fd.io&

Re: [vpp-dev] Basic l2 bridging does not work

[Chuan Han via Lists.Fd.Io]

If I only put one phy nic, i.e., eth0, to vpp, 'sh hardware' shows it is
up. If I put both eth0 and eth1 in vpp, eth0 is always down. It seems
something is wrong with the nic or vpp does not support this type of
hardware?

We tried enabling autoneg on R230. It is not allowed. To avoid asymmetric
settings, disabling autoneg on R740 will help?

On Thu, Oct 17, 2019 at 3:46 PM Balaji Venkatraman (balajiv) <
bala...@cisco.com> wrote:

> It plays a role if it is asymmetric at both ends. You could enable it at
> both ends and check.
>
> On Oct 17, 2019, at 3:15 PM, Chuan Han  wrote:
>
> 
> I rebooted the r230 machine and found the phy nic corresponding to eth has
> autoneg off.
>
> root@esdn-relay:~/gnxi/perf_testing/r230# ethtool enp6s0f1
> Settings for enp6s0f1:
> Supported ports: [ FIBRE ]
> Supported link modes:   1baseT/Full
> Supported pause frame use: Symmetric
> Supports auto-negotiation: No
> Supported FEC modes: Not reported
> Advertised link modes:  1baseT/Full
> Advertised pause frame use: Symmetric
> Advertised auto-negotiation: No
> Advertised FEC modes: Not reported
> Speed: 1Mb/s
> Duplex: Full
> *Port: Direct Attach Copper*
> PHYAD: 0
> Transceiver: internal
> *Auto-negotiation: off*
> Supports Wake-on: d
> Wake-on: d
> Current message level: 0x0007 (7)
>drv probe link
> Link detected: yes
> root@esdn-relay:~/gnxi/perf_testing/r230#
>
> On r740, autoneg is on. It is copper.
>
> root@esdn-lab:~/gnxi/perf_testing/r740/vpp# ethtool eno3
> Settings for eno3:
> Supported ports: [ TP ]
> Supported link modes:   100baseT/Full
> 1000baseT/Full
> 1baseT/Full
> Supported pause frame use: Symmetric
> Supports auto-negotiation: Yes
> Supported FEC modes: Not reported
> Advertised link modes:  100baseT/Full
> 1000baseT/Full
> 1baseT/Full
> Advertised pause frame use: Symmetric
> Advertised auto-negotiation: Yes
> Advertised FEC modes: Not reported
> Speed: 1Mb/s
> Duplex: Full
> *Port: Twisted Pair*
> PHYAD: 0
> Transceiver: internal
> *Auto-negotiation: on*
> MDI-X: Unknown
> Supports Wake-on: umbg
> Wake-on: g
> Current message level: 0x0007 (7)
>                drv probe link
> Link detected: yes
> root@esdn-lab:~/gnxi/perf_testing/r740/vpp#
>
> not clear if this plays a role or not.
>
> On Thu, Oct 17, 2019 at 2:41 PM Chuan Han via Lists.Fd.Io  google@lists.fd.io> wrote:
>
>> Restarting ixia controller does not help. We ended up with both ixia
>> ports having '!'.
>>
>> We are not sure how ixia port plays a role here. eth0 interfaces are the
>> interfaces connecting two servers, not to ixia.
>>
>> On Thu, Oct 17, 2019 at 11:26 AM Balaji Venkatraman (balajiv) <
>> bala...@cisco.com> wrote:
>>
>>> Hi Chuan,
>>>
>>>
>>>
>>> Could you please try to reset the ixia controller connected to port 4?
>>>
>>> I have seen issues with ‘!’ on ixia. Given the carrier on eth0 is down,
>>> I suspect the ixia port.
>>>
>>>
>>>
>>> --
>>>
>>> Regards,
>>>
>>> Balaji.
>>>
>>>
>>>
>>>
>>>
>>> *From: *Chuan Han 
>>> *Date: *Thursday, October 17, 2019 at 11:09 AM
>>> *To: *"Balaji Venkatraman (balajiv)" 
>>> *Cc: *"vpp-dev@lists.fd.io" , Arivudainambi
>>> Appachi gounder , Jerry Cen 
>>> *Subject: *Re: [vpp-dev] Basic l2 bridging does not work
>>>
>>>
>>>
>>> Yes. It is unidirectional stream from port 1 to port 4.
>>>
>>>
>>>
>>> Another engineer, Nambi, configured ixia. What he showed me yesterday is
>>> that xia port connected to port 1 is green and good. ixia port connected to
>>> port 4 is green but has a red exclamation mark, which means ping does not
>>> work.
>>>
>>>
>>>
>>> We also found eth0 on R230 is down shown by "show hardware eth0"
>>> command. However "show int" shows it is up.
>>>
>>>
>>>
>>>
>>>
>>> vpp# sh hardware-interfaces et

Re: [vpp-dev] Basic l2 bridging does not work

[Chuan Han via Lists.Fd.Io]

ksum
> sctp-cksum
>tcp-tso macsec-insert multi-segs security
> tx offload active: none
> rss avail: ipv4-tcp ipv4-udp ipv4 ipv6-tcp-ex ipv6-udp-ex
> ipv6-tcp
>ipv6-udp ipv6-ex ipv6
> rss active:none
> tx burst function: (nil)
> rx burst function: ixgbe_recv_pkts_vec
>
> rx frames ok   33278
> rx bytes ok  3960082
> extended stats:
>   rx good packets  33278
>   rx good bytes  3960082
>   rx q0packets 33278
>   rx q0bytes 3960082
>   rx size 65 to 127 packets33278
>   rx multicast packets 33278
>   rx total packets 33278
>   rx total bytes 3960082
> vpp# sh int
>   Name   IdxState  MTU (L3/IP4/IP6/MPLS)
> Counter  Count
> eth0  2  up  9000/0/0/0 rx
> packets 33279
> rx
> bytes 3960201
> drops
>  5
> punt
> 1
>
> tx-error   33274
> eth1  1  up  9000/0/0/0 rx
> packets 33274
> rx
> bytes 3959606
> tx
> packets 33273
> tx
> bytes 3959487
> drops
>  33274
>
> tx-error   3
> local00 down  0/0/0/0
> vpp#
>
> On Thu, Oct 17, 2019 at 10:54 AM Balaji Venkatraman (balajiv) <
> bala...@cisco.com> wrote:
>
> Hi Chuan,
>
> I assume u have unidirectional stream ? ixia->1->2->3->4->ixia?
>
>
> vpp# sh int
>   Name   IdxState  MTU (L3/IP4/IP6/MPLS)
> Counter  Count
> eth0  2  up  9000/0/0/0 rx
> packets 30925
> rx
> bytes 3680075
> drops
>  5
> punt
> 1
>
> tx-error   30920
> eth1  1  up  9000/0/0/0 rx
> packets 30920 <<< packets are received on port 3
> rx
> bytes 3679480
> tx
> packets 30919
> tx
> bytes 3679361
> drops
>              30920 <<< all dropped at port 3
>
> tx-error   3
> local00 down  0/0/0/0
>
> On sh error logs on R 230 we see
>
>  1 ethernet-input l3 mac mismatch <<<<
>  3   eth1-output  interface is down
>  30922   eth0-output  interface is down
>
>
> Do u see the arp getting resolved on ixia? The mac on ixia at port with
> 172.16.1.2/24 should be seen on its other port. Are the ixia ports up at
> both ends?
>
>
> --
> Regards,
> Balaji.
>
>
> *From: * on behalf of "Chuan Han via Lists.Fd.Io
> <http://lists.fd.io/>" 
> *Reply-To: *"chuan...@google.com" 
> *Date: *Thursday, October 17, 2019 at 9:59 AM
> *To: *"Balaji Venkatraman (balajiv)" 
> *Cc: *"vpp-dev@lists.fd.io" 
> *Subject: *Re: [vpp-dev] Basic l2 bridging does not work
>
> It seems R740 vpp works fine. All packets coming from port 1 go to port 2.
>
> vpp# sh int
>   Name   IdxState  MTU (L3/IP4/IP6/MPLS)
> Co

Re: [vpp-dev] Basic l2 bridging does not work

[Chuan Han via Lists.Fd.Io]

 9000/0/0/0 rx
> packets 33274
> rx
> bytes 3959606
> tx
> packets 33273
> tx
> bytes 3959487
> drops
>  33274
>
> tx-error   3
> local00 down  0/0/0/0
> vpp#
>
>
>
> On Thu, Oct 17, 2019 at 10:54 AM Balaji Venkatraman (balajiv) <
> bala...@cisco.com> wrote:
>
> Hi Chuan,
>
>
>
> I assume u have unidirectional stream ? ixia->1->2->3->4->ixia?
>
>
>
> vpp# sh int
>   Name   IdxState  MTU (L3/IP4/IP6/MPLS)
> Counter  Count
> eth0  2  up  9000/0/0/0 rx
> packets 30925
> rx
> bytes 3680075
> drops
>  5
> punt
> 1
>
> tx-error   30920
> eth1  1  up  9000/0/0/0 rx
> packets 30920 <<< packets are received on port 3
> rx
> bytes 3679480
> tx
> packets 30919
> tx
> bytes 3679361
>                 drops
>  30920 <<< all dropped at port 3
>
> tx-error   3
> local00 down  0/0/0/0
>
>
>
> On sh error logs on R 230 we see
>
>  1 ethernet-input l3 mac mismatch <<<<
>  3   eth1-output  interface is down
>  30922   eth0-output  interface is down
>
>
>
>
>
> Do u see the arp getting resolved on ixia? The mac on ixia at port with
> 172.16.1.2/24 should be seen on its other port. Are the ixia ports up at
> both ends?
>
>
>
>
>
> --
>
> Regards,
>
> Balaji.
>
>
>
>
>
> *From: * on behalf of "Chuan Han via Lists.Fd.Io"
> 
> *Reply-To: *"chuan...@google.com" 
> *Date: *Thursday, October 17, 2019 at 9:59 AM
> *To: *"Balaji Venkatraman (balajiv)" 
> *Cc: *"vpp-dev@lists.fd.io" 
> *Subject: *Re: [vpp-dev] Basic l2 bridging does not work
>
>
>
> It seems R740 vpp works fine. All packets coming from port 1 go to port
> 2.
>
>
>
> vpp# sh int
>   Name   IdxState  MTU (L3/IP4/IP6/MPLS)
> Counter  Count
> eth0  2  up  9000/0/0/0 tx
> packets 30895
> tx
> bytes 3676505
> eth1  1  up  9000/0/0/0 rx
> packets 30895
> rx
> bytes 3676505
> local00 down  0/0/0/0
> vpp# sh int
>   Name   IdxState  MTU (L3/IP4/IP6/MPLS)
> Counter  Count
> eth0  2  up  9000/0/0/0 tx
> packets 30897
> tx
> bytes 3676743
> eth1  1  up  9000/0/0/0 rx
> packets 30897
> rx
> bytes 3676743
> local00 down  0/0/0/0
> vpp# sh error
>CountNode  Reason
>  30899l2-output   L2 output packets
>  30899l2-learnL2 learn packets
>  1l2-learnL2 learn misses
>  30899l2-inputL2 input packets
>  30899l2-floodL2 flood packets
> vpp#
>
>
>
> The dro

Re: [vpp-dev] Basic l2 bridging does not work

[Chuan Han via Lists.Fd.Io]

I rebooted the r230 machine and found the phy nic corresponding to eth has
autoneg off.

root@esdn-relay:~/gnxi/perf_testing/r230# ethtool enp6s0f1
Settings for enp6s0f1:
Supported ports: [ FIBRE ]
Supported link modes:   1baseT/Full
Supported pause frame use: Symmetric
Supports auto-negotiation: No
Supported FEC modes: Not reported
Advertised link modes:  1baseT/Full
Advertised pause frame use: Symmetric
Advertised auto-negotiation: No
Advertised FEC modes: Not reported
Speed: 1Mb/s
Duplex: Full
*Port: Direct Attach Copper*
PHYAD: 0
Transceiver: internal
*Auto-negotiation: off*
Supports Wake-on: d
Wake-on: d
Current message level: 0x0007 (7)
   drv probe link
Link detected: yes
root@esdn-relay:~/gnxi/perf_testing/r230#

On r740, autoneg is on. It is copper.

root@esdn-lab:~/gnxi/perf_testing/r740/vpp# ethtool eno3
Settings for eno3:
Supported ports: [ TP ]
Supported link modes:   100baseT/Full
1000baseT/Full
1baseT/Full
Supported pause frame use: Symmetric
Supports auto-negotiation: Yes
Supported FEC modes: Not reported
Advertised link modes:  100baseT/Full
1000baseT/Full
1baseT/Full
Advertised pause frame use: Symmetric
Advertised auto-negotiation: Yes
Advertised FEC modes: Not reported
Speed: 1Mb/s
Duplex: Full
*Port: Twisted Pair*
PHYAD: 0
Transceiver: internal
*Auto-negotiation: on*
MDI-X: Unknown
Supports Wake-on: umbg
Wake-on: g
Current message level: 0x0007 (7)
   drv probe link
Link detected: yes
root@esdn-lab:~/gnxi/perf_testing/r740/vpp#

not clear if this plays a role or not.

On Thu, Oct 17, 2019 at 2:41 PM Chuan Han via Lists.Fd.Io  wrote:

> Restarting ixia controller does not help. We ended up with both ixia ports
> having '!'.
>
> We are not sure how ixia port plays a role here. eth0 interfaces are the
> interfaces connecting two servers, not to ixia.
>
> On Thu, Oct 17, 2019 at 11:26 AM Balaji Venkatraman (balajiv) <
> bala...@cisco.com> wrote:
>
>> Hi Chuan,
>>
>>
>>
>> Could you please try to reset the ixia controller connected to port 4?
>>
>> I have seen issues with ‘!’ on ixia. Given the carrier on eth0 is down,
>> I suspect the ixia port.
>>
>>
>>
>> --
>>
>> Regards,
>>
>> Balaji.
>>
>>
>>
>>
>>
>> *From: *Chuan Han 
>> *Date: *Thursday, October 17, 2019 at 11:09 AM
>> *To: *"Balaji Venkatraman (balajiv)" 
>> *Cc: *"vpp-dev@lists.fd.io" , Arivudainambi Appachi
>> gounder , Jerry Cen 
>> *Subject: *Re: [vpp-dev] Basic l2 bridging does not work
>>
>>
>>
>> Yes. It is unidirectional stream from port 1 to port 4.
>>
>>
>>
>> Another engineer, Nambi, configured ixia. What he showed me yesterday is
>> that xia port connected to port 1 is green and good. ixia port connected to
>> port 4 is green but has a red exclamation mark, which means ping does not
>> work.
>>
>>
>>
>> We also found eth0 on R230 is down shown by "show hardware eth0" command.
>> However "show int" shows it is up.
>>
>>
>>
>>
>>
>> vpp# sh hardware-interfaces eth0
>>   NameIdx   Link  Hardware
>> eth0   2down  eth0
>>   Link speed: unknown
>>   Ethernet address b4:96:91:23:1e:d6
>>   Intel 82599
>> carrier down
>> flags: admin-up promisc pmd rx-ip4-cksum
>> rx: queues 1 (max 128), desc 512 (min 32 max 4096 align 8)
>> tx: queues 3 (max 64), desc 512 (min 32 max 4096 align 8)
>> pci: device 8086:154d subsystem 8086:7b11 address :06:00.01 numa 0
>> max rx packet len: 15872
>> promiscuous: unicast on all-multicast on
>> vlan offload: strip off filter off qinq off
>> rx offload avail:  vlan-strip ipv4-cksum udp-cksum tcp-cksum tcp-lro
>>macsec-strip vlan-filter vlan-extend jumbo-frame
>> scatter
>>security keep-crc
>> rx offload active: ipv4-cksum
>> tx offload avail:  vlan-insert ipv4-cksum udp-cksum tcp-cksum
>> sctp-cksum
>>tcp-tso macsec-insert multi-segs security
>> tx offload active: none
>> rss avail:   

Re: [vpp-dev] Basic l2 bridging does not work

[Chuan Han via Lists.Fd.Io]

>2->3->4->ixia?
>
>
>
> vpp# sh int
>   Name   IdxState  MTU (L3/IP4/IP6/MPLS)
> Counter  Count
> eth0  2  up  9000/0/0/0 rx
> packets 30925
> rx
> bytes 3680075
> drops
>  5
> punt
> 1
>
> tx-error   30920
> eth1  1  up  9000/0/0/0 rx
> packets 30920 <<< packets are received on port 3
> rx
> bytes 3679480
> tx
> packets 30919
> tx
> bytes 3679361
> drops
>  30920 <<< all dropped at port 3
>
> tx-error   3
> local0                0 down  0/0/0/0
>
>
>
> On sh error logs on R 230 we see
>
>  1 ethernet-input l3 mac mismatch <<<<
>  3   eth1-output  interface is down
>  30922   eth0-output  interface is down
>
>
>
>
>
> Do u see the arp getting resolved on ixia? The mac on ixia at port with
> 172.16.1.2/24 should be seen on its other port. Are the ixia ports up at
> both ends?
>
>
>
>
>
> --
>
> Regards,
>
> Balaji.
>
>
>
>
>
> *From: * on behalf of "Chuan Han via Lists.Fd.Io"
> 
> *Reply-To: *"chuan...@google.com" 
> *Date: *Thursday, October 17, 2019 at 9:59 AM
> *To: *"Balaji Venkatraman (balajiv)" 
> *Cc: *"vpp-dev@lists.fd.io" 
> *Subject: *Re: [vpp-dev] Basic l2 bridging does not work
>
>
>
> It seems R740 vpp works fine. All packets coming from port 1 go to port
> 2.
>
>
>
> vpp# sh int
>   Name   IdxState  MTU (L3/IP4/IP6/MPLS)
> Counter  Count
> eth0  2  up  9000/0/0/0 tx
> packets 30895
> tx
> bytes 3676505
> eth1  1  up  9000/0/0/0 rx
> packets 30895
> rx
> bytes 3676505
> local00 down  0/0/0/0
> vpp# sh int
>   Name   IdxState  MTU (L3/IP4/IP6/MPLS)
> Counter  Count
> eth0  2  up  9000/0/0/0 tx
> packets 30897
> tx
> bytes 3676743
> eth1  1  up  9000/0/0/0 rx
> packets 30897
> rx
> bytes 3676743
> local00 down  0/0/0/0
> vpp# sh error
>CountNode  Reason
>  30899l2-output   L2 output packets
>  30899l2-learnL2 learn packets
>  1l2-learnL2 learn misses
>  30899l2-inputL2 input packets
>  30899l2-floodL2 flood packets
> vpp#
>
>
>
> The drop happened on R230 vpp. Port 3 dropped all pkts complaining about
> down interface. However, show command shows interfaces are up.
>
>
>
> vpp# sh int
>   Name   IdxState  MTU (L3/IP4/IP6/MPLS)
> Counter  Count
> eth0  2  up  9000/0/0/0 rx
> packets 30925
> rx
> bytes 3680075
> drops
>  5
> punt
> 1
>
> tx-error   30920
> eth1  1  up  9000/0/0/0 rx
> packets 3

Re: [vpp-dev] Basic l2 bridging does not work

[Chuan Han via Lists.Fd.Io]

/0/0/0
>
>
>
> On sh error logs on R 230 we see
>
>  1 ethernet-input l3 mac mismatch <<<<
>  3   eth1-output  interface is down
>  30922   eth0-output  interface is down
>
>
>
>
>
> Do u see the arp getting resolved on ixia? The mac on ixia at port with
> 172.16.1.2/24 should be seen on its other port. Are the ixia ports up at
> both ends?
>
>
>
>
>
> --
>
> Regards,
>
> Balaji.
>
>
>
>
>
> *From: * on behalf of "Chuan Han via Lists.Fd.Io"
> 
> *Reply-To: *"chuan...@google.com" 
> *Date: *Thursday, October 17, 2019 at 9:59 AM
> *To: *"Balaji Venkatraman (balajiv)" 
> *Cc: *"vpp-dev@lists.fd.io" 
> *Subject: *Re: [vpp-dev] Basic l2 bridging does not work
>
>
>
> It seems R740 vpp works fine. All packets coming from port 1 go to port
> 2.
>
>
>
> vpp# sh int
>   Name   IdxState  MTU (L3/IP4/IP6/MPLS)
> Counter  Count
> eth0  2  up  9000/0/0/0 tx
> packets 30895
> tx
> bytes 3676505
> eth1  1  up  9000/0/0/0 rx
> packets 30895
> rx
> bytes 3676505
> local00 down  0/0/0/0
> vpp# sh int
>   Name   IdxState  MTU (L3/IP4/IP6/MPLS)
> Counter  Count
> eth0  2  up  9000/0/0/0 tx
> packets 30897
> tx
> bytes 3676743
> eth1  1  up  9000/0/0/0 rx
> packets 30897
> rx
> bytes 3676743
> local00 down  0/0/0/0
> vpp# sh error
>CountNode  Reason
>  30899l2-output   L2 output packets
>  30899l2-learnL2 learn packets
>  1l2-learnL2 learn misses
>  30899l2-inputL2 input packets
>  30899l2-floodL2 flood packets
> vpp#
>
>
>
> The drop happened on R230 vpp. Port 3 dropped all pkts complaining about
> down interface. However, show command shows interfaces are up.
>
>
>
> vpp# sh int
>   Name   IdxState  MTU (L3/IP4/IP6/MPLS)
> Counter  Count
> eth0  2  up  9000/0/0/0 rx
> packets 30925
> rx
> bytes 3680075
> drops
>  5
> punt
> 1
>
> tx-error   30920
> eth1  1  up  9000/0/0/0 rx
> packets 30920
> rx
> bytes 3679480
> tx
> packets 30919
> tx
> bytes 3679361
> drops
>  30920
>
> tx-error   3
> local00 down  0/0/0/0
> vpp# sh error
>CountNode  Reason
>  2llc-input   unknown llc ssap/dsap
>  61846l2-output   L2 output packets
>  61846l2-learnL2 learn packets
>  2l2-learnL2 learn misses
>  61846l2-inputL2 input packets
>  61846l2-floodL2 flood packets
>  1 ethernet-input l3 mac mismatch
>  3   eth1-output  interface is down
>  30922   eth0-output  interface is down
> vpp#
>
>
>
> Not sure how to check mac issues. Can you explain a bit more? He

Re: [vpp-dev] Basic l2 bridging does not work

[Chuan Han via Lists.Fd.Io]

On R230, we have the following. Not sure why eth0 is down. I used the same
setup for L3 routing measurement. Everything worked fine.

vpp# sh hardware-interfaces eth0
  NameIdx   Link  Hardware
eth0   2down  eth0
  Link speed: unknown
  Ethernet address b4:96:91:23:1e:d6
  Intel 82599
*carrier down <= How can this be done? *
flags: admin-up promisc pmd rx-ip4-cksum
rx: queues 1 (max 128), desc 512 (min 32 max 4096 align 8)
tx: queues 3 (max 64), desc 512 (min 32 max 4096 align 8)
pci: device 8086:154d subsystem 8086:7b11 address :06:00.01 numa 0
max rx packet len: 15872
promiscuous: unicast on all-multicast on
vlan offload: strip off filter off qinq off
rx offload avail:  vlan-strip ipv4-cksum udp-cksum tcp-cksum tcp-lro
   macsec-strip vlan-filter vlan-extend jumbo-frame
scatter
   security keep-crc
rx offload active: ipv4-cksum
tx offload avail:  vlan-insert ipv4-cksum udp-cksum tcp-cksum
sctp-cksum
   tcp-tso macsec-insert multi-segs security
tx offload active: none
rss avail: ipv4-tcp ipv4-udp ipv4 ipv6-tcp-ex ipv6-udp-ex
ipv6-tcp
   ipv6-udp ipv6-ex ipv6
rss active:none
tx burst function: (nil)
rx burst function: ixgbe_recv_pkts_vec

rx frames ok   32770
rx bytes ok  3899630
extended stats:
  rx good packets  32770
  rx good bytes  3899630
  rx q0packets 32770
  rx q0bytes 3899630
  rx size 65 to 127 packets32770
  rx multicast packets 32770
  rx total packets 32770
  rx total bytes 3899630
vpp#

On Thu, Oct 17, 2019 at 10:47 AM Damjan Marion  wrote:

>
>
> On 17 Oct 2019, at 09:59, Chuan Han  wrote:
>
> It seems R740 vpp works fine. All packets coming from port 1 go to port 2.
>
> vpp# sh int
>   Name   IdxState  MTU (L3/IP4/IP6/MPLS)
> Counter  Count
> eth0  2  up  9000/0/0/0 tx
> packets 30895
> tx
> bytes 3676505
> eth1  1  up  9000/0/0/0 rx
> packets 30895
> rx
> bytes 3676505
> local00 down  0/0/0/0
> vpp# sh int
>   Name   IdxState  MTU (L3/IP4/IP6/MPLS)
> Counter  Count
> eth0  2  up  9000/0/0/0 tx
> packets 30897
> tx
> bytes 3676743
> eth1  1  up  9000/0/0/0 rx
> packets 30897
> rx
> bytes 3676743
> local00 down  0/0/0/0
> vpp# sh error
>CountNode  Reason
>  30899l2-output   L2 output packets
>  30899l2-learnL2 learn packets
>  1l2-learnL2 learn misses
>  30899l2-inputL2 input packets
>  30899l2-floodL2 flood packets
> vpp#
>
> The drop happened on R230 vpp. Port 3 dropped all pkts complaining about
> down interface. However, show command shows interfaces are up.
>
>
> Can you capture "show hardware eth0" ?
>
> --
> Damjan
>
>
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.

View/Reply Online (#14205): https://lists.fd.io/g/vpp-dev/message/14205
Mute This Topic: https://lists.fd.io/mt/34655826/21656
Group Owner: vpp-dev+ow...@lists.fd.io
Unsubscribe: https://lists.fd.io/g/vpp-dev/unsub  [arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

Re: [vpp-dev] Basic l2 bridging does not work

[Chuan Han via Lists.Fd.Io]

   IXIA  |
>
> | |
>
> | |
>
> +---^-+
>
> |172.16.1.1/24  |
> 172.16.1.2/24
>
> |   |
>
> |   |
>
> |eth0   | eth0
>
> +---v-+++---+
>
> |   1 ||4   |
>
> | |||
>
> | |||
>
> | |||
>
> | |eth1  eth1  ||
>
> |VPP1   2 +> 3VPP 2 |
>
> | |||
>
> | |||
>
> | |||
>
> | |||
>
> +-+++
>
>  R 740   R 230
>
>
>
>
>
> Might help if you could check if the packet counts at ingress (port 1) &
> egress (port 2) match. Similarly 3 & 4. And the mac entries seen on both
> vpp(s). ARP req/rep tracing might also help.
>
>
>
>
>
> /-
>
> Balaji
>
>
>
>
>
>
>
>
>
> *From: * on behalf of "Damjan Marion via Lists.Fd.Io"
> 
> *Reply-To: *"dmar...@me.com" 
> *Date: *Wednesday, October 16, 2019 at 5:12 PM
> *To: *"chuan...@google.com" 
> *Cc: *"vpp-dev@lists.fd.io" 
> *Subject: *Re: [vpp-dev] Basic l2 bridging does not work
>
>
>
>
>
> On 16 Oct 2019, at 16:14, Chuan Han via Lists.Fd.Io <
> chuanhan=google@lists.fd.io> wrote:
>
>
>
> Hi, vpp experts,
>
>
>
> We are trying to make basic l2 bridge works within vpp.
>
>
>
> We have two servers: r230 and r740, each of which has two phy nics. Two
> servers are connected via cable. On each server, we bring these two nics
> into the same vpp instance and put them into the same l2 bridge. We tried
> sending traffic using ixia. However, ixia shows ping does not work.
>
>
>
> I attached the topology, vpp conf files, startup conf file, and logs.
>
>
>
> Please advise where we could make it wrong.
>
>
>
> Thanks.
>
> Chuan
>
>  startup.cfg> bridge.pdf>-=-=-=-=-=-=-=-=-=-=-=-
> Links: You receive all messages sent to this group.
>
> View/Reply Online (#14189): https://lists.fd.io/g/vpp-dev/message/14189
> Mute This Topic: https://lists.fd.io/mt/34655826/675642
> Group Owner: vpp-dev+ow...@lists.fd.io
> Unsubscribe: https://lists.fd.io/g/vpp-dev/unsub  [dmar...@me.com]
> -=-=-=-=-=-=-=-=-=-=-=-
>
>
>
> On the 1st look everything look ok including the packet trace.
>
> Can you try to clear counters* and enable packet trace on both instances.
>
> Then send known number of packets and find put where drop happens by
> looking into same outputs you already shared.
>
>
>
> * "clear int", "clear run", "clear trace"
>
>
>
> --
> Damjan
>
>
>
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.

View/Reply Online (#14202): https://lists.fd.io/g/vpp-dev/message/14202
Mute This Topic: https://lists.fd.io/mt/34655826/21656
Group Owner: vpp-dev+ow...@lists.fd.io
Unsubscribe: https://lists.fd.io/g/vpp-dev/unsub  [arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[vpp-dev] Basic l2 bridging does not work

[Chuan Han via Lists.Fd.Io]

Hi, vpp experts,

We are trying to make basic l2 bridge works within vpp.

We have two servers: r230 and r740, each of which has two phy nics. Two
servers are connected via cable. On each server, we bring these two nics
into the same vpp instance and put them into the same l2 bridge. We tried
sending traffic using ixia. However, ixia shows ping does not work.

I attached the topology, vpp conf files, startup conf file, and logs.

Please advise where we could make it wrong.

Thanks.
Chuan


r230 vpp.conf
Description: Binary data


r740 vpp.conf
Description: Binary data


r230 vpp startup.cfg
Description: Binary data


r740 vpp startup.cfg
Description: Binary data
vpp# sh int 
  Name   IdxState  MTU (L3/IP4/IP6/MPLS) Counter  Count 
eth0  2  up  9000/0/0/0 rx packets   624
rx bytes   73430
tx packets10
tx bytes1190
eth1  1  up  9000/0/0/0 rx packets10
rx bytes1190
tx packets   624
tx bytes   73430
local00 down  0/0/0/0   
vpp# sh error   
   CountNode  Reason
   636l2-output   L2 output packets 
   636l2-learnL2 learn packets

Re: [vpp-dev] How to configure l2 gre over ipsec in vpp 19.08

[Chuan Han via Lists.Fd.Io]

Hi, Neale/vpp experts,

Can you help check why the receiving side drops all the incoming pkts
because of unknown ip protocol?

I looked at TestIpsecGreTebIfEsp, but had no clue how it is mapped to cli
commands.

I am new to vpp.

Thanks.
Chuan

On Fri, Oct 4, 2019 at 11:41 AM Chuan Han via Lists.Fd.Io  wrote:

> Thanks for helping.
>
> I removed spd configs on both sides, but still no luck. I am pinging from
> r230 side.
>
> It seems r230 is able to sending ping pkts over dpdk interface. However,
> on r740 side, gre0 interface drops all of them. See the attached updated
> cfg files and log files for more details.
>
>   IPSec: remote:10.10.10.11 spi:255129 (0x0003e499) seq 418
> 00:06:52:367944: esp4-decrypt-tun
>   esp: crypto aes-cbc-128 integrity sha1-96 pkt-seq 418 sa-seq 0 sa-seq-hi
> 0
> 00:06:52:367948: ip4-input-no-checksum
>   GRE: 10.10.10.11 -> 10.10.10.10
> tos 0x00, ttl 254, length 66, checksum 0x9464
> fragment id 0x
>   GRE teb
> 00:06:52:367948: ip4-not-enabled
> GRE: 10.10.10.11 -> 10.10.10.10
>   tos 0x00, ttl 254, length 66, checksum 0x9464
>   fragment id 0x
> GRE teb
> 00:06:52:367948: error-drop
>   rx:gre0
> 00:06:52:367949: drop
>   ip4-input: unknown ip protocol
>
>
> On Fri, Oct 4, 2019 at 8:39 AM Neale Ranns (nranns) 
> wrote:
>
>>
>>
>> Hi Chuan,
>>
>>
>>
>> Please remove the SPD config. For tunnels all packets that ingress/egress
>> the tunnel are decrypted/encrypted, so no policy is required. The presence
>> of the SPD on the ingress eth0 link could be why it’s not working.
>>
>> Please provide packet traces when you are reporting packet loss problems,
>> it helps us debug.
>>
>>
>>
>> For reference the setup for GRE TEB IPSec can be found in the python UT
>> TestIpsecGreTebIfEsp.
>>
>>
>>
>> Regards,
>>
>> neale
>>
>>
>>
>>
>>
>> *From: * on behalf of "Chuan Han via Lists.Fd.Io"
>> 
>> *Reply to: *"chuan...@google.com" 
>> *Date: *Friday 4 October 2019 at 02:15
>> *To: *"John Lo (loj)" 
>> *Cc: *"vpp-dev@lists.fd.io" 
>> *Subject: *Re: [vpp-dev] How to configure l2 gre over ipsec in vpp 19.08
>>
>>
>>
>> Hi,
>>
>>
>>
>> Thanks for information.
>>
>>
>>
>> I am trying to configure l2 gre over ipsec transport mode.
>>
>>
>>
>> Here are my startup.cfg files. Can you help check if my configuration is
>> correct or not?
>>
>>
>>
>> r230 and r740 are two servers which are directly connected.
>>
>>
>>
>> eth0 is the phy nic. host-veth1 is one endpoint of veth pair. the other
>> end is connected to a network namespace with ip address 172.16.1.2.
>>
>>
>>
>> From the network namespace, I cannot ping the other end 172.16.1.1.
>>
>>
>>
>> On r230, I can see  unknown ip protocol errors.
>>
>> vpp# sh errors
>>CountNode  Reason
>>  5null-node   blackholed packets
>>  5  ipsec4-output-feature IPSec policy (no match)
>>  1esp4-decrypt-tunESP pkts received
>>  1ipsec4-tun-inputgood packets received
>>  1  ipsec4-input-feature  IPSEC pkts received
>>  1ip4-input   unknown ip protocol
>>592gre-encap   GRE output packets
>> encapsulated
>>592  ipsec4-output-feature IPSec policy bypass
>>592esp4-encrypt-tunESP pkts received
>>592l2-output   L2 output packets
>>592l2-learnL2 learn packets
>>  1l2-learnL2 learn misses
>>592l2-inputL2 input packets
>>592l2-floodL2 flood packets
>> vpp# sh int
>>   Name   IdxState  MTU (L3/IP4/IP6/MPLS)
>> Counter  Count
>> eth0  1  up  9000/0/0/0 rx
>> packets 1
>> rx
>> bytes 166
>> tx
>> packets   592
>> 

Re: [vpp-dev] How to configure 256 bit crypto algorithm for ipsec

[Chuan Han via Lists.Fd.Io]

A11E51E5B111 is from one of the online examples for gcm 256.

2b7e151628aed2a6abf7158809cf4f3d2b7e151628aed2a6abf7158809cf4f3d works.

Thanks for catching the mistakes.


On Sun, Oct 6, 2019 at 6:28 PM Christian Hopps  wrote:

> So you had:   crypto-key 2b7e151628aed2a6abf7158809cf4f3d
> Now you "doubled" it and got: crypto-key A11E51E5B111
>
> ? :)
>
> Try crypto-key
> 2b7e151628aed2a6abf7158809cf4f3d2b7e151628aed2a6abf7158809cf4f3d
>
> A 128 bit algorithm needs a 16 byte key (128b=16B) a 265 bit algorithm
> needs a 32B key (256b=32B)
>
> Thanks,
> Chris.
>
> > On Oct 6, 2019, at 6:57 PM, Chuan Han  wrote:
> >
> > double key size does not work.
> >
> > ipsec sa add 1 spi 255128 esp tunnel-src 10.10.10.10 tunnel-dst
> 10.10.10.11 crypto-key A11E51E5B111 crypto-alg aes-gcm-256
> > ipsec sa add 2 spi 255129 esp tunnel-src 10.10.10.11 tunnel-dst
> 10.10.10.10 crypto-key A11E51E5B111 crypto-alg aes-gcm-256
> >
> > I got the following errors:
> >
> > 000:41:02.7 --master-lcore 2
> > host-veth1
> > ipsec sa: failed
> >
> > The full config is as follows:
> >
> > set int state eth0 up
> > set int ip address eth0 10.10.10.10/24
> >
> > set int promiscuous on eth0
> >
> > set ip arp eth0 10.10.10.11 b4:96:91:23:1e:d6
> >
> > create host-interface name veth1
> > set int state host-veth1 up
> > set int ip address host-veth1 172.16.1.1/24
> > set ip arp host-veth1 172.16.1.2 d6:4b:87:30:6a:60
> >
> >
> > ip route add 172.16.2.2/24 via 10.10.10.11 eth0
> >
> >
> > ipsec spd add 1
> > set interface ipsec spd eth0 1
> >
> > ipsec sa add 1 spi 255128 esp tunnel-src 10.10.10.10 tunnel-dst
> 10.10.10.11 crypto-key A11E51E5B111 crypto-alg aes-gcm-256
> > ipsec sa add 2 spi 255129 esp tunnel-src 10.10.10.11 tunnel-dst
> 10.10.10.10 crypto-key A11E51E5B111 crypto-alg aes-gcm-256
> >
> > ipsec policy add spd 1 outbound priority 90 protocol 50 action bypass
> local-ip-range 0.0.0.0-255.255.255.255 remote-ip-range
> 0.0.0.0-255.255.255.255
> > ipsec policy add spd 1 inbound priority 90 protocol 50 action bypass
> local-ip-range 0.0.0.0-255.255.255.255 remote-ip-range
> 0.0.0.0-255.255.255.255
> >
> > ipsec policy add spd 1 priority 10 inbound action protect sa 2
> local-ip-range 0.0.0.0-255.255.255.255 remote-ip-range
> 172.16.2.1-172.16.2.255
> > ipsec policy add spd 1 priority 10 outbound action protect sa 1
> local-ip-range 0.0.0.0-255.255.255.255 remote-ip-range
> 172.16.2.1-172.16.2.255
> >
> > On Fri, Oct 4, 2019 at 7:52 PM Christian Hopps 
> wrote:
> > Double your key length. Probably better to switch to GCM (aes-gcm-256)
> and drop the separate integrity algorithm too.
> >
> > Thanks,
> > Chris.
> >
> > > On Oct 4, 2019, at 7:23 PM, Chuan Han via Lists.Fd.Io  google@lists.fd.io> wrote:
> > >
> > > Hi,
> > >
> > > I want to use 256 bit crypto algorithm in my ipsec config.
> > >
> > > I have something like this:
> > > ipsec sa add 1 spi 255128 esp tunnel-src 10.10.10.10 tunnel-dst
> 10.10.10.11 crypto-key 2b7e151628aed2a6abf7158809cf4f3d crypto-alg
> aes-cbc-256 integ-key 6867666568676665686766656867666568676669 integ-alg
> sha1-96
> > >
> > > However, it gives me an error when I start vpp.
> > >
> > > ipsec sa: failed
> > >
> > > ipsec is not configured after the failure.
> > >
> > > vpp# sh ipsec all
> > > spd 1
> > >  ip4-outbound:
> > >  ip6-outbound:
> > >  ip4-inbound-protect:
> > >  ip6-inbound-protect:
> > >  ip4-inbound-bypass:
> > >  ip6-inbound-bypass:
> > > SPD Bindings:
> > >   1 -> eth0
> > > Tunnel interfaces
> > > vpp#
> > >
> > > When I change 256 to 128, everything works fine. Does this mean vpp
> ipsec only supports 128 ciphers? Or, I made some stupid mistakes?
> > >
> > > If I want to configure 256 bit ciphers, what shall I do?
> > >
> > > I attached the bad cfg file with 256 bit cipher, and good cfg file
> with 128 bit cipher.
> > >
> > > Thanks.
> > > Chuan
> > > -=-=-=-=-=-=-=-=-=-=-=-
> > > Links: You receive all messages sent to this group.
> > >
> > > View/Reply Online (#14124):
> https://lists.fd.io/g/vpp-dev/message/14124
> > > Mute This Topic: https://lists.fd.io/mt/34400077/1826170
> > > Group Owner: vpp-dev+ow...@lists.fd.io
> > > Unsubscribe: https://lists.fd.io/g/vpp-dev/unsub  [cho...@chopps.org]
> > > -=-=-=-=-=-=-=-=-=-=-=-
> >
>
>
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.

View/Reply Online (#14129): https://lists.fd.io/g/vpp-dev/message/14129
Mute This Topic: https://lists.fd.io/mt/34400077/21656
Group Owner: vpp-dev+ow...@lists.fd.io
Unsubscribe: https://lists.fd.io/g/vpp-dev/unsub  [arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

Re: [vpp-dev] How to configure 256 bit crypto algorithm for ipsec

[Chuan Han via Lists.Fd.Io]

double key size does not work.

ipsec sa add 1 spi 255128 esp tunnel-src 10.10.10.10 tunnel-dst 10.10.10.11
crypto-key A11E51E5B111 crypto-alg aes-gcm-256
ipsec sa add 2 spi 255129 esp tunnel-src 10.10.10.11 tunnel-dst 10.10.10.10
crypto-key A11E51E5B111 crypto-alg aes-gcm-256

I got the following errors:

000:41:02.7 --master-lcore 2
host-veth1
ipsec sa: failed

The full config is as follows:

set int state eth0 up
set int ip address eth0 10.10.10.10/24

set int promiscuous on eth0

set ip arp eth0 10.10.10.11 b4:96:91:23:1e:d6

create host-interface name veth1
set int state host-veth1 up
set int ip address host-veth1 172.16.1.1/24
set ip arp host-veth1 172.16.1.2 d6:4b:87:30:6a:60


ip route add 172.16.2.2/24 via 10.10.10.11 eth0


ipsec spd add 1
set interface ipsec spd eth0 1

ipsec sa add 1 spi 255128 esp tunnel-src 10.10.10.10 tunnel-dst 10.10.10.11
crypto-key A11E51E5B111 crypto-alg aes-gcm-256
ipsec sa add 2 spi 255129 esp tunnel-src 10.10.10.11 tunnel-dst 10.10.10.10
crypto-key A11E51E5B111 crypto-alg aes-gcm-256

ipsec policy add spd 1 outbound priority 90 protocol 50 action bypass
local-ip-range 0.0.0.0-255.255.255.255 remote-ip-range
0.0.0.0-255.255.255.255
ipsec policy add spd 1 inbound priority 90 protocol 50 action bypass
local-ip-range 0.0.0.0-255.255.255.255 remote-ip-range
0.0.0.0-255.255.255.255

ipsec policy add spd 1 priority 10 inbound action protect sa 2
local-ip-range 0.0.0.0-255.255.255.255 remote-ip-range
172.16.2.1-172.16.2.255
ipsec policy add spd 1 priority 10 outbound action protect sa 1
local-ip-range 0.0.0.0-255.255.255.255 remote-ip-range
172.16.2.1-172.16.2.255

On Fri, Oct 4, 2019 at 7:52 PM Christian Hopps  wrote:

> Double your key length. Probably better to switch to GCM (aes-gcm-256) and
> drop the separate integrity algorithm too.
>
> Thanks,
> Chris.
>
> > On Oct 4, 2019, at 7:23 PM, Chuan Han via Lists.Fd.Io  google@lists.fd.io> wrote:
> >
> > Hi,
> >
> > I want to use 256 bit crypto algorithm in my ipsec config.
> >
> > I have something like this:
> > ipsec sa add 1 spi 255128 esp tunnel-src 10.10.10.10 tunnel-dst
> 10.10.10.11 crypto-key 2b7e151628aed2a6abf7158809cf4f3d crypto-alg
> aes-cbc-256 integ-key 6867666568676665686766656867666568676669 integ-alg
> sha1-96
> >
> > However, it gives me an error when I start vpp.
> >
> > ipsec sa: failed
> >
> > ipsec is not configured after the failure.
> >
> > vpp# sh ipsec all
> > spd 1
> >  ip4-outbound:
> >  ip6-outbound:
> >  ip4-inbound-protect:
> >  ip6-inbound-protect:
> >  ip4-inbound-bypass:
> >  ip6-inbound-bypass:
> > SPD Bindings:
> >   1 -> eth0
> > Tunnel interfaces
> > vpp#
> >
> > When I change 256 to 128, everything works fine. Does this mean vpp
> ipsec only supports 128 ciphers? Or, I made some stupid mistakes?
> >
> > If I want to configure 256 bit ciphers, what shall I do?
> >
> > I attached the bad cfg file with 256 bit cipher, and good cfg file with
> 128 bit cipher.
> >
> > Thanks.
> > Chuan
> > -=-=-=-=-=-=-=-=-=-=-=-
> > Links: You receive all messages sent to this group.
> >
> > View/Reply Online (#14124): https://lists.fd.io/g/vpp-dev/message/14124
> > Mute This Topic: https://lists.fd.io/mt/34400077/1826170
> > Group Owner: vpp-dev+ow...@lists.fd.io
> > Unsubscribe: https://lists.fd.io/g/vpp-dev/unsub  [cho...@chopps.org]
> > -=-=-=-=-=-=-=-=-=-=-=-
>
>
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.

View/Reply Online (#14127): https://lists.fd.io/g/vpp-dev/message/14127
Mute This Topic: https://lists.fd.io/mt/34400077/21656
Group Owner: vpp-dev+ow...@lists.fd.io
Unsubscribe: https://lists.fd.io/g/vpp-dev/unsub  [arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[vpp-dev] How to configure 256 bit crypto algorithm for ipsec

[Chuan Han via Lists.Fd.Io]

Hi,

I want to use 256 bit crypto algorithm in my ipsec config.

I have something like this:
ipsec sa add 1 spi 255128 esp tunnel-src 10.10.10.10 tunnel-dst 10.10.10.11
crypto-key 2b7e151628aed2a6abf7158809cf4f3d crypto-alg aes-cbc-256
integ-key 6867666568676665686766656867666568676669 integ-alg sha1-96

However, it gives me an error when I start vpp.

ipsec sa: failed

ipsec is not configured after the failure.

vpp# sh ipsec all
spd 1
 ip4-outbound:
 ip6-outbound:
 ip4-inbound-protect:
 ip6-inbound-protect:
 ip4-inbound-bypass:
 ip6-inbound-bypass:
SPD Bindings:
  1 -> eth0
Tunnel interfaces
vpp#

When I change 256 to 128, everything works fine. Does this mean vpp ipsec
only supports 128 ciphers? Or, I made some stupid mistakes?

If I want to configure 256 bit ciphers, what shall I do?

I attached the bad cfg file with 256 bit cipher, and good cfg file with 128
bit cipher.

Thanks.
Chuan


bad.cfg
Description: Binary data


good.cfg
Description: Binary data
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.

View/Reply Online (#14124): https://lists.fd.io/g/vpp-dev/message/14124
Mute This Topic: https://lists.fd.io/mt/34400077/21656
Group Owner: vpp-dev+ow...@lists.fd.io
Unsubscribe: https://lists.fd.io/g/vpp-dev/unsub  [arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

Re: [vpp-dev] How to configure l2 gre over ipsec in vpp 19.08

[Chuan Han via Lists.Fd.Io]

Thanks for helping.

I removed spd configs on both sides, but still no luck. I am pinging from
r230 side.

It seems r230 is able to sending ping pkts over dpdk interface. However, on
r740 side, gre0 interface drops all of them. See the attached updated cfg
files and log files for more details.

  IPSec: remote:10.10.10.11 spi:255129 (0x0003e499) seq 418
00:06:52:367944: esp4-decrypt-tun
  esp: crypto aes-cbc-128 integrity sha1-96 pkt-seq 418 sa-seq 0 sa-seq-hi 0
00:06:52:367948: ip4-input-no-checksum
  GRE: 10.10.10.11 -> 10.10.10.10
tos 0x00, ttl 254, length 66, checksum 0x9464
fragment id 0x
  GRE teb
00:06:52:367948: ip4-not-enabled
GRE: 10.10.10.11 -> 10.10.10.10
  tos 0x00, ttl 254, length 66, checksum 0x9464
  fragment id 0x
GRE teb
00:06:52:367948: error-drop
  rx:gre0
00:06:52:367949: drop
  ip4-input: unknown ip protocol


On Fri, Oct 4, 2019 at 8:39 AM Neale Ranns (nranns) 
wrote:

>
>
> Hi Chuan,
>
>
>
> Please remove the SPD config. For tunnels all packets that ingress/egress
> the tunnel are decrypted/encrypted, so no policy is required. The presence
> of the SPD on the ingress eth0 link could be why it’s not working.
>
> Please provide packet traces when you are reporting packet loss problems,
> it helps us debug.
>
>
>
> For reference the setup for GRE TEB IPSec can be found in the python UT
> TestIpsecGreTebIfEsp.
>
>
>
> Regards,
>
> neale
>
>
>
>
>
> *From: * on behalf of "Chuan Han via Lists.Fd.Io"
> 
> *Reply to: *"chuan...@google.com" 
> *Date: *Friday 4 October 2019 at 02:15
> *To: *"John Lo (loj)" 
> *Cc: *"vpp-dev@lists.fd.io" 
> *Subject: *Re: [vpp-dev] How to configure l2 gre over ipsec in vpp 19.08
>
>
>
> Hi,
>
>
>
> Thanks for information.
>
>
>
> I am trying to configure l2 gre over ipsec transport mode.
>
>
>
> Here are my startup.cfg files. Can you help check if my configuration is
> correct or not?
>
>
>
> r230 and r740 are two servers which are directly connected.
>
>
>
> eth0 is the phy nic. host-veth1 is one endpoint of veth pair. the other
> end is connected to a network namespace with ip address 172.16.1.2.
>
>
>
> From the network namespace, I cannot ping the other end 172.16.1.1.
>
>
>
> On r230, I can see  unknown ip protocol errors.
>
> vpp# sh errors
>CountNode  Reason
>  5null-node   blackholed packets
>  5  ipsec4-output-feature IPSec policy (no match)
>  1esp4-decrypt-tunESP pkts received
>  1ipsec4-tun-inputgood packets received
>  1  ipsec4-input-feature  IPSEC pkts received
>  1ip4-input   unknown ip protocol
>592gre-encap   GRE output packets
> encapsulated
>592  ipsec4-output-feature IPSec policy bypass
>592esp4-encrypt-tunESP pkts received
>592l2-output   L2 output packets
>592l2-learnL2 learn packets
>  1l2-learnL2 learn misses
>592l2-inputL2 input packets
>592l2-floodL2 flood packets
> vpp# sh int
>   Name   IdxState  MTU (L3/IP4/IP6/MPLS)
> Counter  Count
> eth0  1  up  9000/0/0/0 rx
> packets 1
> rx
> bytes 166
> tx
> packets   592
> tx
> bytes   88816
> drops
>  5
> ip4
>  1
>
> rx-error   1
> gre0  3  up  9000/0/0/0 drops
>  1
> ip4
>  1
> host-veth12  up  9000/0/0/0 rx
> packets   592
> rx
> bytes   24892
> local00 down  0/0/0/0
> vpp# sh errors
>

Re: [vpp-dev] How to configure l2 gre over ipsec in vpp 19.08

[Chuan Han via Lists.Fd.Io]

592esp4-decrypt-tunESP pkts received
   592ipsec4-tun-inputgood packets received
   592  ipsec4-input-feature  IPSEC pkts received
   592ip4-input   unknown ip protocol
 1gre-encap   GRE output packets
encapsulated
 1  ipsec4-output-feature IPSec policy bypass
 1esp4-encrypt-tunESP pkts received
 1l2-output   L2 output packets
 1l2-learnL2 learn packets
 1l2-learnL2 learn misses
 1l2-inputL2 input packets
 1l2-floodL2 flood packets
vpp#

On Wed, Oct 2, 2019 at 9:13 AM John Lo (loj)  wrote:

> To create GRE tunnel in L2 mode, you can add “teb” keyword in the create
> CLI which makes the GRE tunnel work in transparent ethernet bridging mode:
>
>
>
> vpp# create gre ?
>
>   create gre tunnelcreate gre tunnel src 
> dst  [instance ] [outer-fib-id ] [*teb* | erspan
> ] [del]
>
>
>
> In theory, a GRE tunnel can be configured with IPSec, as described by
> Neale, irrespective of it being in teb mode or not.  Neale, please correct
> me if it is not the case.
>
>
>
> Regards,
>
> John
>
>
>
> *From:* vpp-dev@lists.fd.io  *On Behalf Of *Chuan
> Han via Lists.Fd.Io
> *Sent:* Wednesday, October 02, 2019 11:32 AM
> *To:* Neale Ranns (nranns) 
> *Cc:* vpp-dev@lists.fd.io
> *Subject:* Re: [vpp-dev] How to configure l2 gre over ipsec in vpp 19.08
>
>
>
> Gre is l3 in this case. Right? This limits the possible use cases.
>
>
>
> Is there any plan to support l2 gre over ipsec transport mode? It seems
> vpp 17 support s this feature. Not sure why it is dropped in 19.
>
>
>
> On Wed, Oct 2, 2019, 12:18 AM Neale Ranns (nranns) 
> wrote:
>
>
> Hi Chuan,
>
> IPSec and GRE is supported using the tunnel protection mechanism :
>   https://wiki.fd.io/view/VPP/IPSec
>
> GRE over IPSec is only support when the SA is in tunnel mode. This means
> there is a double encap of the IP header ; once by the SA (in tunnel mode)
> and once by the tunnel itself. (Which has always been the case in VPP).
>
> Example config follows :
>
>   DBGvpp# ipsec sa add 20 spi 200 crypto-key
> 6541686776336961656264656f6f6579 crypto-alg aes-cbc-128 tunnel-src
> 10.10.10.10 tunnel-dst 10.10.10.11
>   DBGvpp# ipsec sa add 30 spi 300 crypto-key
> 6541686776336961656264656f6f6579 crypto-alg aes-cbc-128 tunnel-src
> 10.10.10.11 tunnel-dst 10.10.10.10
>   DBGvpp# create gre tunnel src 10.10.10.10 dst 10.10.10.11
> gre0
>   DBGvpp# ipsec tunnel protect gre0 sa-in 20 sa-out 30
>   DBGvpp# sh ipsec protect
>   gre0
>output-sa:
>     [1] sa 30 (0x1e) spi 300 (0x012c) protocol:esp flags:[tunnel ]
>input-sa:
> [0] sa 20 (0x14) spi 200 (0x00c8) protocol:esp flags:[tunnel
> Protect ]
>
> Regards,
> neale
>
>
> From:  on behalf of "Chuan Han via Lists.Fd.Io"
> 
> Reply to: "chuan...@google.com" 
> Date: Wednesday 2 October 2019 at 02:08
> To: "vpp-dev@lists.fd.io" 
> Cc: "vpp-dev@lists.fd.io" 
> Subject: [vpp-dev] How to configure l2 gre over ipsec in vpp 19.08
>
> Hi, vpp experts,
>
> I am trying to configure l2 gre over ipsec. I followed the steps here:
> https://docs.fd.io/vpp/16.12/ipsec_gre_doc.html
>
> I hit the following error:
> create ipsec: unknown input `gre tunnel src 10.10.10.10 dst...'
>
> My vpp version is v19.08.1-release
>
> It seems on this version the "create ipsec gre tunnel" command does not
> work. If so, is there any other way of configuring l2 gre over ipsec in
> 19.08?
>
> Please advise.
>
> Thanks.
> Chuan
>
>


r740.cfg
Description: Binary data


r230.cfg
Description: Binary data
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.

View/Reply Online (#14112): https://lists.fd.io/g/vpp-dev/message/14112
Mute This Topic: https://lists.fd.io/mt/34364734/21656
Group Owner: vpp-dev+ow...@lists.fd.io
Unsubscribe: https://lists.fd.io/g/vpp-dev/unsub  [arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

Re: [vpp-dev] How to configure l2 gre over ipsec in vpp 19.08

[Chuan Han via Lists.Fd.Io]

Gre is l3 in this case. Right? This limits the possible use cases.

Is there any plan to support l2 gre over ipsec transport mode? It seems vpp
17 support s this feature. Not sure why it is dropped in 19.

On Wed, Oct 2, 2019, 12:18 AM Neale Ranns (nranns)  wrote:

>
> Hi Chuan,
>
> IPSec and GRE is supported using the tunnel protection mechanism :
>   https://wiki.fd.io/view/VPP/IPSec
>
> GRE over IPSec is only support when the SA is in tunnel mode. This means
> there is a double encap of the IP header ; once by the SA (in tunnel mode)
> and once by the tunnel itself. (Which has always been the case in VPP).
>
> Example config follows :
>
>   DBGvpp# ipsec sa add 20 spi 200 crypto-key
> 6541686776336961656264656f6f6579 crypto-alg aes-cbc-128 tunnel-src
> 10.10.10.10 tunnel-dst 10.10.10.11
>   DBGvpp# ipsec sa add 30 spi 300 crypto-key
> 6541686776336961656264656f6f6579 crypto-alg aes-cbc-128 tunnel-src
> 10.10.10.11 tunnel-dst 10.10.10.10
>   DBGvpp# create gre tunnel src 10.10.10.10 dst 10.10.10.11
> gre0
>   DBGvpp# ipsec tunnel protect gre0 sa-in 20 sa-out 30
>   DBGvpp# sh ipsec protect
>   gre0
>output-sa:
> [1] sa 30 (0x1e) spi 300 (0x012c) protocol:esp flags:[tunnel ]
>input-sa:
> [0] sa 20 (0x14) spi 200 (0x00c8) protocol:esp flags:[tunnel
> Protect ]
>
> Regards,
> neale
>
>
> From:  on behalf of "Chuan Han via Lists.Fd.Io"
> 
> Reply to: "chuan...@google.com" 
> Date: Wednesday 2 October 2019 at 02:08
> To: "vpp-dev@lists.fd.io" 
> Cc: "vpp-dev@lists.fd.io" 
> Subject: [vpp-dev] How to configure l2 gre over ipsec in vpp 19.08
>
> Hi, vpp experts,
>
> I am trying to configure l2 gre over ipsec. I followed the steps here:
> https://docs.fd.io/vpp/16.12/ipsec_gre_doc.html
>
> I hit the following error:
> create ipsec: unknown input `gre tunnel src 10.10.10.10 dst...'
>
> My vpp version is v19.08.1-release
>
> It seems on this version the "create ipsec gre tunnel" command does not
> work. If so, is there any other way of configuring l2 gre over ipsec in
> 19.08?
>
> Please advise.
>
> Thanks.
> Chuan
>
>
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.

View/Reply Online (#14099): https://lists.fd.io/g/vpp-dev/message/14099
Mute This Topic: https://lists.fd.io/mt/34364734/21656
Group Owner: vpp-dev+ow...@lists.fd.io
Unsubscribe: https://lists.fd.io/g/vpp-dev/unsub  [arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[vpp-dev] How to configure l2 gre over ipsec in vpp 19.08

[Chuan Han via Lists.Fd.Io]

Hi, vpp experts,

I am trying to configure l2 gre over ipsec. I followed the steps here:
https://docs.fd.io/vpp/16.12/ipsec_gre_doc.html

I hit the following error:
create ipsec: unknown input `gre tunnel src 10.10.10.10 dst...'

My vpp version is v19.08.1-release

It seems on this version the "create ipsec gre tunnel" command does not
work. If so, is there any other way of configuring l2 gre over ipsec in
19.08?

Please advise.

Thanks.
Chuan
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.

View/Reply Online (#14097): https://lists.fd.io/g/vpp-dev/message/14097
Mute This Topic: https://lists.fd.io/mt/34364734/21656
Group Owner: vpp-dev+ow...@lists.fd.io
Unsubscribe: https://lists.fd.io/g/vpp-dev/unsub  [arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-