Hello everyone,
I am migrating an application detection system from *VPP 23.02 to 25.02*
using the Snort3 plugin. In the new version, the plugin prevents
attaching an interface to a Snort instance while the interface is 'Up'—a
restriction that didn't exist in 23.02.
Currently, my workaround is to manually bring the interface down, attach
it, and bring it back up. However, the state change is not instantaneous
(requiring multiple retries), and once restored, the interface drops all
traffic.
I can see arp replies are getting dropped in show errors output. Since
we have a flag in userspace like if application detection is turned on,
i need to create snort interface and make it run.
Since this is a production environment, I must ensure uninterrupted
connectivity or zero packet loss. Is there a way to dynamically attach a
Snort instance to an active interface without toggling its state or
causing traffic interruptions? Also why doesn't state change to 'down'
happen immediately ?
Could anyone provide support on this issue ?
Thanks,
Dinesh
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#26815): https://lists.fd.io/g/vpp-dev/message/26815
Mute This Topic: https://lists.fd.io/mt/117836501/21656
Group Owner: [email protected]
Unsubscribe: https://lists.fd.io/g/vpp-dev/leave/14379924/21656/631435203/xyzzy
[[email protected]]
-=-=-=-=-=-=-=-=-=-=-=-
