Hi everyone!
When I was testing the bridge function,everything worked fine with the
following configuration:
>
> BD-ID Index BSN Age(min) Learn Forwrd UU-Flood Flood
> ARP-Term ARP-ufwd BVI-Intf
> 1 1 0 off off on flood on
>
Thanks, normal work
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#19961): https://lists.fd.io/g/vpp-dev/message/19961
Mute This Topic: https://lists.fd.io/mt/84811042/21656
Group Owner: vpp-dev+ow...@lists.fd.io
Unsubscribe: https://lists.fd.io/g/v
Marcos,
> I’m aware that VPP NAT Plugin has a limitation of 1000 ports per inside
> users, but eventually that amount of connections is not enough.
>
> I would like to get some guidance on how to change that VPP logic When
> assigning ports to users when working with deterministic nat, so users
Hello VPP Experts / developers,
I'm aware that VPP NAT Plugin has a limitation of 1000 ports per inside
users, but eventually that amount of connections is not enough.
I would like to get some guidance on how to change that VPP logic When
assigning ports to users when working with determini
Hi Neale,
inline
On Wed, Aug 11, 2021 at 6:36 PM Neale Ranns wrote:
> Dear Ivan,
>
>
>
> That’s the best bug report I’ve seen in ages, so thank you!
>
You're welcome :)
> I’ll take your patch as a starting point, but I’ll think I move the
> responsibility for walking the incomplete adjacen
Dear Ivan,
That’s the best bug report I’ve seen in ages, so thank you!
I’ll take your patch as a starting point, but I’ll think I move the
responsibility for walking the incomplete adjacencies into the adj code; it
seems a little unfair for the ip-neighbour module to be responsible for
updating
On Tue, Aug 10, 2021 at 2:39 AM Neale Ranns wrote
>
>
> Again: GCP does this. Calico for K8s (the most used K8s CNI plugin) does
> this. Its basically the direction Cloud is going in the generic.
>
>
>
> Ah well, that’s different, if all the cool kids are doing it, then it must
> be the right
Hi,
I've stumbled upon a problem in the neighbor adj code that handles
incomplete entries. These entries are pre-created under some circumstances
such as creation of a VXLAN tunnel and used to make Ethernet headers for
outbound ARP requests. Problem is, when the MAC address of the interface
change
Hi Neale,
Thank you for the valuable information.
I shall use the spd header file as reference.
Regards.
On Wed, Aug 11, 2021 at 5:51 PM Neale Ranns wrote:
> Hi Vijay,
>
>
>
> Use the APIs in ipsec_spd.h
>
>
>
> /neale
>
>
>
> *From: *Vijay Kumar
> *Date: *Wednesday, 11 August 2021 at 14:
Hi Vijay,
Use the APIs in ipsec_spd.h
/neale
From: Vijay Kumar
Date: Wednesday, 11 August 2021 at 14:05
To: Neale Ranns
Cc: vpp-dev
Subject: Re: [vpp-dev] Regarding Traffic selectors (IP and port range) usage in
vnet/ipsec encrypt
Hi Neale,
Thanks for the clarification.
We are not using th
Hi Neale,
Thanks for the clarification.
We are not using the VPP IKEv2 plugin. In our product, we use a different
IKE stack but we program the SA keys and create IPSEC SA by calling
ipsec_sa_add_and_lrock() API of vnet/ipsec.
What is your suggestion If we wanted to implement policy (SPD) based V
Hi Vijay,
VPP’s IKE implementation only supports route-based VPNs (where a tunnel
interface is created) and not policy based (where the SPD is used).
/neale
From: vpp-dev@lists.fd.io on behalf of Vijay Kumar via
lists.fd.io
Date: Wednesday, 11 August 2021 at 13:00
To: vpp-dev
Subject: [vp
Hi Neale,
I was looking at* ipsec_sa_add_and_lock*() function which is called by
ikev2 to install IPSEC SA but I was NOT able to find anywhere the IKEv2
negotiated traffic selectors: IP addr range (start, stop) and port range
(start, stop) being programmed to the vnet/ipsec. In such a case, how do
Hyong,
> Thanks for the info, and using 'use_socket=True' did solve the issue
> ('VPPApiClient' was already in use as it was imported as 'VPP' in my code).
> Out of curiosity, why is the python shared memory transport deprecated?
1) there was no performance gain using shared memory over UDS in
Hi, The previous screenshot shows ipv4(acl_dump)
Very strange
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#19948): https://lists.fd.io/g/vpp-dev/message/19948
Mute This Topic: https://lists.fd.io/mt/84811042/21656
Group Owner: vpp-dev+ow...@lists
Thanks for testing !
The l4 “port” values without l4 protocol value set do not make sense and thus
are ignored. (Since they mean totally different things for TCP and ICMP). So
your rule becomes “permit+reflect any any” which is what you observe in your
test.
See function make_mask_and_match_f
16 matches
Mail list logo
