Difference between revisions of "VPP Sandbox/flowtable"
GabrielGanne (Talk | contribs) m (→Sources) |
GabrielGanne (Talk | contribs) |
||
| Line 19: | Line 19: | ||
== Sources == | == Sources == | ||
* vppsb : within flowtable directory | * vppsb : within flowtable directory | ||
| − | * github : https://github.com/GabrielGanne/vpp-flowtable | + | * github : https://github.com/GabrielGanne/vpp-flowtable-plugin |
== CLI == | == CLI == | ||
| Line 53: | Line 53: | ||
== Current status == | == Current status == | ||
| − | |||
* Default behavior is to connect transparently to given interface. | * Default behavior is to connect transparently to given interface. | ||
* Can reroute packets to given node | * Can reroute packets to given node | ||
| Line 62: | Line 61: | ||
== Planned == | == Planned == | ||
| − | |||
* split into two ip4/ip6 nodes | * split into two ip4/ip6 nodes | ||
Latest revision as of 12:51, 11 January 2017
Contents
[hide]A flowtable plugin
Provide a stateful node with flow-level API, available for consecutive nodes or external applications.
Objective
Provides a flowtable node to do flow classification, and associate a flow context that can be enriched as needed by another node or an external application.
The objective is to be adaptable so as to be used for any stateful use such as load-balancing, firewall ...
Compared to the classifier, it stores a flow context, which changes the following:
- a flow context (which can be updated with external information)
- it can offload
- flows have a lifetime
Sources
- vppsb : within flowtable directory
- github : https://github.com/GabrielGanne/vpp-flowtable-plugin
CLI
flowtable [max-flows <n>] [intf <name>] [next-node <name>] [disable]
The traffic from the given intf is redirected to the flowtable using vnet_hw_interface_rx_redirect_to_node()
API
I used ~0 (or 0xff for u8) to leave configuration parameter unchanged.
- flowtable configuration
flowtable_conf(flows_max, sw_if_index, next_node_index, enable_disable)
- send additional informations to the flowtable
flowtable_update(is_ip4, ip_src, ip_dst, port_src, port_dst # used to compute flow key
lifetime, offloaded, infos) # additional flow informations
Test
In itself, the flowtable only provides a context and an API.
I added a simple port-mirroring node to test with an external application receiving the mirrored traffic and updating the flowtable using the binary API.
Perfs
Tested with handoff node, with two working nodes :
- Total BW: 12Gbps
- Max flows 2.4 M # Breaking Point flows (2.4M) != vpp flows (4M)
- avg pps : 750~800 k
- avg flow rate : 18k/s
- ~4.5% recycled flows
The flow count difference between Breaking Point and vpp flowtable's is caused by the timer management.
Current status
- Default behavior is to connect transparently to given interface.
- Can reroute packets to given node
- Can receive additional information
- Can offload sessions
- Only support IP packets
- if the maximum number of flows is reached, the flowtable will recycle a flow by expiring a flow which was about to expire (typically the first flow found in the timer-wheel's next-slot)
Planned
- split into two ip4/ip6 nodes
Main contributors
- Gabriel Ganne - gabriel.ganne@qosmos.com
- Christophe Fontaine - christophe.fontaine@qosmos.com (2016-07 ietf's hackathon : https://github.com/christophefontaine/flowtable-plugin)
