[dpdk-users] Configuring Routing module in ip_pipeline

Matheus Salgueiro Castanho ms5sh at virginia.edu
Tue Apr 12 21:48:12 CEST 2016


Dear DPDK community,

As said on my previous emails to this list, we've been studying the
ip_pipeline example application in order to learn more about how DPDK works
and, at the same time, to build a meaningful DPDK application for our
purposes. Initially, we want to create a simple firewall dpdk application
that is able to receive packets from one IP network and route the packets
to a different IP network if there is an explicit ACL rule allowing it
(default: drop).

Our simple test considers that the source host (10.0.0.1), which is
connected to one firewall interface (10.0.0.2), sends a ping to the
destination host (10.10.0.1), which is connected to the other firewall
interface (10.10.0.2). Right now, we use the firewall pipeline module to
filter packets according to the rules we applied:

p 1 firewall add ipv4 1 10.0.0.1 32 10.10.0.1 32 0 65535 0 65535 6 0 1
p 1 firewall add ipv4 2 10.10.0.1 32 10.0.0.1 32 0 65535 0 65535 6 0 0

As our dpdk application does not reply to ARP requests, we manually added
an ARP entry in the source host (10.0.0.1) indicating the MAC address of
the firewall interface (10.0.0.2), which is also its default gateway. By
capturing the packet before and after the firewall, we checked the firewall
module successfully applies the ACL rules, but now we need the dpdk
application to translate the destination IP (10.10.0.1) into a MAC address
using ARP, assemble the new packet and route it via its output interface
(10.10.0.2).

After reading the documentation, we realized it is necessary to add the
Routing module to the pipeline in order to perform ARP functionality and
packet encapsulation. Is that correct? If that is true, we would really
appreciate some help to configure our ip_pipeline application as we were
not able to find documentation on the configuration parameters.

In the ip_pipeline/config directory a few .sh files show how configure a
routing pipeline but according to comments inside them, all have ARP
disabled. Through the "tab completion" feature inside the application's
CLI, we found that there is an arp add command: "p <#> arp add <ip> <mac>".
But we didn't understand what it really does. First we thought of it as a
command to add entries in the application's ARP Table, but having to add
every entry manually doesn't sound good. Also, we were not able to add more
than 1 entry at a time (the application gives Command Failed from 2nd time
on).

p 2 arp add 0 10.0.0.1 < iface 10.0.0.1 MAC >
p 2 arp add 1 10.10.0.1 < iface 10.10.0.1 MAC >

This is our config file as is, with an illustration of our current setup.
In this case, port 0 is the input port (IP 10.0.0.2) and port 1 is the
output port (IP 10.10.0.2).

;-----------------------------------------------------------
-------------------------------
;                      Packet Rx &                  Routing
:                          Firewall
;                      __________               __________
;                     |                    |             |
   |
;                     |                    | SWQ0 |                     |
; RXQ0.0 --->|                     |--------->|                    |------>
TXQ0.0
;                     |       (P1)      | SWQ1  |       (P2)      |
; RXQ1.0 --->|                     |--------->|                    |------>
TXQ1.0
;                     |                    |             |
   |
;                     |                    |             |
   |
;                     |__________|             |__________|
;                                |                                  |
;                                +--> SINK0 (Def.)      +--> SINK1


[PIPELINE0]
type = MASTER
core = 0

[PIPELINE1]
type = FIREWALL
core = 1
pktq_in = RXQ0.0 RXQ1.0
pktq_out = SWQ0 SWQ1 SINK0

[PIPELINE2]
type = ROUTING
core = 2
pktq_in = SWQ0 SWQ1
pktq_out = TXQ0.0 TXQ1.0 SINK1
encap = ethernet; encap = ethernet / ethernet_qinq / ethernet_mpls
ip_hdr_offset = 270

;-----------------------------------------------------------
------------------------------------------

We were also not particularly sure about the "encap" and "ip_hdr_offset"
parameters for the Routing pipeline but we saw it somewhere else and tried
to test them. In our case, we are connecting two IP networks without any
extra tunneling/encapsulation.

So finally, our questions are:
- We would love if someone could shine some light into how we can configure
our application to discover next hop MAC address via ARP requests and
reassemble/route the packet to the destination (just like a router does).
- After we accomplish this task in a physical machine, is there any
configuration left in our setup in order to enable the same simple firewall
application in a virtual machine?

As an end note, I would like to ask if the only documentation regarding the
ip_pipeline application is the one in the DPDK Sample Applications User
Guide. Although it does a good job explaining the inner workings of the
ip_pipeline application and how the Packet Framework was used to build it,
we could not find description of actual use of the application, such as
lists of specific CLI commands and config parameters for each pipeline
type. I understand that the purpose of the example applications is to
demonstrate usage of DPDK library, but, for such a representative and
somewhat powerful application, it would be very useful to have a more
extensive use documentation (if there isn't one already) to help people to
quickly build DPDK-enabled apps for testing (which is our case) and
evaluation.

Thank you all once again for taking your time to read this email and
hopefully answering it if you can.

This list has been of great help in understanding more of DPDK.

Regards,
Matheus Salgueiro Castanho


More information about the users mailing list