├── .ci ├── Dockerfile.depend ├── Makefile ├── buildspec.yml └── common.mk ├── .github ├── ISSUE_TEMPLATE │ ├── bug_report.md │ └── feature_request.md └── workflows │ └── codeql-analysis.yml ├── .gitignore ├── .golangci.yml ├── CONTRIBUTING.md ├── LICENSE ├── Makefile ├── README.md ├── RELEASE_NOTES.md ├── calico-vpp-agent ├── Dockerfile ├── LICENSE ├── Makefile ├── README.md ├── cmd │ ├── api-proxy │ │ └── felix-api-proxy.go │ ├── calico_vpp_dataplane.go │ └── debug-state │ │ └── debug-state.go ├── cni │ ├── cni_node_test.go │ ├── cni_pod_test.go │ ├── cni_server.go │ ├── netns_linux.go │ ├── network_vpp.go │ ├── network_vpp_hostports.go │ ├── network_vpp_multinet.go │ ├── network_vpp_routes.go │ ├── packet_helper.go │ ├── pod_annotations.go │ ├── pod_interface │ │ ├── common.go │ │ ├── loopback.go │ │ ├── memif.go │ │ ├── tuntap.go │ │ └── vcl.go │ └── storage │ │ └── storage.go ├── common │ ├── common.go │ └── pubsub.go ├── common_tests │ └── common_tests.go ├── connectivity │ ├── connectivity.go │ ├── connectivity_server.go │ ├── flat.go │ ├── ipip.go │ ├── ipsec.go │ ├── srv6.go │ ├── vxlan.go │ └── wireguard.go ├── network │ └── network.go ├── policy │ ├── host_endpoint.go │ ├── ipset.go │ ├── messages.go │ ├── policy.go │ ├── policy_server.go │ ├── policy_state.go │ ├── rule.go │ └── workload_endpoint.go ├── prometheus │ └── prometheus.go ├── routing │ ├── bgp_watcher.go │ ├── routing_server.go │ └── routing_server_init.go ├── services │ ├── service.go │ ├── service_handler.go │ └── service_server.go ├── tests │ └── mocks │ │ ├── calico │ │ ├── client.go │ │ ├── ipam.go │ │ ├── ippools.go │ │ └── nodes.go │ │ ├── ipam.go │ │ └── pubsub_handler.go ├── watch_dog │ └── watch_dog.go └── watchers │ ├── bgp_configuration_watcher.go │ ├── bgpfilter_watcher.go │ ├── common.go │ ├── net_watcher.go │ ├── peers_watcher.go │ ├── prefix_watcher.go │ ├── secret_watcher.go │ ├── srv6_localsid_watcher.go │ ├── uplink_link_watcher.go │ └── uplink_route_watcher.go ├── config ├── config.go ├── config_parse.go ├── config_test.go └── default_hook.sh ├── docs ├── Ipsec.md ├── L2TapInterfaces.md ├── README.md ├── _static │ ├── calico_vpp_vrf_layout.drawio │ ├── calico_vpp_vrf_layout.drawio.png │ ├── demobutton.png │ ├── multinet.png │ ├── multinet_connectivity.png │ └── multinet_service.png ├── bgp_filtering.md ├── config.md ├── corepinning.md ├── developper_guide.md ├── events.md ├── kind.md ├── manifest_based_install.md ├── memif.md ├── migrate_to_calicovpp.md ├── multinet.md ├── networkmodel.md ├── policy_troubleshoot.md ├── prometheus.md ├── services.md ├── upgrading.md └── vcl.md ├── go.mod ├── go.sum ├── multinet-monitor ├── Dockerfile ├── Makefile ├── networkAttachmentDefinition │ └── net_attach_definition.go └── watcher.go ├── scripts ├── create_eks_cluster.sh ├── init_eks.sh └── replay-trace │ ├── README.md │ └── replay_trace.go ├── test ├── integration-tests │ ├── Makefile │ └── images │ │ └── pod-mock │ │ └── Dockerfile ├── k8s-e2e-tests │ ├── Makefile │ └── go.mod ├── kind │ ├── Makefile │ ├── new_cluster.sh │ └── wsl_deployment_on_kind.md ├── policies │ ├── deny.yaml │ ├── ds.yaml │ ├── dspn.yaml │ └── policy.yaml ├── prometheus │ └── Makefile ├── scale │ └── README.md ├── scripts │ ├── README.md │ ├── cases.sh │ ├── cases_util.sh │ ├── ci.sh │ ├── ci_util.sh │ ├── idle.sh │ ├── kubeadm │ │ ├── ClusterJoinConfiguration.template.yaml │ │ └── ClusterNewConfiguration.template.yaml │ ├── mngmt.sh │ ├── orch.sh │ ├── provision.sh │ ├── shared.sh │ ├── test.sh │ ├── trex_udp_gen.py │ ├── utils │ │ ├── avf.sh │ │ └── pci-nic-bind-to-kernel │ └── vppdev.sh ├── vagrant │ ├── Makefile │ ├── base │ │ └── Vagrantfile │ └── vagrantfiles │ │ ├── Vagrantfile │ │ ├── Vagrantfile_common │ │ ├── Vagrantfile_master │ │ └── Vagrantfile_node └── yaml │ ├── Makefile │ ├── bgp │ ├── bgpFilter.yaml │ └── externalBgpPeer.yaml │ ├── envoy │ ├── README.md │ ├── envoy.yaml │ ├── envoyvcl.yaml │ ├── test.yaml │ └── vcl.conf │ ├── iperf │ ├── Dockerfile │ ├── entrypoint.sh │ ├── test.yaml │ ├── test_single.yaml │ ├── test_v4.yaml │ └── test_v6.yaml │ ├── iperf3-vcl │ ├── Dockerfile │ ├── iperf3-tls-vcl.sh │ ├── iperf3-vcl.sh │ └── test.yaml │ ├── iperf3 │ ├── Dockerfile │ └── test.yaml │ ├── metallb │ └── test_metallb.yaml │ ├── monit │ └── test.yaml │ ├── multinet │ ├── multus-daemonset-thick.yaml │ ├── netdefinitions.yaml │ ├── network.yaml │ ├── pod-memif.yaml │ ├── pod.yaml │ ├── policy.yaml │ ├── projectcalico.org_networks.yaml │ ├── service.yaml │ └── whereabouts-daemonset-install.yaml │ ├── mvpp │ ├── README.md │ └── test.yaml │ ├── named_ports │ └── test.yaml │ ├── nginx │ ├── Dockerfile │ ├── nginx.conf │ └── test.yaml │ ├── raw-envoy │ ├── README.md │ ├── certs │ │ ├── cacert.pem │ │ ├── cakey.pem │ │ ├── clientcert.pem │ │ ├── clientkey.pem │ │ ├── servercert.pem │ │ ├── serverkey.pem │ │ ├── tmp.client │ │ │ ├── 01.pem │ │ │ ├── cacert.pem │ │ │ ├── cakey.pem │ │ │ ├── index.txt │ │ │ ├── index.txt.attr │ │ │ ├── index.txt.old │ │ │ ├── serial.txt │ │ │ ├── serial.txt.old │ │ │ ├── servercert.crt │ │ │ ├── servercert.csr │ │ │ ├── servercert.pem │ │ │ └── serverkey.pem │ │ └── tmp.server │ │ │ ├── 01.pem │ │ │ ├── cacert.pem │ │ │ ├── cakey.pem │ │ │ ├── index.txt │ │ │ ├── index.txt.attr │ │ │ ├── index.txt.old │ │ │ ├── serial.txt │ │ │ ├── serial.txt.old │ │ │ ├── servercert.csr │ │ │ ├── servercert.pem │ │ │ └── serverkey.pem │ ├── client-envoy.yaml │ ├── client.Dockerfile │ ├── docker-compose.yml │ ├── envoy-fips.Dockerfile │ ├── envoy_test.sh │ ├── openssl-ca.cnf │ ├── openssl-server.cnf │ ├── server-entrypoint.sh │ ├── server-envoy.yaml │ └── server.Dockerfile │ ├── scalepods │ ├── Dockerfile │ ├── scalepods.go │ └── test.yaml │ ├── scalesvc │ ├── .gitignore │ └── scalesvc.go │ ├── simple-vcl │ ├── Dockerfile │ ├── README.md │ ├── client.c │ ├── server.c │ ├── test.yaml │ └── vcl.conf │ ├── testpmd │ ├── Dockerfile │ ├── README.md │ ├── memif-testpmd.sh │ ├── patches │ │ └── 0000-memif-abstract-fix.patch │ └── test.yaml │ ├── trex │ ├── Dockerfile │ ├── README.md │ ├── build.Dockerfile │ ├── build_script.sh │ ├── test.yaml │ ├── trex-console.sh │ ├── trex-start.sh │ └── trex_template.py │ └── wrk │ ├── Dockerfile │ ├── patches │ └── 0001-no-keepalive-option.patch │ ├── test.yaml │ └── wrk.py ├── vpp-manager ├── Makefile ├── README.md ├── images │ ├── dev │ │ ├── Dockerfile │ │ ├── entrypoint.sh │ │ ├── vpp.sh │ │ └── vppctl.sh │ ├── init-eks │ │ ├── Dockerfile │ │ ├── entrypoint.sh │ │ └── init_eks.sh │ ├── ubuntu-build │ │ ├── Dockerfile │ │ └── build_script.sh │ └── ubuntu │ │ └── Dockerfile ├── main.go ├── startup │ ├── interface_config.go │ └── startup.go ├── uplink │ ├── af_packet.go │ ├── af_xdp.go │ ├── avf.go │ ├── common.go │ ├── default.go │ ├── dpdk.go │ ├── rdma.go │ ├── virtio.go │ └── vmxnet3.go ├── utils │ ├── utils.go │ └── utils_test.go └── vpp_runner.go ├── vpplink ├── abf.go ├── acl.go ├── addr.go ├── af_packet.go ├── af_xdp.go ├── arp.go ├── avf.go ├── capo.go ├── classify.go ├── cnat.go ├── crypto_sw_scheduler.go ├── feature.go ├── generated │ ├── .gitignore │ ├── bindings │ │ ├── abf │ │ │ ├── abf.ba.go │ │ │ └── abf_rpc.ba.go │ │ ├── acl │ │ │ ├── acl.ba.go │ │ │ └── acl_rpc.ba.go │ │ ├── acl_types │ │ │ └── acl_types.ba.go │ │ ├── af_packet │ │ │ ├── af_packet.ba.go │ │ │ └── af_packet_rpc.ba.go │ │ ├── af_xdp │ │ │ ├── af_xdp.ba.go │ │ │ └── af_xdp_rpc.ba.go │ │ ├── arp │ │ │ ├── arp.ba.go │ │ │ └── arp_rpc.ba.go │ │ ├── avf │ │ │ ├── avf.ba.go │ │ │ └── avf_rpc.ba.go │ │ ├── capo │ │ │ ├── capo.ba.go │ │ │ └── capo_rpc.ba.go │ │ ├── classify │ │ │ ├── classify.ba.go │ │ │ └── classify_rpc.ba.go │ │ ├── cnat │ │ │ ├── cnat.ba.go │ │ │ └── cnat_rpc.ba.go │ │ ├── crypto_sw_scheduler │ │ │ ├── crypto_sw_scheduler.ba.go │ │ │ └── crypto_sw_scheduler_rpc.ba.go │ │ ├── ethernet_types │ │ │ └── ethernet_types.ba.go │ │ ├── feature │ │ │ ├── feature.ba.go │ │ │ └── feature_rpc.ba.go │ │ ├── fib_types │ │ │ └── fib_types.ba.go │ │ ├── gso │ │ │ ├── gso.ba.go │ │ │ └── gso_rpc.ba.go │ │ ├── ikev2 │ │ │ ├── ikev2.ba.go │ │ │ └── ikev2_rpc.ba.go │ │ ├── ikev2_types │ │ │ └── ikev2_types.ba.go │ │ ├── interface │ │ │ ├── interface.ba.go │ │ │ └── interface_rpc.ba.go │ │ ├── interface_types │ │ │ └── interface_types.ba.go │ │ ├── ip │ │ │ ├── ip.ba.go │ │ │ └── ip_rpc.ba.go │ │ ├── ip6_nd │ │ │ ├── ip6_nd.ba.go │ │ │ └── ip6_nd_rpc.ba.go │ │ ├── ip_neighbor │ │ │ ├── ip_neighbor.ba.go │ │ │ └── ip_neighbor_rpc.ba.go │ │ ├── ip_session_redirect │ │ │ ├── ip_session_redirect.ba.go │ │ │ └── ip_session_redirect_rpc.ba.go │ │ ├── ip_types │ │ │ └── ip_types.ba.go │ │ ├── ipip │ │ │ ├── ipip.ba.go │ │ │ └── ipip_rpc.ba.go │ │ ├── ipsec │ │ │ ├── ipsec.ba.go │ │ │ └── ipsec_rpc.ba.go │ │ ├── ipsec_types │ │ │ └── ipsec_types.ba.go │ │ ├── memclnt │ │ │ ├── memclnt.ba.go │ │ │ └── memclnt_rpc.ba.go │ │ ├── memif │ │ │ ├── memif.ba.go │ │ │ └── memif_rpc.ba.go │ │ ├── mfib_types │ │ │ └── mfib_types.ba.go │ │ ├── nat44_ed │ │ │ ├── nat44_ed.ba.go │ │ │ └── nat44_ed_rpc.ba.go │ │ ├── nat_types │ │ │ └── nat_types.ba.go │ │ ├── pbl │ │ │ ├── pbl.ba.go │ │ │ └── pbl_rpc.ba.go │ │ ├── pci_types │ │ │ └── pci_types.ba.go │ │ ├── punt │ │ │ ├── punt.ba.go │ │ │ └── punt_rpc.ba.go │ │ ├── rdma │ │ │ ├── rdma.ba.go │ │ │ └── rdma_rpc.ba.go │ │ ├── session │ │ │ ├── session.ba.go │ │ │ └── session_rpc.ba.go │ │ ├── sr │ │ │ ├── sr.ba.go │ │ │ └── sr_rpc.ba.go │ │ ├── sr_types │ │ │ └── sr_types.ba.go │ │ ├── tapv2 │ │ │ ├── tapv2.ba.go │ │ │ └── tapv2_rpc.ba.go │ │ ├── tunnel_types │ │ │ └── tunnel_types.ba.go │ │ ├── urpf │ │ │ ├── urpf.ba.go │ │ │ └── urpf_rpc.ba.go │ │ ├── virtio │ │ │ ├── virtio.ba.go │ │ │ └── virtio_rpc.ba.go │ │ ├── vlib │ │ │ ├── vlib.ba.go │ │ │ └── vlib_rpc.ba.go │ │ ├── vmxnet3 │ │ │ ├── vmxnet3.ba.go │ │ │ └── vmxnet3_rpc.ba.go │ │ ├── vpe │ │ │ ├── vpe.ba.go │ │ │ └── vpe_rpc.ba.go │ │ ├── vpe_types │ │ │ └── vpe_types.ba.go │ │ ├── vxlan │ │ │ ├── vxlan.ba.go │ │ │ └── vxlan_rpc.ba.go │ │ └── wireguard │ │ │ ├── wireguard.ba.go │ │ │ └── wireguard_rpc.ba.go │ ├── gen.go │ ├── generate.log │ ├── ip_helpers.go │ ├── ipip.go │ ├── ipsec.go │ ├── ipsec_helpers.go │ ├── patches │ │ ├── 0001-pbl-Port-based-balancer.patch │ │ ├── 0002-cnat-WIP-no-k8s-maglev-from-pods.patch │ │ ├── 0003-acl-acl-plugin-custom-policies.patch │ │ ├── 0004-capo-Calico-Policies-plugin.patch │ │ └── 0005-partial-revert-arthur-gso.patch │ ├── vpp.go │ ├── vpp_clone_current.sh │ ├── vxlan.go │ └── wireguard.go ├── helpers.go ├── ikev2.go ├── index_allocator.go ├── interfaces.go ├── ip.go ├── ip6_nd.go ├── ipsec.go ├── memif.go ├── nat44.go ├── pbl.go ├── rdma.go ├── redirect.go ├── routes.go ├── session.go ├── srv6.go ├── stats.go ├── types │ ├── abf.go │ ├── acl.go │ ├── capo.go │ ├── classify.go │ ├── cnat.go │ ├── errors.go │ ├── errors_test.go │ ├── ethernet.go │ ├── ip_types.go │ ├── ipsec.go │ ├── memif.go │ ├── nat.go │ ├── neigh.go │ ├── pbl.go │ ├── redirect.go │ ├── route.go │ ├── session.go │ ├── sr.go │ ├── vpp_interface.go │ ├── vxlan.go │ └── wireguard.go ├── urpf.go ├── util.go ├── virtio.go ├── vlib.go ├── vmxnet3.go ├── vpe.go ├── vpplink.go └── wireguard.go └── yaml ├── Makefile ├── base ├── calico-vpp-daemonset.yaml └── kustomization.yaml ├── calico ├── installation-default.yaml ├── installation-eks.yaml ├── installation-flat.yaml ├── installation-test-v4.yaml ├── installation-test-v6.yaml ├── installation-vxlan-v6.yaml └── installation-vxlan.yaml ├── components ├── ipsec │ ├── ipsec.yaml │ └── kustomization.yaml ├── multinet │ ├── kustomization.yaml │ ├── monitor-deployment.yaml │ └── multinet.yaml ├── srv6 │ ├── kustomization.yaml │ ├── srv6.yaml │ └── srv6res.yaml └── vagrant-mounts │ ├── kustomization.yaml │ ├── mounts.yaml │ └── update.yaml ├── generated ├── .gitkeep ├── calico-vpp-dpdk.yaml ├── calico-vpp-eks-dpdk-multinet.yaml ├── calico-vpp-eks-dpdk.yaml ├── calico-vpp-eks-multinet.yaml ├── calico-vpp-eks.yaml ├── calico-vpp-kind-multinet.yaml ├── calico-vpp-kind.yaml ├── calico-vpp-multinet.yaml ├── calico-vpp-nohuge.yaml └── calico-vpp.yaml ├── overlays ├── default-huge │ ├── default-huge.yaml │ └── kustomization.yaml ├── default-multinet │ └── kustomization.yaml ├── dev │ ├── calico-vpp-dev-configmap.yaml │ ├── calico-vpp-dev-patch.yaml │ ├── calico-vpp-nohuge.yaml │ ├── installation-dev.yaml │ ├── kustomize.sh │ └── multinet-monitor-dev-patch.yaml ├── dpdk │ ├── dpdk.yaml │ └── kustomization.yaml ├── eks-dpdk-multinet │ └── kustomization.yaml ├── eks-dpdk │ ├── eks-config.yaml │ └── kustomization.yaml ├── eks-multinet │ └── kustomization.yaml ├── eks │ ├── eks-config.yaml │ └── kustomization.yaml ├── kind-multinet │ └── kustomization.yaml ├── kind │ ├── README.md │ ├── kind-config.yaml │ └── kustomization.yaml ├── test-vagrant-mounts-flat │ ├── flat.yaml │ └── kustomization.yaml ├── test-vagrant-mounts │ └── kustomization.yaml ├── test-vagrant-multinet-mounts │ └── kustomization.yaml ├── test-vagrant-srv6-mounts │ └── kustomization.yaml ├── test-vagrant-srv6 │ └── kustomization.yaml ├── test-vagrant-v6-mounts │ ├── kustomization.yaml │ └── v6.yaml ├── test-vagrant-v6 │ ├── kustomization.yaml │ └── v6.yaml └── test-vagrant │ ├── config.yaml │ └── kustomization.yaml ├── platforms └── openshift │ ├── 00-namespace-calico-vpp-dataplane.yaml │ ├── 01-cr-installation.yaml │ ├── 03-configmap-calico-vpp-resources.yaml │ ├── 03-role-calico-vpp-dataplane.yaml │ ├── 03-rolebinding-calico-vpp-dataplane.yaml │ ├── 03-serviceaccount-calico-vpp-dataplane.yaml │ └── 04-calico-vpp-nohuge.yaml └── static ├── README.md ├── calico-patch.yaml └── kustomization.yaml /.ci/Dockerfile.depend: -------------------------------------------------------------------------------- 1 | ARG BASE_IMAGE 2 | 3 | # 4 | # Dependencies image 5 | # 6 | FROM ${BASE_IMAGE} as dependencies 7 | 8 | ENV UNATTENDED=y 9 | 10 | RUN apt-get update \ 11 | && DEBIAN_FRONTEND=noninteractive apt-get install -y -qq \ 12 | apt-utils wget cmake curl git 13 | 14 | ENV GOVERSION=1.24.0 15 | ENV GOROOT="/root/.go" 16 | ENV GOPATH="/root/go" 17 | ENV PATH=$GOROOT/bin:$PATH 18 | ENV PATH=$GOPATH/bin:$PATH 19 | 20 | RUN mkdir -p "${GOROOT}" &&\ 21 | mkdir -p "${GOPATH}"/src "${GOPATH}"/pkg "${GOPATH}"/bin 22 | RUN wget -nv "https://dl.google.com/go/go${GOVERSION}.linux-amd64.tar.gz" -O "/tmp/go.tar.gz" && \ 23 | tar -C "${GOROOT}" --strip-components=1 -xzf "/tmp/go.tar.gz" && \ 24 | rm -f "/tmp/go.tar.gz" && \ 25 | curl -sSfL https://raw.githubusercontent.com/golangci/golangci-lint/master/install.sh | sh -s -- -b $(go env GOPATH)/bin v1.64.6 26 | 27 | # Get modules used by the source code 28 | COPY . /vpp-dataplane 29 | WORKDIR /vpp-dataplane 30 | RUN go get ./... && rm -fr /vpp-dataplane 31 | -------------------------------------------------------------------------------- /.ci/buildspec.yml: -------------------------------------------------------------------------------- 1 | version: 0.2 2 | 3 | env: 4 | shell: bash 5 | 6 | phases: 7 | pre_build: 8 | commands: 9 | - CI_BUILD=1 10 | - cd .ci 11 | - echo Build started on `date` 12 | 13 | - docker --version 14 | - make ci-install 15 | 16 | - echo "Logging to dockerhub" 17 | - docker login --username ${DOCKERHUB_USERNAME} --password=${DOCKERHUB_TOKEN} || true 18 | - ACCOUNT_ID="$(aws sts get-caller-identity --query "Account" --output text)" 19 | - >- 20 | aws ecr get-login-password --region $AWS_DEFAULT_REGION | 21 | docker login --username AWS --password-stdin $ACCOUNT_ID.dkr.ecr.$AWS_DEFAULT_REGION.amazonaws.com 22 | 23 | - echo "Building dependencies image" 24 | - make depend-image 25 | 26 | build: 27 | commands: 28 | - make go-check 29 | 30 | - cd .. 31 | - make images 32 | - docker images 33 | 34 | - make run-integration-tests 35 | - make push 36 | 37 | post_build: 38 | commands: 39 | - echo "Build complete" 40 | 41 | - echo Build completed on `date` 42 | -------------------------------------------------------------------------------- /.ci/common.mk: -------------------------------------------------------------------------------- 1 | CUR_DIR := $(shell dirname $(realpath $(firstword $(MAKEFILE_LIST)))) 2 | PROJECT_DIR = $(shell pwd | sed -E 's/(^.+vpp-dataplane).*$$/\1/') 3 | ROOT_DIR = $(shell pwd | sed -E 's/(^.+vpp-dataplane).*$$/\1/') 4 | SUB_DIR = $(shell pwd | sed -E 's/^.+vpp-dataplane\/(.*$$)/\1/') 5 | THIS_DIR = $(notdir $(CUR_DIR)) 6 | 7 | DEPEND_BASE = calicovpp/ci-builder 8 | 9 | VPP_BUCKET = calico-vpp-ci-artefacts 10 | 11 | WITH_GDB ?= yes 12 | 13 | # Docker option 14 | SQUASH := --squash 15 | # push dependency 16 | PUSH_DEP := image 17 | 18 | REGISTRIES := docker.io/ 19 | 20 | # CI specific variables 21 | ifdef CODEBUILD_BUILD_NUMBER 22 | # Define variable when building for CI 23 | CI_BUILD = 1 24 | endif 25 | 26 | ifdef CI_BUILD 27 | export CI_BUILD 28 | GOFLAGS := -buildvcs=false 29 | 30 | DOCKER_OPTS = -e CI_BUILD=1 -e GOFLAGS=${GOFLAGS} 31 | DOCKER_OPTS += -e CGO_ENABLED=${CGO_ENABLED} 32 | DOCKER_OPTS += --user $$(id -u):$$(id -g) 33 | DOCKER_OPTS += -w /vpp-dataplane/${SUB_DIR} 34 | DOCKER_OPTS += -v ${PROJECT_DIR}:/vpp-dataplane 35 | DOCKER_RUN = docker run -t --rm --name build_temp ${DOCKER_OPTS} calicovpp/ci-builder:latest 36 | SQUASH := 37 | PUSH_DEP := 38 | 39 | # REGISTRY_PRIV may be defined in the CI environment 40 | REGISTRIES += ${REGISTRY_PRIV} 41 | else 42 | DOCKER_RUN = CGO_ENABLED=${CGO_ENABLED} GOFLAGS=${GOFLAGS} 43 | endif 44 | 45 | TAG = $(shell git rev-parse HEAD) 46 | ifeq (${CODEBUILD_WEBHOOK_TRIGGER},branch/master) 47 | ALSO_LATEST := y 48 | endif 49 | -------------------------------------------------------------------------------- /.github/ISSUE_TEMPLATE/bug_report.md: -------------------------------------------------------------------------------- 1 | --- 2 | name: Bug report 3 | about: Create a bug report to help us improve 4 | title: '' 5 | labels: '' 6 | assignees: '' 7 | 8 | --- 9 | 10 | **Environment** 11 | - Calico/VPP version: 12 | - Kubernetes version: 13 | - Deployment type: cloud, hosted, VM, bare-metal... 14 | - Network configuration: Calico / host-local IPAM? IPIP / VXLAN enabled? Specific BGP settings? 15 | 16 | **Issue description** 17 | A clear and concise description of what the problem is. 18 | 19 | **To Reproduce** 20 | Steps to reproduce the behavior: 21 | - ... 22 | - ... 23 | 24 | **Expected behavior** 25 | A clear and concise description of what you expected to happen. 26 | 27 | **Additional context** 28 | Add any other useful information about the problem or your deployment here. 29 | -------------------------------------------------------------------------------- /.github/ISSUE_TEMPLATE/feature_request.md: -------------------------------------------------------------------------------- 1 | --- 2 | name: Feature request 3 | about: Suggest an improvement for this project 4 | title: '' 5 | labels: '' 6 | assignees: '' 7 | 8 | --- 9 | 10 | **Is your feature request related to a problem? Please describe.** 11 | A clear and concise description of what the problem is. Ex. I'm always frustrated when [...] 12 | 13 | **Describe the solution you'd like** 14 | A clear and concise description of what you want to happen. 15 | 16 | **Describe alternatives you've considered** 17 | A clear and concise description of any alternative solutions or features you've considered. 18 | 19 | **Additional context** 20 | Add any other context about the feature request here. 21 | -------------------------------------------------------------------------------- /.gitignore: -------------------------------------------------------------------------------- 1 | # Binaries 2 | calico-vpp-agent/bin 3 | vpp-manager/images/*/vpp-manager 4 | vpp-manager/images/*/vppdev.sh 5 | vpp-manager/vpp_build/ 6 | *.deb 7 | multinet-monitor/watcher 8 | 9 | test/k8s-e2e-tests/kubernetes-* 10 | test/vagrant/local-config.env 11 | test/vagrant/.vagrant 12 | 13 | # Test outputs 14 | *.out 15 | *.test 16 | 17 | # IDE files 18 | .vscode 19 | .idea 20 | 21 | # macOS 22 | .DS_Store 23 | *.bkp 24 | 25 | # build artefacts 26 | calico-vpp-agent/version 27 | vpp-manager/images/ubuntu/version 28 | test/scripts/.buildlogs 29 | multinet-monitor/version 30 | -------------------------------------------------------------------------------- /CONTRIBUTING.md: -------------------------------------------------------------------------------- 1 | Thank you for considering contributing to Calico/VPP! Please follow these steps for an efficient contribution: 2 | 3 | 1) Open an issue describing the fix or improvement you would like to make, that describes your proposed approach 4 | as well as any other approaches you have considered. A maintainer will reply to discuss the contribution. 5 | 2) Once the maintainer agrees on the approach, please submit a pull request and notify the maintainer. We will 6 | then review your pull request, potentially make some comments, and merge it once you address all comments. 7 | -------------------------------------------------------------------------------- /calico-vpp-agent/Dockerfile: -------------------------------------------------------------------------------- 1 | FROM ubuntu:22.04 2 | 3 | LABEL maintainer="aloaugus@cisco.com" 4 | 5 | ADD bin/gobgp /bin/gobgp 6 | ADD bin/debug /bin/debug 7 | ADD version /etc/calicovppversion 8 | ADD bin/felix-api-proxy /bin/felix-api-proxy 9 | ADD bin/calico-vpp-agent /bin/calico-vpp-agent 10 | 11 | ENTRYPOINT ["/bin/calico-vpp-agent"] 12 | -------------------------------------------------------------------------------- /calico-vpp-agent/Makefile: -------------------------------------------------------------------------------- 1 | include ../.ci/common.mk 2 | 3 | .PHONY: all build gobgp image push proto 4 | 5 | TAG ?= latest # Tag images with :$(TAG) 6 | ALSO_LATEST ?= n # If 'y' also tag images with :latest 7 | GENERATE_LOG_FILE=../vpplink/generated/generate.log 8 | VERSION_FILE=version 9 | 10 | all: build gobgp image 11 | 12 | export GOOS=linux 13 | 14 | bin: 15 | mkdir -p bin 16 | 17 | # We make felix-api-proxy a static executable as it will run in the calico container 18 | # for which we have less control on the env and glibc version 19 | .PHONY: felix-api-proxy 20 | felix-api-proxy: CGO_ENABLED=0 21 | felix-api-proxy: bin 22 | ${DOCKER_RUN} go build -o ./bin/felix-api-proxy ./cmd/api-proxy 23 | 24 | build: felix-api-proxy bin 25 | ${DOCKER_RUN} go build -o ./bin/calico-vpp-agent ./cmd 26 | ${DOCKER_RUN} go build -o ./bin/debug ./cmd/debug-state 27 | 28 | gobgp: bin 29 | ${DOCKER_RUN} go build -o ./bin/gobgp github.com/osrg/gobgp/v3/cmd/gobgp/ 30 | 31 | image: build gobgp 32 | @echo "Image tag : $(TAG)" > $(VERSION_FILE) 33 | @echo "VPP-dataplane version : $(shell git log -1 --oneline)" >> $(VERSION_FILE) 34 | @cat $(GENERATE_LOG_FILE) >> $(VERSION_FILE) 35 | docker build --pull -t calicovpp/agent:$(TAG) . 36 | @if [ "${ALSO_LATEST}" = "y" ]; then \ 37 | docker tag calicovpp/agent:$(TAG) calicovpp/agent:latest; \ 38 | docker tag calicovpp/agent:$(TAG) calicovpp/agent:prerelease; \ 39 | fi 40 | 41 | push: ${PUSH_DEP} 42 | set -e; for registry in ${REGISTRIES}; do \ 43 | docker tag calicovpp/agent:$(TAG) $${registry}calicovpp/agent:$(TAG); \ 44 | if [ "${ALSO_LATEST}" = "y" ]; then \ 45 | docker tag calicovpp/agent:$(TAG) $${registry}calicovpp/agent:latest; \ 46 | docker tag calicovpp/agent:$(TAG) $${registry}calicovpp/agent:prerelease; \ 47 | fi; \ 48 | docker push --all-tags $${registry}calicovpp/agent; \ 49 | done 50 | 51 | dev: image 52 | 53 | proto: 54 | $(MAKE) -C proto $@ 55 | -------------------------------------------------------------------------------- /calico-vpp-agent/README.md: -------------------------------------------------------------------------------- 1 | # Calico/vpp Agent 2 | 3 | This directory contains the agent that configures VPP for: 4 | - CNI implementation 5 | - Services load balancing 6 | - Traffic encapsulation / encryption 7 | - NodePorts implementation 8 | - Policies implementation 9 | - Multiple network support 10 | -------------------------------------------------------------------------------- /calico-vpp-agent/cmd/debug-state/debug-state.go: -------------------------------------------------------------------------------- 1 | // Copyright (C) 2019 Cisco Systems Inc. 2 | // 3 | // Licensed under the Apache License, Version 2.0 (the "License"); 4 | // you may not use this file except in compliance with the License. 5 | // You may obtain a copy of the License at 6 | // 7 | // http://www.apache.org/licenses/LICENSE-2.0 8 | // 9 | // Unless required by applicable law or agreed to in writing, software 10 | // distributed under the License is distributed on an "AS IS" BASIS, 11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or 12 | // implied. 13 | // See the License for the specific language governing permissions and 14 | // limitations under the License. 15 | 16 | package main 17 | 18 | import ( 19 | "flag" 20 | "fmt" 21 | 22 | log "github.com/sirupsen/logrus" 23 | 24 | "github.com/projectcalico/vpp-dataplane/v3/calico-vpp-agent/cni/storage" 25 | "github.com/projectcalico/vpp-dataplane/v3/config" 26 | ) 27 | 28 | func main() { 29 | var fname string 30 | cniServerStateFile := fmt.Sprintf("%s%d", config.CniServerStateFile, storage.CniServerStateFileVersion) 31 | flag.StringVar(&fname, "f", cniServerStateFile, "Pod state path") 32 | flag.Parse() 33 | 34 | st, err := storage.LoadCniServerState(fname) 35 | if err != nil { 36 | log.Errorf("LoadCniServerState errored: %v", err) 37 | return 38 | } 39 | for i, s := range st { 40 | log.Infof("-------- Elem %d--------\n%s", i, s.FullString()) 41 | } 42 | log.Infof("%d Elts", len(st)) 43 | } 44 | -------------------------------------------------------------------------------- /calico-vpp-agent/cni/network_vpp_multinet.go: -------------------------------------------------------------------------------- 1 | // Copyright (C) 2019 Cisco Systems Inc. 2 | // 3 | // Licensed under the Apache License, Version 2.0 (the "License"); 4 | // you may not use this file except in compliance with the License. 5 | // You may obtain a copy of the License at 6 | // 7 | // http://www.apache.org/licenses/LICENSE-2.0 8 | // 9 | // Unless required by applicable law or agreed to in writing, software 10 | // distributed under the License is distributed on an "AS IS" BASIS, 11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or 12 | // implied. 13 | // See the License for the specific language governing permissions and 14 | // limitations under the License. 15 | 16 | package cni 17 | 18 | import "strings" 19 | 20 | func isMemif(ifName string) bool { 21 | return strings.HasPrefix(ifName, "memif") 22 | } 23 | -------------------------------------------------------------------------------- /calico-vpp-agent/cni/packet_helper.go: -------------------------------------------------------------------------------- 1 | package cni 2 | 3 | import ( 4 | "net" 5 | 6 | "github.com/google/gopacket" 7 | "github.com/google/gopacket/layers" 8 | ) 9 | 10 | func NewArpRequestPacket(srcMac net.HardwareAddr, srcIp net.IP, dstIp net.IP) ([]byte, error) { 11 | 12 | rEth := layers.Ethernet{ 13 | SrcMAC: srcMac, 14 | DstMAC: net.HardwareAddr{0xff, 0xff, 0xff, 0xff, 0xff, 0xff}, 15 | EthernetType: layers.EthernetTypeARP, 16 | } 17 | rArp := layers.ARP{ 18 | AddrType: layers.LinkTypeEthernet, 19 | Protocol: layers.EthernetTypeIPv4, 20 | HwAddressSize: 6, 21 | ProtAddressSize: 4, 22 | Operation: layers.ARPRequest, 23 | SourceHwAddress: []byte(srcMac), 24 | SourceProtAddress: []byte(srcIp), 25 | DstHwAddress: []byte{0, 0, 0, 0, 0, 0}, 26 | DstProtAddress: []byte(dstIp), 27 | } 28 | buf := gopacket.NewSerializeBuffer() 29 | opts := gopacket.SerializeOptions{ 30 | FixLengths: true, 31 | ComputeChecksums: true, 32 | } 33 | err := gopacket.SerializeLayers(buf, opts, &rEth, &rArp) 34 | 35 | return buf.Bytes(), err 36 | } 37 | -------------------------------------------------------------------------------- /calico-vpp-agent/policy/policy_state.go: -------------------------------------------------------------------------------- 1 | // Copyright (C) 2020 Cisco Systems Inc. 2 | // 3 | // Licensed under the Apache License, Version 2.0 (the "License"); 4 | // you may not use this file except in compliance with the License. 5 | // You may obtain a copy of the License at 6 | // 7 | // http://www.apache.org/licenses/LICENSE-2.0 8 | // 9 | // Unless required by applicable law or agreed to in writing, software 10 | // distributed under the License is distributed on an "AS IS" BASIS, 11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or 12 | // implied. 13 | // See the License for the specific language governing permissions and 14 | // limitations under the License. 15 | 16 | package policy 17 | 18 | type PolicyState struct { 19 | IPSets map[string]*IPSet 20 | Policies map[PolicyID]*Policy 21 | Profiles map[string]*Policy 22 | WorkloadEndpoints map[WorkloadEndpointID]*WorkloadEndpoint 23 | HostEndpoints map[HostEndpointID]*HostEndpoint 24 | } 25 | 26 | func NewPolicyState() *PolicyState { 27 | return &PolicyState{ 28 | IPSets: make(map[string]*IPSet), 29 | Policies: make(map[PolicyID]*Policy), 30 | Profiles: make(map[string]*Policy), 31 | WorkloadEndpoints: make(map[WorkloadEndpointID]*WorkloadEndpoint), 32 | HostEndpoints: make(map[HostEndpointID]*HostEndpoint), 33 | } 34 | } 35 | -------------------------------------------------------------------------------- /calico-vpp-agent/services/service.go: -------------------------------------------------------------------------------- 1 | // Copyright (C) 2023 Cisco Systems Inc. 2 | // 3 | // Licensed under the Apache License, Version 2.0 (the "License"); 4 | // you may not use this file except in compliance with the License. 5 | // You may obtain a copy of the License at 6 | // 7 | // http://www.apache.org/licenses/LICENSE-2.0 8 | // 9 | // Unless required by applicable law or agreed to in writing, software 10 | // distributed under the License is distributed on an "AS IS" BASIS, 11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or 12 | // implied. 13 | // See the License for the specific language governing permissions and 14 | // limitations under the License. 15 | 16 | package services 17 | 18 | import "github.com/projectcalico/vpp-dataplane/v3/vpplink/types" 19 | 20 | type lbType string 21 | 22 | const ( 23 | lbTypeECMP lbType = "ECMP" 24 | lbTypeMaglev lbType = "Maglev" 25 | lbTypeMaglevDSR lbType = "MaglevDSR" 26 | ) 27 | 28 | type serviceInfo struct { 29 | keepOriginalPacket bool 30 | lbType lbType 31 | hashConfig types.IPFlowHash 32 | } 33 | -------------------------------------------------------------------------------- /calico-vpp-agent/watch_dog/watch_dog.go: -------------------------------------------------------------------------------- 1 | // Copyright (C) 2019 Cisco Systems Inc. 2 | // 3 | // Licensed under the Apache License, Version 2.0 (the "License"); 4 | // you may not use this file except in compliance with the License. 5 | // You may obtain a copy of the License at 6 | // 7 | // http://www.apache.org/licenses/LICENSE-2.0 8 | // 9 | // Unless required by applicable law or agreed to in writing, software 10 | // distributed under the License is distributed on an "AS IS" BASIS, 11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or 12 | // implied. 13 | // See the License for the specific language governing permissions and 14 | // limitations under the License. 15 | 16 | package watchdog 17 | 18 | import ( 19 | "time" 20 | 21 | "github.com/pkg/errors" 22 | "github.com/sirupsen/logrus" 23 | "gopkg.in/tomb.v2" 24 | ) 25 | 26 | type WatchDog struct { 27 | log *logrus.Entry 28 | t *tomb.Tomb 29 | } 30 | 31 | func NewWatchDog(log *logrus.Entry, t *tomb.Tomb) *WatchDog { 32 | return &WatchDog{ 33 | log: log, 34 | t: t, 35 | } 36 | } 37 | 38 | func (wd *WatchDog) Wait(myChan chan interface{}, msg string) interface{} { 39 | ticker := time.NewTicker(time.Second * 5) 40 | nbTicks := 0 41 | defer ticker.Stop() 42 | for { 43 | select { 44 | case value := <-myChan: 45 | return value 46 | case <-wd.t.Dying(): 47 | return nil 48 | case <-ticker.C: 49 | nbTicks++ 50 | if nbTicks >= 30 { 51 | wd.t.Kill(errors.Errorf("Timeout waiting for config from felix")) 52 | } else if nbTicks >= 6 { // Start warning after 6 ticks, i.e. 30sec 53 | wd.log.Warn(msg) 54 | } else { 55 | wd.log.Info(msg) 56 | } 57 | } 58 | } 59 | } 60 | -------------------------------------------------------------------------------- /calico-vpp-agent/watchers/common.go: -------------------------------------------------------------------------------- 1 | // Copyright (C) 2021 Cisco Systems Inc. 2 | // 3 | // Licensed under the Apache License, Version 2.0 (the "License"); 4 | // you may not use this file except in compliance with the License. 5 | // You may obtain a copy of the License at 6 | // 7 | // http://www.apache.org/licenses/LICENSE-2.0 8 | // 9 | // Unless required by applicable law or agreed to in writing, software 10 | // distributed under the License is distributed on an "AS IS" BASIS, 11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or 12 | // implied. 13 | // See the License for the specific language governing permissions and 14 | // limitations under the License. 15 | 16 | package watchers 17 | 18 | import ( 19 | "time" 20 | 21 | "k8s.io/apimachinery/pkg/runtime" 22 | "k8s.io/client-go/discovery" 23 | "k8s.io/client-go/rest" 24 | "k8s.io/client-go/restmapper" 25 | 26 | "sigs.k8s.io/controller-runtime/pkg/client" 27 | ) 28 | 29 | func NewK8SClient(timeout time.Duration, addToSchemes []func(s *runtime.Scheme) error) (*client.WithWatch, error) { 30 | scheme := runtime.NewScheme() 31 | for _, addToScheme := range addToSchemes { 32 | _ = addToScheme(scheme) 33 | } 34 | 35 | config, err := rest.InClusterConfig() 36 | if err != nil { 37 | return nil, err 38 | } 39 | 40 | dc, err := discovery.NewDiscoveryClientForConfig(config) 41 | if err != nil { 42 | return nil, err 43 | } 44 | gr, err := restmapper.GetAPIGroupResources(dc) 45 | if err != nil { 46 | return nil, err 47 | } 48 | 49 | k8sClient, err := client.NewWithWatch(config, client.Options{ 50 | Scheme: scheme, 51 | Mapper: restmapper.NewDiscoveryRESTMapper(gr), 52 | }) 53 | if err != nil { 54 | return nil, err 55 | } 56 | 57 | return &k8sClient, nil 58 | } 59 | -------------------------------------------------------------------------------- /docs/Ipsec.md: -------------------------------------------------------------------------------- 1 | This describes how to enable IPSEC on a Calico/VPP cluster 2 | 3 | ## Enable ipsec on a running cluster 4 | 5 | [You can find the documentation here](https://docs.tigera.io/calico/latest/getting-started/kubernetes/vpp/ipsec) 6 | 7 | ## Using this kustomize component 8 | 9 | You can use the following script to build the appropriate manifest for a cluster with ipsec enabled. 10 | 11 | ```bash 12 | cd $REPOSITORY_ROOT/yaml 13 | 14 | cat > kustomization.yaml < calico-vpp-ipsec.yaml 21 | kubectl apply -f calico-vpp-ipsec.yaml 22 | ``` 23 | 24 | You will also need to create the secret for the PSK out of band 25 | 26 | ```bash 27 | kubectl -n calico-vpp-dataplane create secret generic calicovpp-ipsec-secret \ 28 | --from-literal=psk="$(dd if=/dev/urandom bs=1 count=36 2>/dev/null | base64)" 29 | ``` 30 | -------------------------------------------------------------------------------- /docs/L2TapInterfaces.md: -------------------------------------------------------------------------------- 1 | ## We support L2 interfaces in pods 2 | 3 | Pods use an L3 interface per default (tun interface in VPP). However, we also support having L2 interfaces (tap), via this [annotation](config.md#L99): 4 | 5 | ```yaml 6 | apiVersion: v1 7 | kind: Pod 8 | metadata: 9 | name: samplepod 10 | annotations: 11 | cni.projectcalico.org/vppInterfacesSpec: |- 12 | { 13 | "eth0": {"isl3": false }, 14 | } 15 | ``` 16 | 17 | This has a known limitation : the linux routing configuration is currently incomplete. A workaround for it is to have a cap admin capability on a privileged container: 18 | 19 | ```yaml 20 | securityContext: 21 | capabilities: 22 | add: [ "NET_ADMIN"] 23 | ``` 24 | and to run these commands on the container to have connectivity: 25 | 26 | ```bash 27 | ip link set dev eth0 down 28 | ip link set dev eth0 address 02:00:00:00:00:01 29 | ip link set dev eth0 up 30 | ip neigh add 169.0.254.1 lladdr 51:53:00:17:34:09 dev eth0 31 | ip route add 169.0.254.1 dev eth0 32 | ip route add default via 169.0.254.1 dev eth0 33 | ``` 34 | -------------------------------------------------------------------------------- /docs/README.md: -------------------------------------------------------------------------------- 1 | # Calico/VPP technical documentation 2 | 3 | This folder contains Calico/VPP technical documentation. This is this repository's counterpart of the documentation available at [https://docs.tigera.io](https://docs.tigera.io/calico/latest/reference/vpp/technical-details) 4 | 5 | It contains developer oriented documentation, details of VPP specific features : 6 | 7 | - [Interface configuration](config.md) 8 | - [Developer's getting started](developper_guide.md) 9 | - [Multinet feature documentation](multinet.md) 10 | - [Existing Calico cluster migration](migrate_to_calicovpp.md) 11 | - [External resources](events.md) like events and presentations 12 | - [Guide to upgrade calico](upgrading.md) 13 | - [A networking model deep dive](networkmodel.md) 14 | 15 | Additionally this repository contains : 16 | 17 | - [A series of examples yamls](../test/yaml) 18 | - [A Simple VCL client and server example](../test/yaml/simple-vcl) 19 | - [A trex pod example](../test/yaml/trex) 20 | - [A vpp client pod example](../test/yaml/mvpp) 21 | - [An envoy pod example with optional VCL support](../test/yaml/envoy) 22 | -------------------------------------------------------------------------------- /docs/_static/calico_vpp_vrf_layout.drawio.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/projectcalico/vpp-dataplane/bf1252c1b0187a5d9e0cb7951509ab1f06ab597a/docs/_static/calico_vpp_vrf_layout.drawio.png -------------------------------------------------------------------------------- /docs/_static/demobutton.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/projectcalico/vpp-dataplane/bf1252c1b0187a5d9e0cb7951509ab1f06ab597a/docs/_static/demobutton.png -------------------------------------------------------------------------------- /docs/_static/multinet.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/projectcalico/vpp-dataplane/bf1252c1b0187a5d9e0cb7951509ab1f06ab597a/docs/_static/multinet.png -------------------------------------------------------------------------------- /docs/_static/multinet_connectivity.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/projectcalico/vpp-dataplane/bf1252c1b0187a5d9e0cb7951509ab1f06ab597a/docs/_static/multinet_connectivity.png -------------------------------------------------------------------------------- /docs/_static/multinet_service.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/projectcalico/vpp-dataplane/bf1252c1b0187a5d9e0cb7951509ab1f06ab597a/docs/_static/multinet_service.png -------------------------------------------------------------------------------- /docs/corepinning.md: -------------------------------------------------------------------------------- 1 | # Core Pinning for Calico/VPP 2 | 3 | This patch adds support in VPP for pinning workers to the CPU 4 | cores that are assigned by a static allocator. 5 | 6 | When kubernetes is configured to run with a [static allocator](https://kubernetes.io/docs/tasks/administer-cluster/cpu-management-policies/#static-policy 7 | ) and that VPP starts with requests.CPU equal to limits.CPU 8 | and both integer numbers. 9 | 10 | having VPP configured with 11 | 12 | ```console 13 | cpu { 14 | main-core 0 15 | corelist-workers 2-3 16 | relative 17 | } 18 | ``` 19 | 20 | Will make it so that numbers 0,2,3 do not refer to absolutes CPU 21 | IDs but to the 0th, 2nd and 3rd CPU of those allotted by the static 22 | core allocator in kubernetes. 23 | -------------------------------------------------------------------------------- /docs/events.md: -------------------------------------------------------------------------------- 1 | # Events 2 | 3 | ### FOSDEM 2023 talk - Feb 5th 2023 4 | - Link: https://fosdem.org/2023/schedule/event/network_pods_to_multiple_networks/ 5 | 6 | ### FOSDEM 2022 talk - Feb 6th 2022 7 | - Link: https://fosdem.org/2022/schedule/event/kubernetes_networking_is_there_a_cheetah/ 8 | 9 | ### Kubecon NA 2021 talk - Oct 15th 2021 10 | - Slides: https://kccncna2021.sched.com/event/lV4o/calicovpp-using-calicos-pluggable-dataplanes-for-fun-and-fast-networking-aloys-augustin-cisco-chris-tomkins-tigera 11 | - Recording: https://www.youtube.com/watch?v=9zBu4Zcf__c 12 | 13 | ### Kubernetes on Edge 2021 talk - Oct 12th 2021 14 | 15 | - Slides: https://static.sched.com/hosted_files/onesummit2021/ff/Low_trust_edge_k8s_Calico_VPP_ONE_summit.pdf 16 | - Recording: https://www.youtube.com/watch?v=oTuiWPb5P0g 17 | 18 | ### Linux Foundation Webinar - July 22nd 2021 19 | 20 | - Slides: https://drive.google.com/file/d/1pZh2BJlc5ZZYR6lnfH1KHQWKU4FgLti6/view?usp=sharing 21 | - Recording: https://www.youtube.com/watch?v=G67K28f5htg 22 | 23 | ### FOSDEM 2021 talk - Feb 7th 2021 24 | - Link: https://fosdem.org/2021/schedule/event/sdn_calicovpp/ 25 | 26 | ### Kubecon NA 2020 talk - Nov 19th 2020 27 | - Slides: https://kccncna20.sched.com/event/ekCQ/all-you-can-eat-networking-kubernetes-goodness-for-the-hungriest-workloads-aloys-augustin-cisco-casey-davenport-tigera 28 | - Recording: https://www.youtube.com/watch?v=tPnqFx32rW4 29 | 30 | # Blog posts 31 | 32 | - [High throughput Kubernetes cluster networking with the Calico/VPP dataplane and accelerated memif](https://www.tigera.io/blog/high-throughput-kubernetes-cluster-networking-with-the-calico-vpp-dataplane-and-accelerated-memif/) 33 | 34 | - [Boosting your cluster networking with the Calico VPP data plane (beta)!](https://www.tigera.io/blog/boosting-your-cluster-networking-with-the-calico-vpp-data-plane-beta/) 35 | 36 | - [Getting to 40G encrypted container networking with Calico/VPP on commodity hardware](https://medium.com/fd-io-vpp/getting-to-40g-encrypted-container-networking-with-calico-vpp-on-commodity-hardware-d7144e52659a) 37 | -------------------------------------------------------------------------------- /docs/manifest_based_install.md: -------------------------------------------------------------------------------- 1 | ../yaml/static/README.md -------------------------------------------------------------------------------- /docs/migrate_to_calicovpp.md: -------------------------------------------------------------------------------- 1 | Calico-VPP nodes are entirely compatible with regular Calico nodes, meaning that there can be both VPP enabled and regular nodes in the same cluster. This allows to migrate existing clusters to the VPP dataplane with minimal disruption. 2 | 3 | ## Prerequisites 4 | 5 | Before attempting a migration to the VPP dataplane, ensure that your cluster is running the same version of Calico than the version we use in the latest release of Calico-VPP. The calico version is mentioned in the Calico-VPP release tag. 6 | 7 | ## Migrating nodes to the VPP dataplane 8 | 9 | Before you get started with the migration, you should define a Calico-VPP configuration for your cluster. The simplest way to do so in most cases is to use a [Baremetal configuration](https://docs.tigera.io/calico/latest/getting-started/kubernetes/vpp/getting-started). 10 | 11 | The process to deploy VPP on some nodes in a Kubernetes / Calico cluster is the following: 12 | - Add an annotation to all the nodes in the cluster, such as `calico-vpp: disabled` 13 | - Edit the `calico-node` DaemonSet to run only on the nodes that have this annotation: 14 | ``` 15 | spec: 16 | nodeSelector: 17 | beta.kubernetes.io/os: linux 18 | calico-vpp: disabled 19 | ``` 20 | - Create the VPP version of the node DaemonSet, and configure its node selector to select only the nodes with a different annotation, such as `calico-vpp: enabled` 21 | - Then start migrating the nodes. For each node that you want to deploy VPP on: 22 | * Remove all the running pods on the node with `kubectl drain --ignore-daemonsets ` 23 | * Change the node annotation from `calico-vpp: disabled` to `calico-vpp: enabled` 24 | * Wait for the `calico-vpp-node` pod to start 25 | * Resume the scheduling of pods to this node with `kubectl uncordon ` 26 | * The new pods that are scheduled on this node will benefit from VPP networking. After migrating the first node, validate that the pods scheduled on this node are functional before migrating additional nodes. 27 | 28 | -------------------------------------------------------------------------------- /docs/networkmodel.md: -------------------------------------------------------------------------------- 1 | # Calico/VPP Pod networking & pod VRFs. 2 | 3 | The following diagram represents the networking model Calico/VPP uses. 4 | Pods a b & c are represented showcasing multiple consumption models : 5 | 6 | - (a) uses a regular netdev (tun) 7 | - (b) uses both memif & tuntap with the PBL (destination port balancing, spliting packets between both interfaces) 8 | - (c) uses the VCL (terminating L4+ in VPP, and punting packets to a tun interface) 9 | 10 | ![Calico/VPP networking model](_static/calico_vpp_vrf_layout.drawio.png) 11 | 12 | 13 | -------------------------------------------------------------------------------- /docs/prometheus.md: -------------------------------------------------------------------------------- 1 | # Prometheus howto 2 | 3 | Create a `prometheus.yml` file: 4 | 5 | ``` 6 | scrape_configs: 7 | - job_name: myapp 8 | scrape_interval: 10s 9 | static_configs: 10 | - targets: 11 | - 172.18.0.2:8888 12 | - 172.18.0.3:8888 13 | - 172.18.0.4:8888 14 | - 172.18.0.6:8888 15 | ``` 16 | 17 | Replace the IP addrs under `targets` to the actual IP addrs of the worker nodes 18 | in the cluster. 19 | 20 | 21 | Run the prometheus container: 22 | 23 | 24 | ```bash 25 | docker run --network host -p 9090:9090 -v $PWD/prometheus.yml:/etc/prometheus/prometheus.yml prom/prometheus & 26 | ``` 27 | 28 | 29 | Point browser to the IP addr of the node where prometheus is running: 30 | 31 | ``` 32 | http://:9090 33 | ``` 34 | 35 | 36 | Another simple test to see if prometheus is working: 37 | 38 | 39 | ```bash 40 | $ curl http://:8888/metrics 41 | ``` 42 | -------------------------------------------------------------------------------- /docs/services.md: -------------------------------------------------------------------------------- 1 | ## Services features 2 | 3 | Services in calicovpp support different load balancing types, and can use specific fields in hash calculation for load balancing. 4 | 5 | This is implemented using service annotations, here is an example: 6 | ```yaml 7 | apiVersion: v1 8 | kind: Service 9 | metadata: 10 | name: my-service 11 | annotations: 12 | "cni.projectcalico.org/vppLBType": "maglev" 13 | "cni.projectcalico.org/vppHashConfig": "symmetric, iproto, dstport, srcport" 14 | ``` 15 | 16 | * Possible values for `vppLBType` are `ecmp`, `maglev`, `maglevdsr` 17 | `maglev` implements consistent hashing for better redundancy and scalability. 18 | `maglebdsr` offers Direct Server Return to accelerate server response times. 19 | * `vppHashConfig` is a list of elements from `srcport, dstport, srcaddr, dstaddr, iproto, reverse, symmetric`, that the forwarding of packets is based on. 20 | -------------------------------------------------------------------------------- /docs/upgrading.md: -------------------------------------------------------------------------------- 1 | 2 | ## Upgrading Calico 3 | 4 | To upgrade the version of calico, follow these steps: 5 | 1) Pull the latest calico yaml from https://docs.projectcalico.org/manifests/calico.yaml and save it in `yaml/base/` (replacing the existing one). 6 | 2) Regenerate the calico-vpp manifests with `make TAG=prerelease` in this directory 7 | 3) Upgrade the calico dependencies in go.mod to the version that is used in the latest Calico release. One way to do so is to go to one of the Calico repositories (such as https://github.com/projectcalico/calico/felix), check out the latest release tag, and pick the versions from the `go.mod`. Look for updates to the k8s.io, proto, grpc, projectcalico, containernetworking, etc. packages. Use `go get @` to upgrade so as not to mess up go.sum. It's also a good occasion to upgrade other packages... Note that go get is sometimes a pita, and asks for the full path to a package instead of just the module path (eg `go get github.com/projectcalico/api/pkg/lib/numorstring@vvv` instead of `go get github.com/projectcalico/api@vvv`...) 8 | Finally, run `go mod tidy` at the end and verify everything still builds. 9 | 10 | -------------------------------------------------------------------------------- /multinet-monitor/Dockerfile: -------------------------------------------------------------------------------- 1 | FROM ubuntu:22.04 2 | 3 | LABEL maintainer="hbouatto@cisco.com" 4 | 5 | ADD watcher /bin/watcher 6 | 7 | ENTRYPOINT ["/bin/watcher"] 8 | -------------------------------------------------------------------------------- /multinet-monitor/Makefile: -------------------------------------------------------------------------------- 1 | include ../.ci/common.mk 2 | 3 | TAG ?= latest # Tag images with :$(TAG) 4 | VERSION_FILE=version 5 | GENERATE_LOG_FILE=../vpplink/generated/generate.log 6 | ALSO_LATEST ?= n # If 'y' also tag images with :latest 7 | 8 | .PHONY: build 9 | build: 10 | ${DOCKER_RUN} go build -o ./watcher . 11 | 12 | .PHONY: image 13 | image: build 14 | @echo "Image tag : $(TAG)" > $(VERSION_FILE) 15 | @echo "VPP-dataplane version : $(shell git log -1 --oneline)" >> $(VERSION_FILE) 16 | @cat $(GENERATE_LOG_FILE) >> $(VERSION_FILE) 17 | docker build --pull -t calicovpp/multinet-monitor:$(TAG) . 18 | @if [ "${ALSO_LATEST}" = "y" ]; then \ 19 | docker tag calicovpp/multinet-monitor:$(TAG) calicovpp/multinet-monitor:latest; \ 20 | docker tag calicovpp/multinet-monitor:$(TAG) calicovpp/multinet-monitor:prerelease; \ 21 | fi 22 | 23 | .PHONY: dev 24 | dev: image 25 | 26 | push: ${PUSH_DEP} 27 | set -e; for registry in ${REGISTRIES}; do \ 28 | docker tag calicovpp/multinet-monitor:$(TAG) $${registry}calicovpp/multinet-monitor:$(TAG); \ 29 | if [ "${ALSO_LATEST}" = "y" ]; then \ 30 | docker tag calicovpp/multinet-monitor:latest $${registry}calicovpp/multinet-monitor:latest; \ 31 | docker tag calicovpp/multinet-monitor:prerelease $${registry}calicovpp/multinet-monitor:prerelease; \ 32 | fi; \ 33 | docker push --all-tags $${registry}calicovpp/multinet-monitor; \ 34 | done 35 | -------------------------------------------------------------------------------- /multinet-monitor/networkAttachmentDefinition/net_attach_definition.go: -------------------------------------------------------------------------------- 1 | // Copyright (c) 2021 Cisco Systems, Inc. All rights reserved. 2 | 3 | // Licensed under the Apache License, Version 2.0 (the "License"); 4 | // you may not use this file except in compliance with the License. 5 | // You may obtain a copy of the License at 6 | // 7 | // http://www.apache.org/licenses/LICENSE-2.0 8 | // 9 | // Unless required by applicable law or agreed to in writing, software 10 | // distributed under the License is distributed on an "AS IS" BASIS, 11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | // See the License for the specific language governing permissions and 13 | // limitations under the License. 14 | 15 | package networkAttachmentDefinition 16 | 17 | import ( 18 | netv1 "github.com/k8snetworkplumbingwg/network-attachment-definition-client/pkg/apis/k8s.cni.cncf.io/v1" 19 | "k8s.io/apimachinery/pkg/runtime/schema" 20 | "sigs.k8s.io/controller-runtime/pkg/scheme" 21 | ) 22 | 23 | type dataplaneOptions struct { 24 | NetName string `json:"network_name,omitempty"` 25 | } 26 | 27 | type NetConf struct { 28 | DpOptions dataplaneOptions `json:"dataplane_options,omitempty"` 29 | } 30 | 31 | type NetConfList struct { 32 | Name string `json:"name,omitempty"` 33 | Plugins []*NetConf `json:"plugins,omitempty"` 34 | } 35 | 36 | var ( 37 | // GroupVersion is group version used to register these objects 38 | GroupVersion = schema.GroupVersion{Group: "k8s.cni.cncf.io", Version: "v1"} 39 | 40 | // SchemeBuilder is used to add go types to the GroupVersionKind scheme 41 | SchemeBuilder = &scheme.Builder{GroupVersion: GroupVersion} 42 | 43 | // AddToScheme adds the types in this group-version to the given scheme. 44 | AddToScheme = SchemeBuilder.AddToScheme 45 | ) 46 | 47 | func init() { 48 | SchemeBuilder.Register(&netv1.NetworkAttachmentDefinition{}, &netv1.NetworkAttachmentDefinitionList{}) 49 | } 50 | -------------------------------------------------------------------------------- /scripts/replay-trace/README.md: -------------------------------------------------------------------------------- 1 | ## VPP trace replat utility 2 | 3 | This utility allows you to replay API traces generated by VPP, 4 | while doing some pre-processing (e.g. creating network namespaces 5 | before tap creation) 6 | 7 | To use, issue in VPP: 8 | ```console 9 | vppctl# api trace save trace.cap 10 | ``` 11 | 12 | Then run the utility on the output 13 | ```console 14 | # for json output use 15 | go run -file ./path/to/trace.cap 16 | # to replay in VPP use 17 | go run -file ./path/to/trace.cap -vpp /run/vpp/vpp.api.sock 18 | ``` 19 | -------------------------------------------------------------------------------- /test/integration-tests/Makefile: -------------------------------------------------------------------------------- 1 | include ../../.ci/common.mk 2 | 3 | .PHONY: run-integration-tests vpp-image mock-image build-tests 4 | 5 | TAG ?= latest # Tag images with :$(TAG) 6 | 7 | ifndef CI_BUILD 8 | SUDO := sudo -E 9 | endif 10 | 11 | VPP_IMAGE := calicovpp/vpp:$(TAG) 12 | POD_MOCK_IMAGE := calicovpp/vpp-test-pod-mock:latest 13 | 14 | vpp-image: 15 | docker image inspect ${VPP_IMAGE} >/dev/null 2>&1 \ 16 | || $(MAKE) -C ../../vpp-manager image 17 | 18 | 19 | mock-image: 20 | docker build --network=host -t ${POD_MOCK_IMAGE} images/pod-mock 21 | 22 | 23 | # Build integration tests 24 | build-tests: 25 | ${DOCKER_RUN} go test -c ../../calico-vpp-agent/cni 26 | 27 | 28 | run-integration-tests: build-tests mock-image vpp-image 29 | @echo "Running Integration tests..." 30 | @echo "Running Calico VPP Agent - CNI tests..." 31 | ${SUDO} env "PATH=$$PATH" VPP_BINARY=/usr/bin/vpp INTEGRATION_TEST=. VPP_IMAGE="${VPP_IMAGE}" ./cni.test -test.v -test.run Integration 32 | 33 | VPP_DEV_DIR ?= /repo/vpp-manager/vpp_build/build-root/install-vpp_debug-native 34 | dev: build-tests mock-image 35 | ${SUDO} env "PATH=$$PATH" \ 36 | VPP_BINARY=${VPP_DEV_DIR}/vpp/bin/vpp \ 37 | LD_LIBRARY_PATH="${VPP_DEV_DIR}/vpp/lib/x86_64-linux-gnu" \ 38 | INTEGRATION_TEST=. VPP_IMAGE="calicovpp/vpp:latest" ./cni.test -test.v -test.run Integration 39 | 40 | -------------------------------------------------------------------------------- /test/integration-tests/images/pod-mock/Dockerfile: -------------------------------------------------------------------------------- 1 | FROM ubuntu:20.04 2 | 3 | LABEL maintainer="figschwa@cisco.com" 4 | 5 | RUN apt-get update && apt-get install -y iproute2 && rm -rf /var/lib/apt/lists/* 6 | 7 | CMD ["/bin/bash"] 8 | -------------------------------------------------------------------------------- /test/k8s-e2e-tests/Makefile: -------------------------------------------------------------------------------- 1 | export KUBECONFIG ?= $(shell realpath ~/.kube/config) 2 | E2E_TEST_VERSION ?= 1.18.12 3 | E2E_TEST_NODES ?= 2 4 | E2E_TEST_FOCUS ?= "\[sig-network\].*Conformance" 5 | E2E_TEST_SKIP ?= 6 | E2E_TEST_BINARY ?= kubernetes-$(E2E_TEST_VERSION)/_output/bin/e2e.test 7 | 8 | .PHONY: test all-tests policy-tests conformance-tests 9 | .PHONY: calico-tests calico-all-tests calico-net-tests calico-npol-tests calico-ci-tests 10 | 11 | kubernetes-$(E2E_TEST_VERSION)/_output/bin/e2e.test: 12 | wget https://github.com/kubernetes/kubernetes/archive/v$(E2E_TEST_VERSION).tar.gz 13 | tar -xvf v$(E2E_TEST_VERSION).tar.gz 14 | rm v$(E2E_TEST_VERSION).tar.gz 15 | make -C kubernetes-$(E2E_TEST_VERSION) WHAT=test/e2e/e2e.test 16 | 17 | test: $(E2E_TEST_BINARY) 18 | $(E2E_TEST_BINARY) -ginkgo.focus="$(E2E_TEST_FOCUS)" -ginkgo.skip="$(E2E_TEST_SKIP)" -num-nodes $(E2E_TEST_NODES) 19 | 20 | all-tests: 21 | E2E_TEST_FOCUS="\[sig-network\].*(NetworkPolicy|Conformance).*" $(MAKE) test 22 | 23 | policy-tests: $(E2E_TEST_BINARY) 24 | E2E_TEST_FOCUS="\[sig-network\].*NetworkPolicy.*" $(MAKE) test 25 | 26 | conformance-tests: $(E2E_TEST_BINARY) 27 | E2E_TEST_FOCUS="\[sig-network\].*Conformance" $(MAKE) test 28 | 29 | calico-tests: $(E2E_TEST_BINARY) 30 | $(E2E_TEST_BINARY) -ginkgo.focus="$(E2E_TEST_FOCUS)" -ginkgo.skip="$(E2E_TEST_SKIP)" -num-nodes $(E2E_TEST_NODES) --e2ecfg.product=calico --e2ecfg.release-stream=3.22 --e2ecfg.installer=manual 31 | 32 | calico-all-tests: 33 | E2E_TEST_FOCUS="\[calico\]" $(MAKE) calico-tests 34 | 35 | calico-net-tests: $(E2E_TEST_BINARY) 36 | E2E_TEST_FOCUS="\[calico\].*Network" $(MAKE) calico-tests 37 | 38 | calico-npol-tests: $(E2E_TEST_BINARY) 39 | E2E_TEST_FOCUS="\[calico\].*should correctly implement NetworkPolicy" $(MAKE) calico-tests 40 | 41 | calico-ci-tests: $(E2E_TEST_BINARY) 42 | E2E_TEST_FOCUS="(\[calico\]|dataplane-BPF)" E2E_TEST_SKIP="(\[Slow\]|\[Disruptive\]|wireguard|Wireguard|WireGuard|calient|doNotTrack)" $(MAKE) calico-tests 43 | 44 | -------------------------------------------------------------------------------- /test/k8s-e2e-tests/go.mod: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/projectcalico/vpp-dataplane/bf1252c1b0187a5d9e0cb7951509ab1f06ab597a/test/k8s-e2e-tests/go.mod -------------------------------------------------------------------------------- /test/policies/deny.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: crd.projectcalico.org/v1 2 | kind: NetworkPolicy 3 | metadata: 4 | name: deny-ingress-iperf 5 | namespace: iperf 6 | spec: 7 | selector: app == 'iperf-server' 8 | ingress: [] 9 | -------------------------------------------------------------------------------- /test/policies/ds.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: apps/v1 2 | kind: DaemonSet 3 | metadata: 4 | name: debug 5 | namespace: kube-system 6 | labels: 7 | k8s-app: debug 8 | spec: 9 | selector: 10 | matchLabels: 11 | name: debug 12 | template: 13 | metadata: 14 | labels: 15 | name: debug 16 | spec: 17 | tolerations: 18 | # this toleration is to have the daemonset runnable on master nodes 19 | # remove it if your masters can't run pods 20 | - key: node-role.kubernetes.io/master 21 | effect: NoSchedule 22 | hostNetwork: true 23 | containers: 24 | - name: ns 25 | image: nicolaka/netshoot:latest 26 | command: ["bash", "-c", "sleep infinity"] 27 | volumeMounts: 28 | - name: dev 29 | mountPath: /dev 30 | - name: etcvpp 31 | mountPath: /etc/vpp 32 | securityContext: 33 | privileged: true 34 | terminationGracePeriodSeconds: 1 35 | volumes: 36 | - name: dev 37 | hostPath: 38 | path: /dev 39 | - name: etcvpp 40 | hostPath: 41 | path: /etc/vpp 42 | -------------------------------------------------------------------------------- /test/policies/dspn.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: apps/v1 2 | kind: DaemonSet 3 | metadata: 4 | name: debug-podnet 5 | namespace: kube-system 6 | labels: 7 | k8s-app: debug-podnet 8 | spec: 9 | selector: 10 | matchLabels: 11 | name: debug-podnet 12 | template: 13 | metadata: 14 | labels: 15 | name: debug-podnet 16 | spec: 17 | tolerations: 18 | # this toleration is to have the daemonset runnable on master nodes 19 | # remove it if your masters can't run pods 20 | - key: node-role.kubernetes.io/master 21 | effect: NoSchedule 22 | containers: 23 | - name: ns 24 | image: nicolaka/netshoot:latest 25 | command: ["bash", "-c", "sleep infinity"] 26 | volumeMounts: 27 | - name: dev 28 | mountPath: /dev 29 | - name: etcvpp 30 | mountPath: /etc/vpp 31 | securityContext: 32 | privileged: true 33 | terminationGracePeriodSeconds: 1 34 | volumes: 35 | - name: dev 36 | hostPath: 37 | path: /dev 38 | - name: etcvpp 39 | hostPath: 40 | path: /etc/vpp 41 | -------------------------------------------------------------------------------- /test/policies/policy.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: crd.projectcalico.org/v1 2 | kind: NetworkPolicy 3 | metadata: 4 | name: allow-tcp-iperf 5 | namespace: iperf 6 | spec: 7 | selector: app == 'iperf-server' 8 | ingress: 9 | - action: Allow 10 | protocol: TCP 11 | source: 12 | selector: app == 'iperf-client' 13 | destination: 14 | ports: 15 | - 5001 16 | - 5003 -------------------------------------------------------------------------------- /test/prometheus/Makefile: -------------------------------------------------------------------------------- 1 | .PHONY: run 2 | run: 3 | echo "scrape_configs:\n\ 4 | - job_name: myapp\n\ 5 | scrape_interval: 10s\n\ 6 | static_configs:\n\ 7 | - targets:" > prometheus.yml 8 | for address in $$(kubectl get node -owide | grep -v NAME | awk '{print $$6}') ; do echo " - $$address:8888" >> prometheus.yml ; done 9 | docker run --network host -p 9090:9090 -v $$PWD/prometheus.yml:/etc/prometheus/prometheus.yml prom/prometheus & 10 | .PHONY: stop 11 | stop: 12 | docker stop $$(docker ps | grep prometheus | awk '{print $$1}') 13 | rm prometheus.yml 14 | -------------------------------------------------------------------------------- /test/scripts/idle.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | POD_NAME=$(kubectl get pods -n monit | grep monit | awk '{print $1}') 4 | kubectl exec -it -n monit ${POD_NAME} -- tail -n 10 /data/metrics.log | \ 5 | awk '{M+=$6;U+=$1;N+=$2;S+=$3;I+=$4;T+=$5;} 6 | END { 7 | printf "%.2f;%.2f;%.2f;%.2f;%.2f;%d;%d",U/NR,N/NR,S/NR,I/NR,T/NR,M/NR,NR 8 | }' 9 | -------------------------------------------------------------------------------- /test/scripts/utils/avf.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | # Copyright (c) 2020 Cisco and/or its affiliates. 4 | # Licensed under the Apache License, Version 2.0 (the "License"); 5 | # you may not use this file except in compliance with the License. 6 | # You may obtain a copy of the License at: 7 | # 8 | # http://www.apache.org/licenses/LICENSE-2.0 9 | # 10 | # Unless required by applicable law or agreed to in writing, software 11 | # distributed under the License is distributed on an "AS IS" BASIS, 12 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | # See the License for the specific language governing permissions and 14 | # limitations under the License. 15 | 16 | if [ $USER != "root" ] ; then 17 | echo "Restarting script with sudo..." 18 | sudo $0 ${*} 19 | exit 20 | fi 21 | 22 | setup () { 23 | cd /sys/bus/pci/devices/${1} 24 | driver=$(basename $(readlink driver)) 25 | if [ "${driver}" != "i40e" ]; then 26 | echo ${1} | tee driver/unbind 27 | echo ${1} | tee /sys/bus/pci/drivers/i40e/bind 28 | fi 29 | ifname=$(basename net/*) 30 | echo 0 | sudo tee sriov_numvfs > /dev/null 31 | echo 1 | sudo tee sriov_numvfs > /dev/null 32 | ip link set dev ${ifname} vf 0 mac ${2} 33 | ip link show dev ${ifname} 34 | vf=$(basename $(readlink virtfn0)) 35 | echo ${vf} | tee virtfn0/driver/unbind 36 | echo vfio-pci | tee virtfn0/driver_override 37 | echo ${vf} | sudo tee /sys/bus/pci/drivers/vfio-pci/bind 38 | echo | tee virtfn0/driver_override 39 | echo ${vf} > ~/vpp/vfpci 40 | } 41 | 42 | if [[ x$@ == "" ]]; then 43 | echo "Usage" 44 | echo "avf.sh " 45 | echo 46 | echo "avf.sh 0000:3b:00.0 00:11:22:33:44:00" 47 | echo "will create one VF on PF 0000:3b:00.0" 48 | echo "and assign the MAC address 00:11:22:33:44:00" 49 | echo 50 | echo "the resulting PCI ID can be used in vpp" 51 | echo "with create interface avf " 52 | else 53 | setup $@ 54 | fi 55 | -------------------------------------------------------------------------------- /test/scripts/utils/pci-nic-bind-to-kernel: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | # Bind all unused PCI devices bound to uio drivers 4 | # back to default kernel driver 5 | 6 | if [ $USER != "root" ] ; then 7 | echo "Restarting script with sudo..." 8 | sudo $0 ${*} 9 | exit 10 | fi 11 | 12 | for f in /sys/bus/pci/drivers/{igb_uio,uio_pci_generic,vfio-pci}/*; do 13 | [ -e ${f}/config ] || continue 14 | fuser -s ${f}/config && continue 15 | echo 1 > ${f}/remove 16 | removed=y 17 | done 18 | 19 | [ -n ${removed} ] && echo 1 > /sys/bus/pci/rescan 20 | -------------------------------------------------------------------------------- /test/vagrant/base/Vagrantfile: -------------------------------------------------------------------------------- 1 | # -*- mode: ruby -*- 2 | 3 | # Load the vagrantfile_common file to have all the variables & the config script 4 | $vagrantfilecommon = File.expand_path('../../vagrantfiles/Vagrantfile_common', __FILE__) 5 | NODE = 0 # Unused but required by the script 6 | load $vagrantfilecommon 7 | 8 | Vagrant.configure('2') do |config| 9 | config.vm.define :base_vm do |base_vm| 10 | base_vm.vm.box = "generic/ubuntu2204" 11 | base_vm.ssh.insert_key = false 12 | base_vm.vm.boot_timeout = 900 13 | 14 | base_vm.vm.provider :libvirt do |l| 15 | l.driver = "kvm" 16 | # l.disk_driver :discard => "unmap" 17 | l.default_prefix = CLUSTER_NAME + '_' 18 | l.cpus = MASTER_CPUS 19 | l.memory = MASTER_MEMORY_SIZE_GB * 1024 20 | l.machine_virtual_size = DISK_SIZE_GB 21 | end 22 | 23 | base_vm.vm.provision :shell, inline: $baseConfigScript 24 | 25 | end 26 | end 27 | 28 | -------------------------------------------------------------------------------- /test/vagrant/vagrantfiles/Vagrantfile: -------------------------------------------------------------------------------- 1 | # Node ID if it is a node. 2 | NODE = ENV['NODE'].to_i || 0 3 | 4 | # Load the type specific variables (e.g., master, node) (0 is equal to not a node) 5 | if NODE == 0 6 | $vagrantfilepath = "../Vagrantfile_master" 7 | else 8 | $vagrantfilepath = "../Vagrantfile_node" 9 | end 10 | 11 | # Load the Vagrantfile_common file 12 | $vagrantfilecommon = File.expand_path('../Vagrantfile_common', __FILE__) 13 | load $vagrantfilecommon 14 | 15 | # Load the common Vagrantfile_TYPE file 16 | $vagrantfilepath = File.expand_path($vagrantfilepath, __FILE__) 17 | load $vagrantfilepath 18 | -------------------------------------------------------------------------------- /test/vagrant/vagrantfiles/Vagrantfile_master: -------------------------------------------------------------------------------- 1 | Vagrant.configure('2') do |config| 2 | config.vm.box = $box_image 3 | config.vm.box_check_update = false 4 | 5 | config.vm.boot_timeout = 900 6 | 7 | config.vm.provider :libvirt do |l| 8 | l.default_prefix = CLUSTER_NAME + '_' 9 | l.cpus = MASTER_CPUS 10 | l.cputopology :sockets => '1', :cores => MASTER_CPUS, :threads => '1' 11 | l.memory = MASTER_MEMORY_SIZE_GB * 1024 12 | l.machine_virtual_size = DISK_SIZE_GB 13 | 14 | if MASTER_NIC_PASSTHROUGH != '' 15 | l.pci parse_pci MASTER_NIC_PASSTHROUGH 16 | end 17 | if MASTER_NODESET != '' 18 | l.nodeset = MASTER_NODESET 19 | end 20 | end 21 | 22 | config.vm.define 'master' do |subconfig| 23 | subconfig.vm.hostname = 'master' 24 | if MASTER_NIC_PASSTHROUGH == '' 25 | subconfig.vm.network :private_network, 26 | :ip => MASTER_IP, 27 | :libvirt__guest_ipv6 => "yes", 28 | :libvirt__ipv6_address => MASTER_IP6, 29 | :libvirt__ipv6_prefix => "64" 30 | end 31 | subconfig.vm.synced_folder ".", "/vagrant", type: "nfs",nfs_version: 4, nfs_udp: false 32 | subconfig.vm.synced_folder "../..", '/host-repo', type: "nfs", 33 | nfs_version: 4, 34 | nfs_udp: false, 35 | create: true, 36 | readonly: true, 37 | linux__nfs_options: ['ro','no_subtree_check','all_squash','crossmnt'] 38 | # Provision 39 | subconfig.vm.provision :shell, inline: $prepareScript 40 | subconfig.vm.provision :shell, inline: $verifyNodeScript 41 | subconfig.vm.provision :shell, inline: $kubeMasterScript 42 | # Addons 43 | if K8S_DASHBOARD 44 | subconfig.vm.provision :shell, inline: $kubeDashScript 45 | subconfig.vm.network 'forwarded_port', guest: 8443, host: 2443 46 | end 47 | end 48 | end 49 | -------------------------------------------------------------------------------- /test/vagrant/vagrantfiles/Vagrantfile_node: -------------------------------------------------------------------------------- 1 | Vagrant.configure('2') do |config| 2 | config.vm.box = $box_image 3 | config.vm.box_check_update = false 4 | 5 | config.vm.boot_timeout = 900 6 | 7 | config.vm.provider :libvirt do |l| 8 | l.default_prefix = CLUSTER_NAME + '_' 9 | l.cpus = NODE_CPUS 10 | l.cputopology :sockets => '1', :cores => NODE_CPUS, :threads => '1' 11 | l.memory = NODE_MEMORY_SIZE_GB * 1024 12 | l.machine_virtual_size = DISK_SIZE_GB 13 | 14 | if NODE_NIC_PASSTHROUGH != '' 15 | l.pci parse_pci NODE_NIC_PASSTHROUGH 16 | end 17 | if NODE_NODESET != '' 18 | l.nodeset = NODE_NODESET 19 | end 20 | end 21 | 22 | config.vm.define "node#{NODE}" do |subconfig| 23 | subconfig.vm.hostname = "node#{NODE}" 24 | if NODE_NIC_PASSTHROUGH == '' 25 | subconfig.vm.network :private_network, 26 | :ip => NODE_IP, 27 | :libvirt__guest_ipv6 => "yes", 28 | :libvirt__ipv6_address => NODE_IP6, 29 | :libvirt__ipv6_prefix => "64" 30 | end 31 | subconfig.vm.synced_folder ".", "/vagrant", type: "nfs",nfs_version: 4, nfs_udp: false 32 | subconfig.vm.synced_folder "../..", '/host-repo', type: "nfs", 33 | nfs_version: 4, 34 | nfs_udp: false, 35 | create: true, 36 | readonly: true, 37 | linux__nfs_options: ['ro','no_subtree_check','all_squash','crossmnt'] 38 | # Provision 39 | subconfig.vm.provision :shell, inline: $prepareScript 40 | subconfig.vm.provision :shell, inline: $verifyNodeScript 41 | subconfig.vm.provision :shell, inline: $kubeMinionScript 42 | end 43 | end 44 | -------------------------------------------------------------------------------- /test/yaml/bgp/bgpFilter.yaml: -------------------------------------------------------------------------------- 1 | kind: BGPFilter 2 | apiVersion: projectcalico.org/v3 3 | metadata: 4 | name: bgpftest 5 | spec: 6 | exportV4: 7 | - action: Reject 8 | cidr: 11.0.0.0/8 9 | matchOperator: In 10 | exportV6: 11 | - action: Reject 12 | cidr: 2001:db8::/32 13 | matchOperator: In 14 | importV4: 15 | - action: Reject 16 | cidr: 1.7.2.0/24 17 | matchOperator: In 18 | - action: Reject 19 | cidr: 1.2.3.4/32 20 | matchOperator: In 21 | importV6: 22 | - action: Reject 23 | cidr: 2001:db7::/32 24 | matchOperator: In 25 | - action: Reject 26 | cidr: 2001:dc7::/32 27 | matchOperator: NotIn 28 | -------------------------------------------------------------------------------- /test/yaml/bgp/externalBgpPeer.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: projectcalico.org/v3 2 | kind: BGPPeer 3 | metadata: 4 | name: my-global-peer 5 | spec: 6 | nodeSelector: all() 7 | peerIP: 172.18.0.7 8 | asNumber: 64512 9 | filters: 10 | - bgpftest 11 | -------------------------------------------------------------------------------- /test/yaml/envoy/README.md: -------------------------------------------------------------------------------- 1 | ## Envoy VCL/linux testing 2 | 3 | This is a simple toy setup for running envoy within VPP attached with the VCL 4 | 5 | This testing was done in a single node cluster, with `20.0.0.1/24` being the node 6 | address, connected to another node with `20.0.0.2/24` 7 | 8 | Envoy is configured in both cases to listen on `podID:10001` and proxy to `20.0.0.2:80` 9 | Service addresses are also configured 10 | 11 | In order for this to work, we need to remove sNAT (either globally, or just for our peer address) 12 | ```` 13 | set cnat snat-policy prefix 20.0.0.2/32 14 | ```` 15 | 16 | Then create two envoy pods (with and without VCL) 17 | 18 | ````bash 19 | test.sh up envoy 20 | ```` 21 | 22 | To start envoy 23 | ````bash 24 | # with VCL 25 | kubectl exec -it -n envoy envoy-vcl -- taskset -c 0-3 envoy -c /etc/envoy/envoyvcl.yaml --concurrency 4 26 | # with linux 27 | kubectl exec -it -n envoy envoy-linux -- taskset -c 0-3 envoy -c /etc/envoy/envoy.yaml --concurrency 4 28 | ```` 29 | -------------------------------------------------------------------------------- /test/yaml/envoy/envoy.yaml: -------------------------------------------------------------------------------- 1 | admin: 2 | access_log_path: /tmp/envoy.log 3 | address: 4 | socket_address: 5 | address: 0.0.0.0 6 | port_value: 8081 7 | static_resources: 8 | listeners: 9 | # define a reverse proxy on :10001 that always uses :80 as an origin. 10 | - name: listener_0 11 | address: 12 | socket_address: 13 | protocol: TCP 14 | address: 0.0.0.0 15 | port_value: 10001 16 | filter_chains: 17 | - filters: 18 | - name: envoy.filters.network.http_connection_manager 19 | typed_config: 20 | "@type": type.googleapis.com/envoy.extensions.filters.network.http_connection_manager.v3.HttpConnectionManager 21 | stat_prefix: ingress_http 22 | route_config: 23 | name: local_route 24 | virtual_hosts: 25 | - name: service 26 | domains: ["*"] 27 | routes: 28 | - match: 29 | prefix: "/" 30 | route: 31 | cluster: proxy_service 32 | http_filters: 33 | - name: envoy.filters.http.router 34 | clusters: 35 | - name: proxy_service 36 | connect_timeout: 0.25s 37 | type: STATIC 38 | # dns_lookup_family: V4_ONLY 39 | lb_policy: ROUND_ROBIN 40 | load_assignment: 41 | cluster_name: proxy_service 42 | endpoints: 43 | - lb_endpoints: 44 | - endpoint: 45 | address: 46 | socket_address: 47 | # This is the address/port we proxy to 48 | address: 20.0.0.2 49 | port_value: 80 50 | 51 | -------------------------------------------------------------------------------- /test/yaml/envoy/envoyvcl.yaml: -------------------------------------------------------------------------------- 1 | admin: 2 | access_log_path: /tmp/envoy.log 3 | address: 4 | socket_address: 5 | address: 0.0.0.0 6 | port_value: 8081 7 | static_resources: 8 | listeners: 9 | # define a reverse proxy on :10001 that always uses :80 as an origin. 10 | - name: listener_0 11 | address: 12 | socket_address: 13 | protocol: TCP 14 | address: 0.0.0.0 15 | port_value: 10001 16 | filter_chains: 17 | - filters: 18 | - name: envoy.filters.network.http_connection_manager 19 | typed_config: 20 | "@type": type.googleapis.com/envoy.extensions.filters.network.http_connection_manager.v3.HttpConnectionManager 21 | stat_prefix: ingress_http 22 | route_config: 23 | name: local_route 24 | virtual_hosts: 25 | - name: service 26 | domains: ["*"] 27 | routes: 28 | - match: 29 | prefix: "/" 30 | route: 31 | cluster: proxy_service 32 | http_filters: 33 | - name: envoy.filters.http.router 34 | clusters: 35 | - name: proxy_service 36 | connect_timeout: 0.25s 37 | type: LOGICAL_DNS 38 | dns_lookup_family: V4_ONLY 39 | lb_policy: ROUND_ROBIN 40 | load_assignment: 41 | cluster_name: proxy_service 42 | endpoints: 43 | - lb_endpoints: 44 | - endpoint: 45 | address: 46 | socket_address: 47 | # This is the address/port we proxy to 48 | address: 20.0.0.2 49 | port_value: 80 50 | bootstrap_extensions: 51 | - name: envoy.extensions.vcl.vcl_socket_interface 52 | typed_config: 53 | "@type": type.googleapis.com/envoy.extensions.vcl.v3alpha.VclSocketInterface 54 | default_socket_interface: "envoy.extensions.vcl.vcl_socket_interface" 55 | 56 | -------------------------------------------------------------------------------- /test/yaml/envoy/vcl.conf: -------------------------------------------------------------------------------- 1 | vcl { 2 | # Max rx/tx session buffers sizes in bytes. Increase for high throughput traffic. 3 | rx-fifo-size 400000 4 | tx-fifo-size 400000 5 | 6 | # Size of shared memory segments between VPP and VCL in bytes 7 | segment-size 1000000000 8 | 9 | add-segment-size 1000000000 10 | 11 | # App has access to global routing table 12 | app-scope-global 13 | 14 | # Allow inter-app shared-memory cut-through sessions 15 | app-scope-local 16 | 17 | # Message queues use eventfds for notifications 18 | use-mq-eventfd 19 | 20 | # VCL worker incoming message queue size 21 | event-queue-size 40000 22 | 23 | app-socket-api @vpp/session 24 | } 25 | -------------------------------------------------------------------------------- /test/yaml/iperf/Dockerfile: -------------------------------------------------------------------------------- 1 | FROM ubuntu:20.04 2 | 3 | RUN apt-get update && apt-get install -y \ 4 | iperf \ 5 | iproute2 \ 6 | net-tools \ 7 | iptables \ 8 | iproute2 \ 9 | iputils-ping \ 10 | inetutils-traceroute \ 11 | netcat \ 12 | dnsutils \ 13 | tcpdump \ 14 | netperf 15 | 16 | ADD entrypoint.sh /usr/bin/entrypoint 17 | RUN chmod +x /usr/bin/entrypoint 18 | 19 | ENTRYPOINT ["/usr/bin/entrypoint"] 20 | -------------------------------------------------------------------------------- /test/yaml/iperf/entrypoint.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | iperf -V -s -u -l1000 -p 5003 $@ & 3 | iperf -V -s -p 5001 $@ 4 | -------------------------------------------------------------------------------- /test/yaml/iperf/test_single.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: apps/v1 3 | kind: ReplicaSet 4 | metadata: 5 | namespace: iperf 6 | name: iperf-server-repl 7 | labels: 8 | app: iperf-server 9 | spec: 10 | replicas: 1 11 | selector: 12 | matchLabels: 13 | app: iperf-server 14 | template: 15 | metadata: 16 | labels: 17 | app: iperf-server 18 | spec: 19 | containers: 20 | - name: iperf-server 21 | image: calicovpp/test-iperf 22 | imagePullPolicy: IfNotPresent 23 | ports: 24 | - containerPort: 5001 25 | - containerPort: 5003 26 | --- 27 | apiVersion: v1 28 | kind: Service 29 | metadata: 30 | namespace: iperf 31 | name: iperf-service 32 | spec: 33 | selector: 34 | app: iperf-server 35 | ports: 36 | - protocol: TCP 37 | port: 5001 38 | name: iperf-tcp 39 | - protocol: UDP 40 | port: 5003 41 | name: iperf-udp 42 | --- 43 | apiVersion: v1 44 | kind: Pod 45 | metadata: 46 | name: iperf-client 47 | namespace: iperf 48 | spec: 49 | containers: 50 | - name: iperf-client 51 | image: calicovpp/test-iperf 52 | imagePullPolicy: IfNotPresent 53 | ports: 54 | - containerPort: 5001 55 | - containerPort: 5003 56 | -------------------------------------------------------------------------------- /test/yaml/iperf3-vcl/Dockerfile: -------------------------------------------------------------------------------- 1 | FROM calicovpp/test-iperf3 2 | 3 | RUN mkdir /usr/local/lib/vpp && mkdir /etc/vpp/ 4 | 5 | ADD *.so /usr/local/lib/vpp/ 6 | ADD *.so.* /usr/local/lib/vpp/ 7 | 8 | ADD iperfcert.crt /etc/vpp/iperfcert.crt 9 | ADD iperfcert.key /etc/vpp/iperfcert.key 10 | 11 | ADD iperf3-vcl.sh /usr/local/bin/iperf3-vcl 12 | ADD iperf3-tls-vcl.sh /usr/local/bin/iperf3-tls-vcl 13 | 14 | EXPOSE 5201 15 | ENTRYPOINT ["iperf3-vcl", "-4", "-s"] 16 | -------------------------------------------------------------------------------- /test/yaml/iperf3-vcl/iperf3-tls-vcl.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | TLS_ENGINE=${TLS_ENGINE:-1} # default to openssl 4 | 5 | function generate_certs () { 6 | echo "No certificates found" 7 | echo "generating..." 8 | echo 9 | openssl genrsa -out /etc/vpp/iperfcert.key 10 | openssl req -new -key /etc/vpp/iperfcert.key \ 11 | -out /etc/vpp/iperfcert.csr 12 | openssl x509 -req -days 365 \ 13 | -in /etc/vpp/iperfcert.csr \ 14 | -signkey /etc/vpp/iperfcert.key \ 15 | -out /etc/vpp/iperfcert.crt 16 | } 17 | 18 | function generate_vcl_conf () { 19 | echo "vcl { 20 | rx-fifo-size 4000000 21 | tx-fifo-size 4000000 22 | app-scope-local 23 | app-scope-global 24 | app-socket-api abstract:vpp/session 25 | tls-engine ${TLS_ENGINE} 26 | } 27 | " > /etc/vpp/vcl.conf 28 | echo "Using VCL conf :" 29 | cat /etc/vpp/vcl.conf 30 | } 31 | 32 | function run_tls_iperf3 () { 33 | if [ ! -f "/etc/vpp/iperfcert.crt" ]; then 34 | generate_certs 35 | fi 36 | generate_vcl_conf 37 | VCL_CONFIG=/etc/vpp/vcl.conf \ 38 | LD_PRELOAD=/usr/local/lib/vpp/libvcl_ldpreload.so \ 39 | LD_LIBRARY_PATH=/usr/local/lib/vpp \ 40 | LDP_TRANSPARENT_TLS=1 \ 41 | LDP_TLS_CERT_FILE=/etc/vpp/iperfcert.crt \ 42 | LDP_TLS_KEY_FILE=/etc/vpp/iperfcert.key \ 43 | iperf3 $@ 44 | } 45 | 46 | run_tls_iperf3 $@ 47 | -------------------------------------------------------------------------------- /test/yaml/iperf3-vcl/iperf3-vcl.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | function generate_vcl_conf () { 4 | echo "vcl { 5 | rx-fifo-size 4000000 6 | tx-fifo-size 4000000 7 | app-scope-local 8 | app-scope-global 9 | app-socket-api abstract:vpp/session 10 | } 11 | " > /etc/vpp/vcl.conf 12 | echo "Using VCL conf :" 13 | cat /etc/vpp/vcl.conf 14 | } 15 | 16 | function run_iperf3 () { 17 | generate_vcl_conf 18 | VCL_CONFIG=/etc/vpp/vcl.conf \ 19 | LD_PRELOAD=/usr/local/lib/vpp/libvcl_ldpreload.so \ 20 | LD_LIBRARY_PATH=/usr/local/lib/vpp \ 21 | iperf3 $@ 22 | } 23 | 24 | run_iperf3 $@ 25 | -------------------------------------------------------------------------------- /test/yaml/iperf3-vcl/test.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: apps/v1 3 | kind: ReplicaSet 4 | metadata: 5 | namespace: iperf3-vcl 6 | name: iperf3-server-repl 7 | labels: 8 | app: iperf3-server 9 | spec: 10 | replicas: 1 11 | selector: 12 | matchLabels: 13 | app: iperf3-server 14 | template: 15 | metadata: 16 | labels: 17 | app: iperf3-server 18 | annotations: 19 | "cni.projectcalico.org/vppVcl": "enable" 20 | spec: 21 | containers: 22 | - name: iperf3-server 23 | image: calicovpp/test-iperf3-vcl:v3.26.0 24 | command: ["tail", "-f", "/dev/null"] 25 | imagePullPolicy: IfNotPresent 26 | ports: 27 | - containerPort: 5201 28 | nodeName: kind-worker 29 | --- 30 | apiVersion: v1 31 | kind: Service 32 | metadata: 33 | namespace: iperf3-vcl 34 | name: iperf3-service 35 | spec: 36 | selector: 37 | app: iperf3-server 38 | ports: 39 | - protocol: TCP 40 | port: 5201 41 | --- 42 | apiVersion: v1 43 | kind: Pod 44 | metadata: 45 | name: iperf3-client 46 | namespace: iperf3-vcl 47 | annotations: 48 | "cni.projectcalico.org/vppVcl": "enable" 49 | spec: 50 | containers: 51 | - name: iperf3-client 52 | image: calicovpp/test-iperf3-vcl:v3.26.0 53 | imagePullPolicy: IfNotPresent 54 | command: ["tail", "-f", "/dev/null"] 55 | ports: 56 | - containerPort: 5201 57 | nodeName: kind-control-plane 58 | --- 59 | apiVersion: v1 60 | kind: Pod 61 | metadata: 62 | name: iperf3-client-samehost 63 | namespace: iperf3-vcl 64 | annotations: 65 | "cni.projectcalico.org/vppVcl": "enable" 66 | spec: 67 | containers: 68 | - name: iperf3-client 69 | image: calicovpp/test-iperf3-vcl:v3.26.0 70 | imagePullPolicy: IfNotPresent 71 | command: ["tail", "-f", "/dev/null"] 72 | ports: 73 | - containerPort: 5201 74 | nodeName: kind-worker 75 | 76 | -------------------------------------------------------------------------------- /test/yaml/iperf3/Dockerfile: -------------------------------------------------------------------------------- 1 | FROM ubuntu:22.04 2 | 3 | RUN apt-get update && apt-get install -y \ 4 | iperf3 \ 5 | iproute2 \ 6 | net-tools \ 7 | iptables \ 8 | iproute2 \ 9 | iputils-ping \ 10 | inetutils-traceroute \ 11 | netcat \ 12 | dnsutils \ 13 | tcpdump 14 | 15 | EXPOSE 5201 16 | ENTRYPOINT ["taskset", "-c", "17-23", "iperf3", "-s", "5201"] 17 | -------------------------------------------------------------------------------- /test/yaml/iperf3/test.yaml: -------------------------------------------------------------------------------- 1 | # Force usage of mtls 2 | # apiVersion: authentication.istio.io/v1alpha1 3 | # kind: Policy 4 | # metadata: 5 | # name: default 6 | # namespace: tls-iperf 7 | # spec: 8 | # peers: 9 | # - mtls: 10 | # mode: STRICT 11 | 12 | --- 13 | apiVersion: apps/v1 14 | kind: ReplicaSet 15 | metadata: 16 | namespace: iperf3 17 | name: iperf3-server-repl 18 | labels: 19 | app: iperf3-server 20 | spec: 21 | replicas: 1 22 | selector: 23 | matchLabels: 24 | app: iperf3-server 25 | template: 26 | metadata: 27 | labels: 28 | app: iperf3-server 29 | spec: 30 | containers: 31 | - name: iperf3-server 32 | image: calicovpp/test-iperf3 33 | imagePullPolicy: IfNotPresent 34 | ports: 35 | - containerPort: 5201 36 | 37 | --- 38 | apiVersion: v1 39 | kind: Service 40 | metadata: 41 | namespace: iperf3 42 | name: iperf3-service 43 | spec: 44 | selector: 45 | app: iperf3-server 46 | ports: 47 | - protocol: TCP 48 | port: 5201 49 | name: iperf3-tcp 50 | - protocol: UDP 51 | port: 5201 52 | name: iperf3-udp 53 | - protocol: SCTP 54 | port: 5201 55 | name: iperf3-sctp 56 | --- 57 | apiVersion: v1 58 | kind: Pod 59 | metadata: 60 | name: iperf3-client 61 | namespace: iperf3 62 | spec: 63 | containers: 64 | - name: iperf3-client 65 | image: calicovpp/test-iperf3 66 | imagePullPolicy: IfNotPresent 67 | ports: 68 | - containerPort: 5201 69 | -------------------------------------------------------------------------------- /test/yaml/metallb/test_metallb.yaml: -------------------------------------------------------------------------------- 1 | # 192.168.3.0/24 is a CIDR block for Kubernetes Service External IPs to be advertised over BGP. 2 | # 172.217.3.0/16 is a CIDR block for Kubernetes Service status.LoadBalancer IPs to be advertised over BGP, 3 | # and provisioned by metallb. 4 | # 172.217.3.4 is a user-specified loadBalancerIP for the service 5 | 6 | apiVersion: crd.projectcalico.org/v1 7 | kind: BGPConfiguration 8 | metadata: 9 | name: default 10 | spec: 11 | serviceLoadBalancerIPs: 12 | - cidr: 172.217.3.0/16 13 | serviceExternalIPs: 14 | - cidr: 192.168.3.0/24 15 | --- 16 | apiVersion: v1 17 | kind: ConfigMap 18 | metadata: 19 | namespace: metallb-system 20 | name: config 21 | data: 22 | config: | 23 | address-pools: 24 | - name: default 25 | protocol: bgp 26 | addresses: 27 | - 172.217.3.0/16 28 | --- 29 | apiVersion: v1 30 | kind: Endpoints 31 | metadata: 32 | name: my-service 33 | subsets: 34 | - addresses: 35 | - ip: 10.10.186.88 36 | ports: 37 | - port: 9376 38 | --- 39 | apiVersion: v1 40 | kind: Service 41 | metadata: 42 | name: my-service 43 | spec: 44 | type: LoadBalancer 45 | externalTrafficPolicy: Local 46 | ports: 47 | - protocol: TCP 48 | port: 80 49 | targetPort: 9377 50 | loadBalancerIP: 172.217.3.4 51 | -------------------------------------------------------------------------------- /test/yaml/monit/test.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: apps/v1 2 | kind: DaemonSet 3 | metadata: 4 | name: monit 5 | namespace: monit 6 | labels: 7 | k8s-app: monit 8 | spec: 9 | selector: 10 | matchLabels: 11 | k8s-app: monit 12 | template: 13 | metadata: 14 | labels: 15 | k8s-app: monit 16 | spec: 17 | tolerations: 18 | - key: node-role.kubernetes.io/master 19 | effect: NoSchedule 20 | nodeSelector: 21 | beta.kubernetes.io/os: linux 22 | containers: 23 | - name: monit 24 | image: infrabuilder/bench-custom-monitor 25 | imagePullPolicy: IfNotPresent 26 | -------------------------------------------------------------------------------- /test/yaml/multinet/netdefinitions.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: "k8s.cni.cncf.io/v1" 2 | kind: NetworkAttachmentDefinition 3 | metadata: 4 | name: network-blue-conf 5 | spec: 6 | config: |- 7 | { 8 | "name": "network-blue", 9 | "cniVersion": "0.3.0", 10 | "plugins": [ 11 | { 12 | "type": "calico", 13 | "log_level": "debug", 14 | "datastore_type": "kubernetes", 15 | "mtu": 0, 16 | "ipam": { 17 | "type": "whereabouts", 18 | "enable_overlapping_ranges": false, 19 | "log_file" : "/tmp/whereabouts.log", 20 | "network" : "blue" 21 | }, 22 | "policy": { 23 | "type": "k8s" 24 | }, 25 | "kubernetes": { 26 | "kubeconfig": "/etc/cni/net.d/calico-kubeconfig" 27 | }, 28 | "dataplane_options": { 29 | "type": "grpc", 30 | "socket": "unix:///var/run/calico/cni-server.sock", 31 | "network_name": "blue" 32 | } 33 | } 34 | ] 35 | } 36 | --- 37 | apiVersion: "k8s.cni.cncf.io/v1" 38 | kind: NetworkAttachmentDefinition 39 | metadata: 40 | name: network-red-conf 41 | spec: 42 | config: |- 43 | { 44 | "name": "network-red", 45 | "cniVersion": "0.3.0", 46 | "plugins": [ 47 | { 48 | "type": "calico", 49 | "log_level": "debug", 50 | "datastore_type": "kubernetes", 51 | "mtu": 0, 52 | "ipam": { 53 | "type": "whereabouts", 54 | "enable_overlapping_ranges": false, 55 | "log_file" : "/tmp/whereabouts.log", 56 | "network" : "red" 57 | }, 58 | "policy": { 59 | "type": "k8s" 60 | }, 61 | "kubernetes": { 62 | "kubeconfig": "/etc/cni/net.d/calico-kubeconfig" 63 | }, 64 | "dataplane_options": { 65 | "type": "grpc", 66 | "socket": "unix:///var/run/calico/cni-server.sock", 67 | "network_name": "red" 68 | } 69 | } 70 | ] 71 | } 72 | -------------------------------------------------------------------------------- /test/yaml/multinet/network.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: projectcalico.org/v3 2 | kind: Network 3 | metadata: 4 | name: blue 5 | spec: 6 | vni: 56 7 | range: "172.19.0.0/16" 8 | physicalNetworkName: "" 9 | --- 10 | apiVersion: projectcalico.org/v3 11 | kind: Network 12 | metadata: 13 | name: red 14 | spec: 15 | vni: 88 16 | range: "172.21.0.0/16" 17 | physicalNetworkName: "" -------------------------------------------------------------------------------- /test/yaml/multinet/pod-memif.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Pod 3 | metadata: 4 | name: memifpod 5 | annotations: 6 | k8s.v1.cni.cncf.io/networks: network-blue-conf@memif1, network-red-conf@eth5 7 | spec: 8 | 9 | containers: 10 | - name: mvpp 11 | image: calicovpp/vpp:latest 12 | command: ["tail", "-f", "/dev/null"] 13 | imagePullPolicy: IfNotPresent 14 | securityContext: 15 | privileged: true 16 | --- 17 | apiVersion: v1 18 | kind: Pod 19 | metadata: 20 | name: samplepod1 21 | annotations: 22 | k8s.v1.cni.cncf.io/networks: network-blue-conf@eth1, network-red-conf@eth2 23 | spec: 24 | 25 | containers: 26 | - name: samplepod 27 | command: ["/bin/ash", "-c", "trap : TERM INT; sleep infinity & wait"] 28 | image: nicolaka/netshoot:latest 29 | -------------------------------------------------------------------------------- /test/yaml/multinet/pod.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Pod 3 | metadata: 4 | name: samplepod 5 | annotations: 6 | k8s.v1.cni.cncf.io/networks: network-blue-conf@eth1, network-red-conf@eth6 7 | cni.projectcalico.org/vppInterfacesSpec: |- 8 | { 9 | "eth0": {"rx": 1, "tx": 2, "isl3": true }, 10 | "eth1": {"rx": 5, "tx": 9, "isl3": true } 11 | } 12 | spec: 13 | containers: 14 | - name: samplepod 15 | command: ["/bin/ash", "-c", "trap : TERM INT; sleep infinity & wait"] 16 | image: nicolaka/netshoot:latest 17 | -------------------------------------------------------------------------------- /test/yaml/multinet/policy.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: crd.projectcalico.org/v1 2 | kind: NetworkPolicy 3 | metadata: 4 | name: pol 5 | spec: 6 | selector: demo == 'demo' 7 | ingress: 8 | - action: Allow 9 | protocol: TCP 10 | destination: 11 | ports: 12 | - 3434 13 | - action: Allow 14 | protocol: TCP 15 | metadata: 16 | annotations: 17 | extensions.projectcalico.org/network: "blue" 18 | destination: 19 | ports: 20 | - 7809 21 | egress: 22 | - action: Allow 23 | protocol: TCP 24 | metadata: 25 | annotations: 26 | extensions.projectcalico.org/network: "red" 27 | destination: 28 | ports: 29 | - 5555 30 | - action: Allow 31 | protocol: TCP 32 | metadata: 33 | annotations: 34 | extensions.projectcalico.org/network: "red" 35 | destination: 36 | ports: 37 | - 5588 -------------------------------------------------------------------------------- /test/yaml/multinet/service.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Service 3 | metadata: 4 | name: my-service 5 | annotations: 6 | extensions.projectcalico.org/selector: "app=MyApp" 7 | extensions.projectcalico.org/network: "blue" 8 | spec: 9 | ports: 10 | - protocol: TCP 11 | port: 80 12 | targetPort: 9376 13 | --- 14 | apiVersion: v1 15 | kind: Pod 16 | metadata: 17 | name: my-pod 18 | annotations: 19 | k8s.v1.cni.cncf.io/networks: network-blue-conf@eth1, network-blue-conf@eth2 20 | labels: 21 | app: MyApp 22 | spec: 23 | containers: 24 | - name: nginx 25 | image: nginx:1.14.2 26 | ports: 27 | - containerPort: 9376 28 | --- 29 | apiVersion: v1 30 | kind: Pod 31 | metadata: 32 | name: my-pod2 33 | annotations: 34 | k8s.v1.cni.cncf.io/networks: network-blue-conf@eth1, network-red-conf@eth2 35 | labels: 36 | app: MyApp 37 | spec: 38 | containers: 39 | - name: nginx 40 | image: nginx:1.14.2 41 | ports: 42 | - containerPort: 9376 43 | --- 44 | -------------------------------------------------------------------------------- /test/yaml/mvpp/test.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Pod 3 | metadata: 4 | labels: 5 | app: mvpp 6 | name: mvpp 7 | namespace: mvpp 8 | annotations: 9 | "cni.projectcalico.org/vppExtraMemifPorts": "udp:6081" 10 | spec: 11 | containers: 12 | - name: mvpp 13 | image: docker.io/calicovpp/vpp:latest 14 | imagePullPolicy: IfNotPresent 15 | securityContext: 16 | privileged: true 17 | ports: 18 | - containerPort: 6081 19 | protocol: UDP 20 | command: ["/bin/bash", "-ec"] 21 | args: 22 | - | 23 | mkdir -p /run/vpp/ 24 | echo " 25 | create memif socket id 1 filename abstract:vpp/memif-eth0 26 | create interface memif socket-id 1 id 0 slave buffer-size 4096 rx-queues 1 tx-queues 1 27 | set int ip addr memif1/0 $(ip addr show dev eth0 | grep 'inet '| awk '{print $2}') 28 | set interface mac address memif1/0 02:00:00:00:00:01 29 | ip route add 0.0.0.0/0 via 127.0.0.1 memif1/0 30 | ip neighbor memif1/0 127.0.0.1 02:fe:e6:5b:3a:44 31 | set int st memif1/0 up 32 | " > /run/vpp/vppstartup.conf 33 | echo " 34 | unix { 35 | nodaemon 36 | exec /run/vpp/vppstartup.conf 37 | cli-listen /run/vpp/cli.sock 38 | } 39 | buffers { 40 | buffers-per-numa 8192 41 | default data-size 2048 42 | page-size 4K 43 | } 44 | cpu { 45 | workers 0 46 | } 47 | plugins { 48 | plugin default { enable } 49 | plugin dpdk_plugin.so { disable } 50 | } 51 | " > /etc/vpp/vpp.conf 52 | vpp -c /etc/vpp/vpp.conf 53 | --- 54 | apiVersion: v1 55 | kind: Service 56 | metadata: 57 | namespace: mvpp 58 | name: mvpp-service 59 | spec: 60 | selector: 61 | app: mvpp 62 | ports: 63 | - protocol: UDP 64 | port: 4444 65 | 66 | -------------------------------------------------------------------------------- /test/yaml/named_ports/test.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Pod 3 | metadata: 4 | name: test-pod 5 | namespace: default 6 | labels: 7 | app: for-named 8 | spec: 9 | containers: 10 | - name: web 11 | image: nginx 12 | ports: 13 | - name: first-port 14 | containerPort: 8020 15 | - name: second-port 16 | containerPort: 8030 17 | --- 18 | apiVersion: v1 19 | kind: Pod 20 | metadata: 21 | name: test-pod-2 22 | namespace: default 23 | labels: 24 | app: for-named 25 | spec: 26 | containers: 27 | - name: web 28 | image: nginx 29 | ports: 30 | - name: first-port 31 | containerPort: 8060 32 | - name: second-port 33 | containerPort: 8090 34 | --- 35 | --- 36 | apiVersion: v1 37 | kind: Service 38 | metadata: 39 | name: my-service 40 | namespace: default 41 | spec: 42 | selector: 43 | app: for-named 44 | ports: 45 | - name: first 46 | protocol: TCP 47 | port: 80 48 | targetPort: first-port 49 | - name: second 50 | protocol: TCP 51 | port: 60 52 | targetPort: second-port 53 | --- 54 | -------------------------------------------------------------------------------- /test/yaml/nginx/Dockerfile: -------------------------------------------------------------------------------- 1 | FROM nginx:latest 2 | 3 | ADD nginx.conf /etc/nginx/nginx.conf 4 | ADD 4096 /usr/share/nginx/html/4096 5 | ADD 2MB /usr/share/nginx/html/2MB 6 | ADD 600 /usr/share/nginx/html/600 7 | 8 | ENTRYPOINT ["nginx"] 9 | -------------------------------------------------------------------------------- /test/yaml/nginx/nginx.conf: -------------------------------------------------------------------------------- 1 | worker_processes 20; 2 | pid /var/run/nginx.pid; 3 | error_log /var/log/nginx/error.log warn; 4 | user nginx; 5 | daemon off; 6 | 7 | events { 8 | } 9 | 10 | http { 11 | sendfile on; 12 | tcp_nopush on; 13 | tcp_nodelay on; 14 | 15 | access_log off; 16 | 17 | server { 18 | root /usr/share/nginx/html; 19 | listen 80; 20 | } 21 | } 22 | 23 | 24 | -------------------------------------------------------------------------------- /test/yaml/nginx/test.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: apps/v1 3 | kind: ReplicaSet 4 | metadata: 5 | namespace: nginx 6 | name: nginx-repl 7 | labels: 8 | app: nginx 9 | spec: 10 | replicas: 1 11 | selector: 12 | matchLabels: 13 | app: nginx 14 | template: 15 | metadata: 16 | labels: 17 | app: nginx 18 | spec: 19 | containers: 20 | - name: nginx 21 | image: calicovpp/test-nginx 22 | imagePullPolicy: IfNotPresent 23 | ports: 24 | - containerPort: 80 25 | --- 26 | apiVersion: v1 27 | kind: Service 28 | metadata: 29 | namespace: nginx 30 | name: nginx-service-1 31 | spec: 32 | selector: 33 | app: nginx 34 | ports: 35 | - protocol: TCP 36 | port: 80 37 | targetPort: 80 38 | --- 39 | apiVersion: v1 40 | kind: Service 41 | metadata: 42 | namespace: nginx 43 | name: nginx-service-2 44 | spec: 45 | selector: 46 | app: nginx 47 | ports: 48 | - protocol: TCP 49 | port: 80 50 | targetPort: 80 51 | --- 52 | apiVersion: v1 53 | kind: Service 54 | metadata: 55 | namespace: nginx 56 | name: nginx-service-3 57 | spec: 58 | selector: 59 | app: nginx 60 | ports: 61 | - protocol: TCP 62 | port: 80 63 | targetPort: 80 64 | -------------------------------------------------------------------------------- /test/yaml/raw-envoy/README.md: -------------------------------------------------------------------------------- 1 | # Envoy TLS proxy perf test 2 | 3 | This directory contains a setup for testing host to host proxy performance with envoy 4 | 5 | ## Test conditions 6 | 7 | We test TLS 1.3 with AES256-GCM-SHA384 and AES128-GCM-SHA256 8 | 9 | ## Running the tests 10 | 11 | First you should `./envoy_test.sh certs` to create the required TLS certificates 12 | 13 | Then you can use `./envoy_test.sh sync` to rsync the configuration to vq1 & vq2 14 | 15 | This does not copy docker-compose.yml by default -------------------------------------------------------------------------------- /test/yaml/raw-envoy/certs/clientkey.pem: -------------------------------------------------------------------------------- 1 | -----BEGIN PRIVATE KEY----- 2 | MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQDfN/akkqOlu+Zt 3 | MFYPZ6daRrdr6cDTkeqovFYb9hGfLckGo8yyh2yO28rQkeaQu+WVPdT/FAVG9Ox5 4 | BeiqBLzBLv1cjxgbNwiM4u3wDAkyZB9nd1G/yWHj78f5UhFATPmJkCkAHAJ5Z3LC 5 | 9Vi6z/XI4ovBUs9TCgPn36RC8Zvmdqz9lEpOYQa6T1mwmbUQzg/RG0h8SIIkpW0w 6 | x36neNGKsL0StVLJmUDBa/TgEc6vx5mpeQ3y9I4IvHYnWgXYd+8SoZDTGpYqiovS 7 | oWXUGT1M0Tv2HF/fFp+3U9muiXW1JjiVn6XD2pI38Tub8o9YBIyf6tZWO8HTMj5s 8 | J9/oe/mXAgMBAAECggEAH2SegnzBGTD48khHAjmgtriVWU7xuI+gAgUi0yHjTpDA 9 | 4fctdbpIETtmJbkvRRG38ypUB1/IcjdF/qtPEoJCDaVPKrJRQJqX0ECmGAmJTZX5 10 | OLL2Q1POOaFibXUWSgXJXohwy7wkuPBMmpCo3vUaaxs5boH3+ITDEdxJHMUgGOQ6 11 | o5BeGlHKnGK/mB7TLns8Llw514AOw3t3n/AYqFScZalJZ90wzJQy3nGhoqJwvgqg 12 | NrXlmR+j/CEVy79FYyTOwmgjqGdEObqikeFqP3146UOISDyMVMkxlol9oCkxag0k 13 | GY2gMxiX4qETKg+B2ULuIna48HrEK0QK5DTtY/ch4QKBgQD1AYI3mPJl479dRzf/ 14 | OuVk1xCNLn3sMa7Ao7vKu+Ew5nJyotDvz3RPTmb4rwV5zZRKJr5TsG4JioNVsRbf 15 | GbeDzcgIBAwFu7m6cw+HFkAd9mXRRgkf9Dlau7VFtV+VVCxxUMXJ7GW2/yYRoMVH 16 | /jp2cBVM4K0Ih3nd9pCB9oq8ZwKBgQDpPCywyJmDso5uYAmn6XNiaZoSVG6r9Z+f 17 | /EqYmxf0WN8Tt3N913tBM1iHh7spyqMf7FNz0o8KmJRXWXxdFryWuwGjrgHMUL1P 18 | yit2AW6ROLAzHe3ZXR15bdrYQNrz0HnX+FbTBFijP+CVhXLigcqMPxYhPiCUMBQV 19 | rsjYUtybUQKBgQCth94FJu04wXB+zryYp8xl+fWdKXrC2gWeJ9oQo7XB/ta83xkB 20 | YXxN14gTR1Oni7YmNv7DI8ksNNEE1qMObZaPYib1lng1b1sC9g/fbCEJl8VRzjsU 21 | SNR+sUiZEPecOrwnnkAY3rjEPj9maOqSLTyXOpe7lb64tcvZLJP5mPd2rQKBgDNl 22 | iUujyQCWloCINViFP2IOd19Wr9TBGd39kMq0UsEL3IzRvmea1pR1piqnpHz/JJdi 23 | UrmRSuhA21+sXpV87y4gI6pYLBlEKZOtr4ofoqfp4BpDnChsNpSNus4w7I8R/+ex 24 | 2CBEMuw2pV0NvVVg2KuzM0M8F53QQnzMuYHCMM8hAoGBAINspDE/Vxc7wKwv302a 25 | sbTPh9nHXenBAxjrCptyFl+twBBQgZw10Oj3hTUtCKFBIQz2JsBP99SFKWdHIpGS 26 | 18DcS5PrhtfW8Dg1K3gg4sAgLH0iU/XbBSRpGBZrOekIVwRl+1qlpWjFVcw7jLXV 27 | tCRytYl5tvOtYkIC2eQEaU9S 28 | -----END PRIVATE KEY----- 29 | -------------------------------------------------------------------------------- /test/yaml/raw-envoy/certs/serverkey.pem: -------------------------------------------------------------------------------- 1 | -----BEGIN PRIVATE KEY----- 2 | MIIEvAIBADANBgkqhkiG9w0BAQEFAASCBKYwggSiAgEAAoIBAQDeLindvFiU2MjG 3 | D6GtNuhkXCKfSKSHk9ycriR4vmSycYY+7bTcgsBPhHWgqE2w/PUAky2EZuu/cbMa 4 | mbFORnhsvAvXkhN+Mn5MaL9XV++eEx0Bzs/9ULtK7kXDxvo09ye9jFcnupdhZYmc 5 | aziNkjScWd+qYI23jt4lT98IOKbganWADYp7NeY9V8DkQG/d3wtNE9sSaoIKVAEj 6 | 8VkfPa+8T7wE1rtkG7SqkPK3MPPdcCKxBb/ID+NZRqmp2LvVKsgETfLh6TfVL5b0 7 | 4yle3LsqT/QP2OOcGUw0PfmO2gm5TUYgLd25iJGQjnOR6z3OHlZaGAep1ahHwq31 8 | UsIhKFppAgMBAAECggEAUZ1Pj75CI9tGVUskrsY+s68MoMpEdfEg1wU5LIlz4ADH 9 | uZIEIAR/tDYKJ4vrjho9vYpS7BIKg3a2vgy7Du/gCMFC8Fsegfr2XgcUUndg9AY9 10 | X46i5IClbC7+vZ34B0DK/lvxIAzw0rxDwou4aHjOjqiM+r8hD86RV89xNEnrMv/5 11 | CnYazDgd6Ki0fMPhq6iJwTLU6lUCNhgnmXf/tt0gwbilqpCE8h8ydvJe93Sx7yFM 12 | 3CrUCGZId+WZoyvgBx2fPUWX1bcDDimPdPUFUhlEDnsA0/pX/iMPgTfYp4HfvadB 13 | kiI+jr6NuaXMeYfFP0N9K/wbfrQYq6uDeVZchEBeSQKBgQD0G7WMthGf93m62nEK 14 | tl9clsThPyHRluURn1QYKzAX3hUyNXjogzJXGcWSbZ0VvSfSyCt/f5UD0cLH8ltr 15 | aN3vZWM2tFTjyZ7t1HTxxL+qJHMU/jkJ522ii+qTv/AmwLe5EmdNyaiZ9y1Rfd5P 16 | RPCOmg6RLnn9aMmyDHjfZZWI3wKBgQDpAP1mBWyltuCrfGAo/iF4+Khc8SUJ6aK5 17 | 0ikpZpegAS2M3BUoMq9BeChRMGvkClegAnZVQueKy/Q+hWNKepMW/VZAyjUat1Ej 18 | TfA+zMRg1+82Jl6JlcHevSdf8fqBNUsECDoJ8Isq6oVfQGQkgJ8RqURQ9PixqGs4 19 | 5X4YeEXdtwKBgE5n4AZULJEO8gB8TTa9oR+iJZabqochSm5AmMgyhv4DjRdVaYJ1 20 | MWQcmQMRRhVHblUbii0nk3tokoGabJaxViegjx9xCJsplWyagv1szosdrgEeLr/p 21 | n6NIAY53ZfFskRZWvOuVTBw38kxse01GvWVwQiGLpg8o6y/PJbvLax5NAoGAK72q 22 | 1E8qYUWekbLMnoVupTYQ7Tm72UuJ59ZjMcl3p2rxMSNTuXMiYWj8MJmld27Vmk08 23 | B6+CphS5qk8CH8Y4/LTcT1dmdrh5O+Zytmdcak2/M2wqjSuW9IiP7rwPadgmWABv 24 | XNRSW+Eg3ovJAO1Ab2FWWNhUI43Zaxnx/Qf/HasCgYBLY+x7IRkCn/Pm26BjrHd6 25 | vPbCMJoTEfuXyOCRoEFddRs2hA73MzwtDNte06kJWVa6h1LTbeW3Js2ogBjfuGmL 26 | iZzuNi4xR3MaFKMjYlyJ0ornk6PWRX5omyvFH/C23MxBaYjpMJNFIkB6owokQpQI 27 | lbof5c1Oa6X5eJ0540xJMA== 28 | -----END PRIVATE KEY----- 29 | -------------------------------------------------------------------------------- /test/yaml/raw-envoy/certs/tmp.client/index.txt: -------------------------------------------------------------------------------- 1 | V 220413115425Z 01 unknown /C=US/ST=MD/L=Baltimore/O=Test Server, Limited/CN=Test Server 2 | -------------------------------------------------------------------------------- /test/yaml/raw-envoy/certs/tmp.client/index.txt.attr: -------------------------------------------------------------------------------- 1 | unique_subject = no 2 | -------------------------------------------------------------------------------- /test/yaml/raw-envoy/certs/tmp.client/index.txt.old: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/projectcalico/vpp-dataplane/bf1252c1b0187a5d9e0cb7951509ab1f06ab597a/test/yaml/raw-envoy/certs/tmp.client/index.txt.old -------------------------------------------------------------------------------- /test/yaml/raw-envoy/certs/tmp.client/serial.txt: -------------------------------------------------------------------------------- 1 | 02 2 | -------------------------------------------------------------------------------- /test/yaml/raw-envoy/certs/tmp.client/serial.txt.old: -------------------------------------------------------------------------------- 1 | 01 2 | -------------------------------------------------------------------------------- /test/yaml/raw-envoy/certs/tmp.client/servercert.crt: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/projectcalico/vpp-dataplane/bf1252c1b0187a5d9e0cb7951509ab1f06ab597a/test/yaml/raw-envoy/certs/tmp.client/servercert.crt -------------------------------------------------------------------------------- /test/yaml/raw-envoy/certs/tmp.client/servercert.csr: -------------------------------------------------------------------------------- 1 | -----BEGIN CERTIFICATE REQUEST----- 2 | MIIDkDCCAngCAQAwgYQxCzAJBgNVBAYTAlVTMQswCQYDVQQIDAJNRDESMBAGA1UE 3 | BwwJQmFsdGltb3JlMR0wGwYDVQQKDBRUZXN0IFNlcnZlciwgTGltaXRlZDEUMBIG 4 | A1UEAwwLVGVzdCBTZXJ2ZXIxHzAdBgkqhkiG9w0BCQEWEHRlc3RAZXhhbXBsZS5j 5 | b20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDfN/akkqOlu+ZtMFYP 6 | Z6daRrdr6cDTkeqovFYb9hGfLckGo8yyh2yO28rQkeaQu+WVPdT/FAVG9Ox5Beiq 7 | BLzBLv1cjxgbNwiM4u3wDAkyZB9nd1G/yWHj78f5UhFATPmJkCkAHAJ5Z3LC9Vi6 8 | z/XI4ovBUs9TCgPn36RC8Zvmdqz9lEpOYQa6T1mwmbUQzg/RG0h8SIIkpW0wx36n 9 | eNGKsL0StVLJmUDBa/TgEc6vx5mpeQ3y9I4IvHYnWgXYd+8SoZDTGpYqiovSoWXU 10 | GT1M0Tv2HF/fFp+3U9muiXW1JjiVn6XD2pI38Tub8o9YBIyf6tZWO8HTMj5sJ9/o 11 | e/mXAgMBAAGggcUwgcIGCSqGSIb3DQEJDjGBtDCBsTAdBgNVHQ4EFgQU/wakBQzk 12 | o3kqS4ONY0eGz3fMApwwCQYDVR0TBAIwADALBgNVHQ8EBAMCBaAwSgYDVR0RBEMw 13 | QYILZXhhbXBsZS5jb22CD3d3dy5leGFtcGxlLmNvbYIQbWFpbC5leGFtcGxlLmNv 14 | bYIPZnRwLmV4YW1wbGUuY29tMCwGCWCGSAGG+EIBDQQfFh1PcGVuU1NMIEdlbmVy 15 | YXRlZCBDZXJ0aWZpY2F0ZTANBgkqhkiG9w0BAQsFAAOCAQEAwp9zmRYAc4S4J2i4 16 | 3eu2pDmU1lDP5Vknr+maebVMKOmdibz7PV64VzucrQx+O5pZiVOLS+wpwA0dZosg 17 | lYQnDvTI4I2JDWCjsNMbcKvgoMbtfm/FNS+CQN3PfHwPX5aSdDOj1X9pP639qQbP 18 | FgZjrbRGMOJcm5jJSb9+tI8Ie58qu9yUERyIRC6wnQUMuNnLrHrYXIisQ3QN3GEF 19 | anoOwjUw0SRxNcxEvS8pKnFKZVWh4BslxRne5q4fZQfEn6HfyEcgZwRhU+pGNcwb 20 | f4RhR0hwaIfbxvQnzlQ+jHwwhTNovKQ7OqkV8kQIadNi8M+XN3XwXv4cuHNUC1US 21 | vv85fg== 22 | -----END CERTIFICATE REQUEST----- 23 | -------------------------------------------------------------------------------- /test/yaml/raw-envoy/certs/tmp.client/serverkey.pem: -------------------------------------------------------------------------------- 1 | -----BEGIN PRIVATE KEY----- 2 | MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQDfN/akkqOlu+Zt 3 | MFYPZ6daRrdr6cDTkeqovFYb9hGfLckGo8yyh2yO28rQkeaQu+WVPdT/FAVG9Ox5 4 | BeiqBLzBLv1cjxgbNwiM4u3wDAkyZB9nd1G/yWHj78f5UhFATPmJkCkAHAJ5Z3LC 5 | 9Vi6z/XI4ovBUs9TCgPn36RC8Zvmdqz9lEpOYQa6T1mwmbUQzg/RG0h8SIIkpW0w 6 | x36neNGKsL0StVLJmUDBa/TgEc6vx5mpeQ3y9I4IvHYnWgXYd+8SoZDTGpYqiovS 7 | oWXUGT1M0Tv2HF/fFp+3U9muiXW1JjiVn6XD2pI38Tub8o9YBIyf6tZWO8HTMj5s 8 | J9/oe/mXAgMBAAECggEAH2SegnzBGTD48khHAjmgtriVWU7xuI+gAgUi0yHjTpDA 9 | 4fctdbpIETtmJbkvRRG38ypUB1/IcjdF/qtPEoJCDaVPKrJRQJqX0ECmGAmJTZX5 10 | OLL2Q1POOaFibXUWSgXJXohwy7wkuPBMmpCo3vUaaxs5boH3+ITDEdxJHMUgGOQ6 11 | o5BeGlHKnGK/mB7TLns8Llw514AOw3t3n/AYqFScZalJZ90wzJQy3nGhoqJwvgqg 12 | NrXlmR+j/CEVy79FYyTOwmgjqGdEObqikeFqP3146UOISDyMVMkxlol9oCkxag0k 13 | GY2gMxiX4qETKg+B2ULuIna48HrEK0QK5DTtY/ch4QKBgQD1AYI3mPJl479dRzf/ 14 | OuVk1xCNLn3sMa7Ao7vKu+Ew5nJyotDvz3RPTmb4rwV5zZRKJr5TsG4JioNVsRbf 15 | GbeDzcgIBAwFu7m6cw+HFkAd9mXRRgkf9Dlau7VFtV+VVCxxUMXJ7GW2/yYRoMVH 16 | /jp2cBVM4K0Ih3nd9pCB9oq8ZwKBgQDpPCywyJmDso5uYAmn6XNiaZoSVG6r9Z+f 17 | /EqYmxf0WN8Tt3N913tBM1iHh7spyqMf7FNz0o8KmJRXWXxdFryWuwGjrgHMUL1P 18 | yit2AW6ROLAzHe3ZXR15bdrYQNrz0HnX+FbTBFijP+CVhXLigcqMPxYhPiCUMBQV 19 | rsjYUtybUQKBgQCth94FJu04wXB+zryYp8xl+fWdKXrC2gWeJ9oQo7XB/ta83xkB 20 | YXxN14gTR1Oni7YmNv7DI8ksNNEE1qMObZaPYib1lng1b1sC9g/fbCEJl8VRzjsU 21 | SNR+sUiZEPecOrwnnkAY3rjEPj9maOqSLTyXOpe7lb64tcvZLJP5mPd2rQKBgDNl 22 | iUujyQCWloCINViFP2IOd19Wr9TBGd39kMq0UsEL3IzRvmea1pR1piqnpHz/JJdi 23 | UrmRSuhA21+sXpV87y4gI6pYLBlEKZOtr4ofoqfp4BpDnChsNpSNus4w7I8R/+ex 24 | 2CBEMuw2pV0NvVVg2KuzM0M8F53QQnzMuYHCMM8hAoGBAINspDE/Vxc7wKwv302a 25 | sbTPh9nHXenBAxjrCptyFl+twBBQgZw10Oj3hTUtCKFBIQz2JsBP99SFKWdHIpGS 26 | 18DcS5PrhtfW8Dg1K3gg4sAgLH0iU/XbBSRpGBZrOekIVwRl+1qlpWjFVcw7jLXV 27 | tCRytYl5tvOtYkIC2eQEaU9S 28 | -----END PRIVATE KEY----- 29 | -------------------------------------------------------------------------------- /test/yaml/raw-envoy/certs/tmp.server/index.txt: -------------------------------------------------------------------------------- 1 | V 220413115420Z 01 unknown /C=US/ST=MD/L=Baltimore/O=Test Server, Limited/CN=Test Server 2 | -------------------------------------------------------------------------------- /test/yaml/raw-envoy/certs/tmp.server/index.txt.attr: -------------------------------------------------------------------------------- 1 | unique_subject = no 2 | -------------------------------------------------------------------------------- /test/yaml/raw-envoy/certs/tmp.server/index.txt.old: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/projectcalico/vpp-dataplane/bf1252c1b0187a5d9e0cb7951509ab1f06ab597a/test/yaml/raw-envoy/certs/tmp.server/index.txt.old -------------------------------------------------------------------------------- /test/yaml/raw-envoy/certs/tmp.server/serial.txt: -------------------------------------------------------------------------------- 1 | 02 2 | -------------------------------------------------------------------------------- /test/yaml/raw-envoy/certs/tmp.server/serial.txt.old: -------------------------------------------------------------------------------- 1 | 01 2 | -------------------------------------------------------------------------------- /test/yaml/raw-envoy/certs/tmp.server/servercert.csr: -------------------------------------------------------------------------------- 1 | -----BEGIN CERTIFICATE REQUEST----- 2 | MIIDkDCCAngCAQAwgYQxCzAJBgNVBAYTAlVTMQswCQYDVQQIDAJNRDESMBAGA1UE 3 | BwwJQmFsdGltb3JlMR0wGwYDVQQKDBRUZXN0IFNlcnZlciwgTGltaXRlZDEUMBIG 4 | A1UEAwwLVGVzdCBTZXJ2ZXIxHzAdBgkqhkiG9w0BCQEWEHRlc3RAZXhhbXBsZS5j 5 | b20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDeLindvFiU2MjGD6Gt 6 | NuhkXCKfSKSHk9ycriR4vmSycYY+7bTcgsBPhHWgqE2w/PUAky2EZuu/cbMambFO 7 | RnhsvAvXkhN+Mn5MaL9XV++eEx0Bzs/9ULtK7kXDxvo09ye9jFcnupdhZYmcaziN 8 | kjScWd+qYI23jt4lT98IOKbganWADYp7NeY9V8DkQG/d3wtNE9sSaoIKVAEj8Vkf 9 | Pa+8T7wE1rtkG7SqkPK3MPPdcCKxBb/ID+NZRqmp2LvVKsgETfLh6TfVL5b04yle 10 | 3LsqT/QP2OOcGUw0PfmO2gm5TUYgLd25iJGQjnOR6z3OHlZaGAep1ahHwq31UsIh 11 | KFppAgMBAAGggcUwgcIGCSqGSIb3DQEJDjGBtDCBsTAdBgNVHQ4EFgQUIFDIXj7/ 12 | yxmSJOpNkc+tMWFK4BswCQYDVR0TBAIwADALBgNVHQ8EBAMCBaAwSgYDVR0RBEMw 13 | QYILZXhhbXBsZS5jb22CD3d3dy5leGFtcGxlLmNvbYIQbWFpbC5leGFtcGxlLmNv 14 | bYIPZnRwLmV4YW1wbGUuY29tMCwGCWCGSAGG+EIBDQQfFh1PcGVuU1NMIEdlbmVy 15 | YXRlZCBDZXJ0aWZpY2F0ZTANBgkqhkiG9w0BAQsFAAOCAQEA2UN2BVqnaxZIrjg5 16 | fWu3Q8+QnYMozwoeDdhx5/Flco1XpuhMzJhIWgutNF5hcJBj1T+3gSEZ4sHqi6fz 17 | nksELyXqWZne7Kyc9bjm83srCwyb6AVOdi0Trx10GFXGbQn+JZPANiSnW/oMHlhb 18 | FqS4b0ATJd/+t2TxIPo5YIHIDkDSV/GCSqnNE5F2bcnnt78u1tccYVt71qQ43wX6 19 | RxMiN1+lcmWCX9TB6anrQ+gkxNO2gg2ZTXkPeezgMwMwaPsjKtRQAB+Uezs8cSvf 20 | Bb1EKvDLVunW+e9PguIIMpYR04U+ySJJqpANl13Nvp2h2s8Hr+exGKrKV19gGaaZ 21 | pUZqRg== 22 | -----END CERTIFICATE REQUEST----- 23 | -------------------------------------------------------------------------------- /test/yaml/raw-envoy/certs/tmp.server/serverkey.pem: -------------------------------------------------------------------------------- 1 | -----BEGIN PRIVATE KEY----- 2 | MIIEvAIBADANBgkqhkiG9w0BAQEFAASCBKYwggSiAgEAAoIBAQDeLindvFiU2MjG 3 | D6GtNuhkXCKfSKSHk9ycriR4vmSycYY+7bTcgsBPhHWgqE2w/PUAky2EZuu/cbMa 4 | mbFORnhsvAvXkhN+Mn5MaL9XV++eEx0Bzs/9ULtK7kXDxvo09ye9jFcnupdhZYmc 5 | aziNkjScWd+qYI23jt4lT98IOKbganWADYp7NeY9V8DkQG/d3wtNE9sSaoIKVAEj 6 | 8VkfPa+8T7wE1rtkG7SqkPK3MPPdcCKxBb/ID+NZRqmp2LvVKsgETfLh6TfVL5b0 7 | 4yle3LsqT/QP2OOcGUw0PfmO2gm5TUYgLd25iJGQjnOR6z3OHlZaGAep1ahHwq31 8 | UsIhKFppAgMBAAECggEAUZ1Pj75CI9tGVUskrsY+s68MoMpEdfEg1wU5LIlz4ADH 9 | uZIEIAR/tDYKJ4vrjho9vYpS7BIKg3a2vgy7Du/gCMFC8Fsegfr2XgcUUndg9AY9 10 | X46i5IClbC7+vZ34B0DK/lvxIAzw0rxDwou4aHjOjqiM+r8hD86RV89xNEnrMv/5 11 | CnYazDgd6Ki0fMPhq6iJwTLU6lUCNhgnmXf/tt0gwbilqpCE8h8ydvJe93Sx7yFM 12 | 3CrUCGZId+WZoyvgBx2fPUWX1bcDDimPdPUFUhlEDnsA0/pX/iMPgTfYp4HfvadB 13 | kiI+jr6NuaXMeYfFP0N9K/wbfrQYq6uDeVZchEBeSQKBgQD0G7WMthGf93m62nEK 14 | tl9clsThPyHRluURn1QYKzAX3hUyNXjogzJXGcWSbZ0VvSfSyCt/f5UD0cLH8ltr 15 | aN3vZWM2tFTjyZ7t1HTxxL+qJHMU/jkJ522ii+qTv/AmwLe5EmdNyaiZ9y1Rfd5P 16 | RPCOmg6RLnn9aMmyDHjfZZWI3wKBgQDpAP1mBWyltuCrfGAo/iF4+Khc8SUJ6aK5 17 | 0ikpZpegAS2M3BUoMq9BeChRMGvkClegAnZVQueKy/Q+hWNKepMW/VZAyjUat1Ej 18 | TfA+zMRg1+82Jl6JlcHevSdf8fqBNUsECDoJ8Isq6oVfQGQkgJ8RqURQ9PixqGs4 19 | 5X4YeEXdtwKBgE5n4AZULJEO8gB8TTa9oR+iJZabqochSm5AmMgyhv4DjRdVaYJ1 20 | MWQcmQMRRhVHblUbii0nk3tokoGabJaxViegjx9xCJsplWyagv1szosdrgEeLr/p 21 | n6NIAY53ZfFskRZWvOuVTBw38kxse01GvWVwQiGLpg8o6y/PJbvLax5NAoGAK72q 22 | 1E8qYUWekbLMnoVupTYQ7Tm72UuJ59ZjMcl3p2rxMSNTuXMiYWj8MJmld27Vmk08 23 | B6+CphS5qk8CH8Y4/LTcT1dmdrh5O+Zytmdcak2/M2wqjSuW9IiP7rwPadgmWABv 24 | XNRSW+Eg3ovJAO1Ab2FWWNhUI43Zaxnx/Qf/HasCgYBLY+x7IRkCn/Pm26BjrHd6 25 | vPbCMJoTEfuXyOCRoEFddRs2hA73MzwtDNte06kJWVa6h1LTbeW3Js2ogBjfuGmL 26 | iZzuNi4xR3MaFKMjYlyJ0ornk6PWRX5omyvFH/C23MxBaYjpMJNFIkB6owokQpQI 27 | lbof5c1Oa6X5eJ0540xJMA== 28 | -----END PRIVATE KEY----- 29 | -------------------------------------------------------------------------------- /test/yaml/raw-envoy/client-envoy.yaml: -------------------------------------------------------------------------------- 1 | static_resources: 2 | listeners: 3 | - address: 4 | socket_address: 5 | address: 0.0.0.0 6 | port_value: 5201 7 | filter_chains: 8 | filters: 9 | - name: envoy.tcp_proxy 10 | config: 11 | stat_prefix: client_tcp 12 | cluster: iperfserver 13 | access_log: 14 | - name: envoy.file_access_log 15 | config: 16 | path: /dev/stdout 17 | 18 | clusters: 19 | - name: iperfserver 20 | connect_timeout: 0.25s 21 | type: strict_dns 22 | lb_policy: round_robin 23 | http2_protocol_options: {} 24 | load_assignment: 25 | cluster_name: iperfserver 26 | endpoints: 27 | - lb_endpoints: 28 | - endpoint: 29 | address: 30 | socket_address: 31 | # address: 10.60.16.39 32 | address: iperfserver 33 | port_value: 1234 34 | tls_context: 35 | common_tls_context: 36 | tls_certificates: 37 | certificate_chain: { "filename": "/etc/certs/clientcert.pem" } 38 | private_key: { "filename": "/etc/certs/clientkey.pem" } 39 | validation_context: 40 | trusted_ca: { "filename": "/etc/certs/cacert.pem" } 41 | tls_params: 42 | tls_minimum_protocol_version: TLSv1_3 43 | tls_maximum_protocol_version: TLSv1_3 44 | cipher_suites: 45 | - AES256-GCM-SHA384 46 | # - AES128-GCM-SHA256 47 | admin: 48 | access_log_path: "/dev/null" 49 | address: 50 | socket_address: 51 | address: 0.0.0.0 52 | port_value: 8001 53 | -------------------------------------------------------------------------------- /test/yaml/raw-envoy/client.Dockerfile: -------------------------------------------------------------------------------- 1 | FROM envoyproxy/envoy 2 | 3 | RUN apt-get update && apt-get install -y netcat iperf3 numactl 4 | 5 | ADD certs/cacert.pem /etc/certs/cacert.pem 6 | ADD certs/clientcert.pem /etc/certs/clientcert.pem 7 | ADD certs/clientkey.pem /etc/certs/clientkey.pem 8 | 9 | # client specifics 10 | 11 | CMD /usr/local/bin/envoy -c /etc/envoy.yaml --service-cluster client 12 | # -l debug for DEBUG 13 | -------------------------------------------------------------------------------- /test/yaml/raw-envoy/docker-compose.yml: -------------------------------------------------------------------------------- 1 | version: '2' 2 | services: 3 | 4 | iperfclient: 5 | build: 6 | context: . 7 | dockerfile: client.Dockerfile 8 | container_name: ipc 9 | cgroup_parent: nat-docker-node1 10 | volumes: 11 | - ./client-envoy.yaml:/etc/envoy.yaml 12 | networks: 13 | - envoymesh 14 | expose: 15 | - 1234 16 | 17 | iperfserver: 18 | build: 19 | context: . 20 | dockerfile: server.Dockerfile 21 | container_name: ips 22 | cgroup_parent: nat-docker-node1 23 | volumes: 24 | - ./server-envoy.yaml:/etc/envoy.yaml 25 | networks: 26 | - envoymesh 27 | expose: 28 | - 1234 29 | 30 | networks: 31 | envoymesh: {} 32 | -------------------------------------------------------------------------------- /test/yaml/raw-envoy/envoy-fips.Dockerfile: -------------------------------------------------------------------------------- 1 | FROM ubuntu:18.04 2 | 3 | RUN apt-get update && apt-get -q install -y curl \ 4 | iperf3 \ 5 | gcc \ 6 | pkg-config \ 7 | zip \ 8 | unzip \ 9 | g++ \ 10 | zlib1g-dev \ 11 | python3 \ 12 | wget \ 13 | libtool \ 14 | cmake \ 15 | clang-format-8 \ 16 | automake \ 17 | autoconf \ 18 | make \ 19 | ninja-build \ 20 | curl \ 21 | virtualenv \ 22 | golang-go \ 23 | git 24 | 25 | RUN go get -u github.com/bazelbuild/buildtools/buildifier 26 | 27 | RUN echo "deb [arch=amd64] https://storage.googleapis.com/bazel-apt stable jdk1.8" | tee /etc/apt/sources.list.d/bazel.list 28 | RUN curl https://bazel.build/bazel-release.pub.gpg | apt-key add - 29 | 30 | RUN apt-get update && apt-get -q install -y bazel 31 | 32 | RUN cd /usr/local/share && git clone https://github.com/envoyproxy/envoy.git 33 | RuN cd /usr/local/share/envoy && git checkout v1.11.0 34 | RUN cd /usr/local/share/envoy && \ 35 | bazel --bazelrc=/dev/null build --define boringssl=fips -c opt //source/exe:envoy-static.stripped 36 | RUN ln -s /usr/local/share/envoy/bazel-bin/source/exe/envoy-static /usr/local/bin/envoy 37 | -------------------------------------------------------------------------------- /test/yaml/raw-envoy/envoy_test.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | create_ca_signed_cert () { 4 | # source : https://stackoverflow.com/questions/21297139/how-do-you-sign-a-certificate-signing-request-with-your-certification-authority/21340898#21340898 5 | mkdir tmp.$1 6 | cd tmp.$1 7 | cp ../cacert.pem . 8 | cp ../cakey.pem . 9 | # Create CSR 10 | openssl req -config ../../openssl-server.cnf -newkey rsa:2048 -sha256 -nodes -out servercert.csr -outform PEM 11 | 12 | # Sign CSR 13 | touch index.txt 14 | echo '01' > serial.txt 15 | openssl ca -config ../../openssl-ca.cnf -policy signing_policy -extensions signing_req -out servercert.pem -infiles servercert.csr 16 | 17 | # teardown 18 | cp servercert.pem ../$1cert.pem 19 | cp serverkey.pem ../$1key.pem 20 | cd .. 21 | } 22 | 23 | if [ "$1" = "sync" ]; then 24 | rsync -avz --delete --exclude=docker-compose.yml --exclude=.git ../../* vq1:~/provision-kvpp/ 25 | rsync -avz --delete --exclude=docker-compose.yml --exclude=.git ../../* vq2:~/provision-kvpp/ 26 | echo "Then ssh vq2 & docker exec -it ipc iperf3 -c 127.0.0.1" 27 | elif [ "$1" = "certs" ]; then 28 | rm -rf certs 29 | mkdir certs 30 | cd certs 31 | 32 | # Create CA certs 33 | openssl req -x509 -config ../openssl-ca.cnf -newkey rsa:4096 -sha256 -nodes -out cacert.pem -outform PEM 34 | 35 | create_ca_signed_cert server 36 | create_ca_signed_cert client 37 | else 38 | echo "Usage" 39 | echo "$0 sync" 40 | echo "$0 certs" 41 | fi 42 | -------------------------------------------------------------------------------- /test/yaml/raw-envoy/openssl-server.cnf: -------------------------------------------------------------------------------- 1 | HOME = . 2 | RANDFILE = $ENV::HOME/.rnd 3 | 4 | #################################################################### 5 | [ req ] 6 | default_bits = 2048 7 | default_keyfile = serverkey.pem 8 | distinguished_name = server_distinguished_name 9 | req_extensions = server_req_extensions 10 | string_mask = utf8only 11 | 12 | #################################################################### 13 | [ server_distinguished_name ] 14 | countryName = Country Name (2 letter code) 15 | countryName_default = US 16 | 17 | stateOrProvinceName = State or Province Name (full name) 18 | stateOrProvinceName_default = MD 19 | 20 | localityName = Locality Name (eg, city) 21 | localityName_default = Baltimore 22 | 23 | organizationName = Organization Name (eg, company) 24 | organizationName_default = Test Server, Limited 25 | 26 | commonName = Common Name (e.g. server FQDN or YOUR name) 27 | commonName_default = Test Server 28 | 29 | emailAddress = Email Address 30 | emailAddress_default = test@example.com 31 | 32 | #################################################################### 33 | [ server_req_extensions ] 34 | 35 | subjectKeyIdentifier = hash 36 | basicConstraints = CA:FALSE 37 | keyUsage = digitalSignature, keyEncipherment 38 | subjectAltName = @alternate_names 39 | nsComment = "OpenSSL Generated Certificate" 40 | 41 | #################################################################### 42 | [ alternate_names ] 43 | 44 | DNS.1 = example.com 45 | DNS.2 = www.example.com 46 | DNS.3 = mail.example.com 47 | DNS.4 = ftp.example.com -------------------------------------------------------------------------------- /test/yaml/raw-envoy/server-entrypoint.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | iperf3 -s @$ & 3 | /usr/local/bin/envoy -c /etc/envoy.yaml --service-cluster server # add "-l debug" to DEBUG 4 | -------------------------------------------------------------------------------- /test/yaml/raw-envoy/server-envoy.yaml: -------------------------------------------------------------------------------- 1 | static_resources: 2 | listeners: 3 | - address: 4 | socket_address: 5 | address: 0.0.0.0 6 | port_value: 1234 7 | filter_chains: 8 | tls_context: 9 | common_tls_context: 10 | tls_certificates: 11 | certificate_chain: { "filename": "/etc/certs/servercert.pem" } 12 | private_key: { "filename": "/etc/certs/serverkey.pem" } 13 | validation_context: 14 | trusted_ca: { "filename": "/etc/certs/cacert.pem" } 15 | tls_params: 16 | tls_minimum_protocol_version: TLSv1_3 17 | tls_maximum_protocol_version: TLSv1_3 18 | cipher_suites: 19 | - AES256-GCM-SHA384 20 | # - AES128-GCM-SHA256 21 | filters: 22 | - name: envoy.tcp_proxy 23 | config: 24 | stat_prefix: server_tcp 25 | cluster: local_service 26 | access_log: 27 | - name: envoy.file_access_log 28 | config: 29 | path: /dev/stdout 30 | clusters: 31 | - name: local_service 32 | connect_timeout: 0.25s 33 | type: strict_dns 34 | lb_policy: round_robin 35 | load_assignment: 36 | cluster_name: local_service 37 | endpoints: 38 | - lb_endpoints: 39 | - endpoint: 40 | address: 41 | socket_address: 42 | address: 127.0.0.1 43 | port_value: 5201 44 | admin: 45 | access_log_path: "/dev/null" 46 | address: 47 | socket_address: 48 | address: 0.0.0.0 49 | port_value: 8001 50 | -------------------------------------------------------------------------------- /test/yaml/raw-envoy/server.Dockerfile: -------------------------------------------------------------------------------- 1 | FROM envoyproxy/envoy 2 | 3 | RUN apt-get update && apt-get install -y netcat iperf3 numactl 4 | 5 | ADD certs/cacert.pem /etc/certs/cacert.pem 6 | ADD certs/servercert.pem /etc/certs/servercert.pem 7 | ADD certs/serverkey.pem /etc/certs/serverkey.pem 8 | 9 | # server specifics 10 | 11 | ADD server-entrypoint.sh /run/server-entrypoint.sh 12 | 13 | RUN chmod +x /run/server-entrypoint.sh 14 | 15 | ADD certs/cacert.pem /etc/certs/cacert.pem 16 | ADD certs/servercert.pem /etc/certs/servercert.pem 17 | ADD certs/serverkey.pem /etc/certs/serverkey.pem 18 | 19 | ENTRYPOINT ["/run/server-entrypoint.sh"] -------------------------------------------------------------------------------- /test/yaml/scalepods/Dockerfile: -------------------------------------------------------------------------------- 1 | FROM scratch 2 | 3 | ADD scalepods /scalepods 4 | 5 | ENTRYPOINT ["/scalepods"] 6 | -------------------------------------------------------------------------------- /test/yaml/scalepods/scalepods.go: -------------------------------------------------------------------------------- 1 | package main 2 | 3 | import ( 4 | "time" 5 | ) 6 | 7 | func main() { 8 | for { 9 | time.Sleep(2 * time.Second) 10 | } 11 | } 12 | -------------------------------------------------------------------------------- /test/yaml/scalepods/test.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: apps/v1 3 | kind: ReplicaSet 4 | metadata: 5 | namespace: scalepods 6 | name: scalepods-repl 7 | labels: 8 | app: scalepods 9 | spec: 10 | replicas: 1000 11 | selector: 12 | matchLabels: 13 | app: scalepods 14 | template: 15 | metadata: 16 | labels: 17 | app: scalepods 18 | spec: 19 | containers: 20 | - name: scalepods 21 | image: calicovpp/test-scalepods 22 | imagePullPolicy: IfNotPresent 23 | ports: 24 | - containerPort: 80 25 | --- 26 | apiVersion: v1 27 | kind: Service 28 | metadata: 29 | namespace: scalepods 30 | name: scalepods-service-1 31 | spec: 32 | selector: 33 | app: scalepods 34 | ports: 35 | - protocol: TCP 36 | port: 80 37 | targetPort: 80 -------------------------------------------------------------------------------- /test/yaml/scalesvc/.gitignore: -------------------------------------------------------------------------------- 1 | scalesvc -------------------------------------------------------------------------------- /test/yaml/simple-vcl/Dockerfile: -------------------------------------------------------------------------------- 1 | FROM ubuntu:20.04 2 | 3 | RUN apt-get update && apt-get install -y gcc \ 4 | curl gnupg apt-transport-https && \ 5 | curl -L https://packagecloud.io/fdio/2110/gpgkey | apt-key add - && \ 6 | echo "deb https://packagecloud.io/fdio/2110/ubuntu/ focal main" \ 7 | >> /etc/apt/sources.list.d/fdio_2110.list && \ 8 | echo "deb-src https://packagecloud.io/fdio/2110/ubuntu/ focal main" \ 9 | >> /etc/apt/sources.list.d/fdio_2110.list && \ 10 | apt-get update 11 | RUN apt-get install -y vpp vpp-dev libvppinfra libvppinfra-dev 12 | ADD vcl.conf /etc/vpp/vcl.conf 13 | 14 | RUN mkdir /scratch 15 | 16 | ADD client.c /scratch 17 | ADD server.c /scratch 18 | RUN cd /scratch && \ 19 | gcc client.c -lvppcom -o client && \ 20 | gcc server.c -lvppcom -o server 21 | 22 | ENTRYPOINT ["tail", "-f", "/dev/null"] 23 | -------------------------------------------------------------------------------- /test/yaml/simple-vcl/README.md: -------------------------------------------------------------------------------- 1 | Usage 2 | ===== 3 | 4 | This describes how to run a simple VCL test application in Calico/VPP. 5 | 6 | Enabling VCL 7 | ------------ 8 | 9 | First ensure your calico/vpp cluster is running with VCL enabled 10 | ```console 11 | $ kubectl -n calico-vpp-dataplane exec -it calico-vpp-node- -c agent -- env | grep CALICOVPP_ENABLE_VCL 12 | CALICOVPP_ENABLE_VCL=true 13 | ``` 14 | 15 | To produce this output, your calico-vpp.yaml should look like this : 16 | ```yaml 17 | metadata: 18 | name: calico-vpp-node 19 | namespace: calico-vpp-dataplane 20 | spec: 21 | template: 22 | spec: 23 | containers: 24 | - name: agent 25 | env: 26 | - name: CALICOVPP_ENABLE_VCL 27 | value: "true" 28 | ``` 29 | 30 | Creating pods 31 | ------------- 32 | 33 | You can then create the pods 34 | 35 | ```console 36 | $ kubectl create namespace simple-vcl 37 | $ kubectl apply -f ./test.yaml 38 | ``` 39 | 40 | Once the pods are running you will see something like 41 | 42 | ```console 43 | kubectl -n simple-vcl get pods -o wide 44 | NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES 45 | vcl-client 1/1 Running 0 20s 10.0.104.3 node2 46 | vcl-server 1/1 Running 0 20s 10.0.166.130 node1 47 | ``` 48 | 49 | To run the test launch a server 50 | 51 | ```console 52 | $ kubectl -n simple-vcl exec -it vcl-server -- /scratch/server 10.0.166.130 1234 53 | Server IP = 10.0.166.130 Port = 1234 54 | Creating VCL app.... 55 | Creating VCL session... 56 | Bind... 57 | Listen... 58 | ``` 59 | 60 | And a client 61 | ```console 62 | $ kubectl -n simple-vcl exec -it vcl-client -- /scratch/client 10.0.166.130 1234 63 | server ip = 10.0.166.130 port = 1234 64 | 65 | Creating VCL app... 66 | Creating VCL session... 67 | Connecting to server... 68 | Sending data to server: Hello there! 69 | 70 | Server replied with: Hello there! 71 | ``` 72 | 73 | That's it ! 74 | 75 | -------------------------------------------------------------------------------- /test/yaml/simple-vcl/test.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: v1 3 | kind: Pod 4 | metadata: 5 | name: vcl-client 6 | namespace: simple-vcl 7 | annotations: 8 | "cni.projectcalico.org/vppVcl": "enable" 9 | spec: 10 | containers: 11 | - name: simple-client 12 | image: calicovpp/test-simple-vcl 13 | imagePullPolicy: IfNotPresent 14 | --- 15 | apiVersion: v1 16 | kind: Pod 17 | metadata: 18 | name: vcl-server 19 | namespace: simple-vcl 20 | annotations: 21 | "cni.projectcalico.org/vppVcl": "enable" 22 | spec: 23 | containers: 24 | - name: simple-client 25 | image: calicovpp/test-simple-vcl 26 | imagePullPolicy: IfNotPresent 27 | -------------------------------------------------------------------------------- /test/yaml/simple-vcl/vcl.conf: -------------------------------------------------------------------------------- 1 | vcl { 2 | rx-fifo-size 4000000 3 | tx-fifo-size 4000000 4 | app-scope-local 5 | app-scope-global 6 | app-socket-api @vpp/session 7 | } 8 | -------------------------------------------------------------------------------- /test/yaml/testpmd/Dockerfile: -------------------------------------------------------------------------------- 1 | FROM ubuntu:20.04 2 | 3 | RUN apt-get update && apt-get install -y \ 4 | curl xz-utils python3 python3-pip gcc make libnuma-dev numactl 5 | RUN pip3 install meson pyelftools ninja 6 | 7 | ADD patches/* /tmp/dpdk/patches/ 8 | 9 | RUN curl http://fast.dpdk.org/rel/dpdk-21.02.tar.xz -o /tmp/dpdk/dpdk-21.02.tar.xz && \ 10 | cd /tmp/dpdk && \ 11 | tar -xvf dpdk-21.02.tar.xz && \ 12 | cd /tmp/dpdk/dpdk-21.02 && \ 13 | patch -p1 < /tmp/dpdk/patches/0000-memif-abstract-fix.patch && \ 14 | cd /tmp/dpdk/dpdk-21.02 && \ 15 | meson build && ninja -C build && \ 16 | cp ./build/app/dpdk-testpmd /usr/local/bin/testpmd && \ 17 | rm -rf /tmp/dpdk 18 | 19 | ADD memif-testpmd.sh /usr/bin/memif-testpmd 20 | RUN chmod +x /usr/bin/memif-testpmd 21 | 22 | ENTRYPOINT ["tail", "-f", "/dev/null"] 23 | -------------------------------------------------------------------------------- /test/yaml/testpmd/README.md: -------------------------------------------------------------------------------- 1 | Usage 2 | ===== 3 | 4 | Deploy the yaml 5 | 6 | ```shell 7 | kubectl create namespace testpmd 8 | kubectl apply -f test.yaml 9 | ``` 10 | 11 | Start testpmd (4-6 being the CPU range on which to run testpmd) 12 | ```shell 13 | kubectl -n testpmd exec -it testpmd memif-testpmd 4-6 14 | ``` 15 | 16 | The annotation in the yaml specification of the pod specifies that 17 | packets to the PodIP destined to ports between 4444 and 20000 for 18 | both TCP and UDP will be sent to the memif, and end up in testpmd. 19 | ```yaml 20 | annotations: 21 | "cni.projectcalico.org/vppExtraMemifPorts": "tcp:4444-20000,udp:4444-20000" 22 | ``` 23 | 24 | Testpmd is started in 5tuple swap mode, meaning it will mirror all the packets 25 | it receives. In order to test it, either send a single TCP packet, e.g. 26 | `curl http://:4444` from another container or a cluster node. 27 | 28 | Alternatively you can also use a traffic generator like trex (see the corresponding 29 | yaml under [../trex](../trex)) 30 | 31 | 32 | 33 | 34 | -------------------------------------------------------------------------------- /test/yaml/testpmd/memif-testpmd.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | LCORES=$1 3 | if [[ x$LCORES = x ]]; then 4 | echo "Please provide a core list (e.g. 4-6)" 5 | echo "Cores available :" 6 | cat /sys/devices/system/cpu/online 7 | exit 1 8 | fi 9 | testpmd --iova-mode=va \ 10 | -l $LCORES \ 11 | --log-level pmd.net.memif:debug \ 12 | --log-level eal:debug \ 13 | --in-memory \ 14 | --no-pci \ 15 | --proc-type primary \ 16 | --vdev=net_memif,role=client,socket=vpp/memif-eth0,socket-abstract=yes,zero-copy=no \ 17 | -- --auto-start \ 18 | --forward-mode=5tswap \ 19 | --burst=32 \ 20 | --rxq=1 \ 21 | --txq=1 \ 22 | --nb-cores=1 \ 23 | --no-numa 24 | -------------------------------------------------------------------------------- /test/yaml/testpmd/test.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: v1 3 | kind: Pod 4 | metadata: 5 | labels: 6 | app: testpmd 7 | name: testpmd 8 | namespace: testpmd 9 | annotations: 10 | "cni.projectcalico.org/vppExtraMemifPorts": "tcp:4444-20000,udp:4444-20000" 11 | spec: 12 | containers: 13 | - name: testpmd 14 | image: calicovpp/test-testpmd 15 | imagePullPolicy: IfNotPresent 16 | securityContext: 17 | privileged: true 18 | ports: 19 | - containerPort: 4444 20 | resources: 21 | limits: 22 | memory: 2Gi 23 | hugepages-2Mi: 2Gi 24 | volumeMounts: 25 | - mountPath: /hugepages 26 | name: hugepage 27 | volumes: 28 | - name: hugepage 29 | emptyDir: 30 | medium: HugePages 31 | --- 32 | apiVersion: v1 33 | kind: Service 34 | metadata: 35 | namespace: testpmd 36 | name: testpmd-service 37 | spec: 38 | selector: 39 | app: testpmd 40 | ports: 41 | - protocol: UDP 42 | port: 4444 -------------------------------------------------------------------------------- /test/yaml/trex/Dockerfile: -------------------------------------------------------------------------------- 1 | FROM ubuntu:22.04 2 | 3 | RUN apt-get update && apt-get install -y \ 4 | python3 libzmq5 python3-distutils iproute2 \ 5 | nano gettext 6 | 7 | ADD trex-console.sh /usr/local/bin/trex-console 8 | ADD trex-start.sh /usr/local/bin/trex-start 9 | 10 | ADD trex-bins/t-rex-64 /usr/local/bin/trex 11 | ADD trex-bins/trex-interactive /usr/local/share/trex-interactive 12 | ADD trex-bins/trex-external_libs /usr/local/share/trex-external_libs 13 | ADD trex-bins/libbpf-64.so /usr/lib/libbpf-64.so 14 | 15 | RUN mkdir -p /trex-scripts 16 | ADD trex_template.py /trex-scripts 17 | 18 | ENTRYPOINT ["tail", "-f", "/dev/null"] 19 | -------------------------------------------------------------------------------- /test/yaml/trex/README.md: -------------------------------------------------------------------------------- 1 | Usage 2 | ===== 3 | 4 | Deploy the yaml 5 | 6 | ``` 7 | kubectl create namespace trex 8 | kubectl apply -f test.yaml 9 | ``` 10 | 11 | Start trex 12 | ``` 13 | kubectl exec -it -n trex trex -- bash 14 | $ trex-start 15 | # Ctrl-C to quit 16 | ``` 17 | 18 | Start the console 19 | ``` 20 | kubectl exec -it -n trex trex -- bash 21 | $ DST_ADDRESS=1.2.3.4 DST_PORT=4444 trex-console 22 | ``` 23 | 24 | In the console, start the packet generation 25 | ``` 26 | $ trex-console 27 | # (q) to quit 28 | $ start -f /trex-scripts/trex.py -p 0 -m 10mbps 29 | ## To show stats (use q to quit) 30 | $ tui 31 | ## To update to full speed 32 | $ update -m 100% 33 | ## To stop traffic generation 34 | $ stop -a 35 | ``` -------------------------------------------------------------------------------- /test/yaml/trex/build.Dockerfile: -------------------------------------------------------------------------------- 1 | FROM ubuntu:22.04 2 | 3 | RUN apt-get update && apt-get install -y \ 4 | gcc g++ git zlib1g-dev pciutils kmod \ 5 | python3-pip 6 | RUN pip3 install meson pyelftools ninja 7 | RUN mkdir -p /scratch/patches 8 | 9 | ADD build_script.sh /scratch/build_script.sh 10 | 11 | CMD /scratch/build_script.sh 12 | 13 | 14 | -------------------------------------------------------------------------------- /test/yaml/trex/build_script.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | set -o errexit 4 | 5 | mkdir -p ${BUILD_DIR}/trex_build 6 | cd ${BUILD_DIR}/trex_build 7 | 8 | if [ ! -d trex-core ]; then 9 | git clone -b v3.06 https://github.com/cisco-system-traffic-generator/trex-core.git 10 | cd trex-core/linux_dpdk 11 | ./b configure 12 | fi 13 | 14 | cd ${BUILD_DIR}/trex_build/trex-core/linux_dpdk 15 | ./b build 16 | -------------------------------------------------------------------------------- /test/yaml/trex/test.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: v1 3 | kind: Pod 4 | metadata: 5 | name: trex 6 | namespace: trex 7 | annotations: 8 | "cni.projectcalico.org/vppExtraMemifPorts": "tcp:4444-20000,udp:4444-20000" 9 | spec: 10 | containers: 11 | - name: trex 12 | image: calicovpp/test-trex:v3.06 13 | imagePullPolicy: IfNotPresent 14 | securityContext: 15 | privileged: true 16 | ports: 17 | - containerPort: 4444 18 | resources: 19 | limits: 20 | memory: 1Gi 21 | hugepages-2Mi: 1Gi 22 | volumeMounts: 23 | - mountPath: /hugepages 24 | name: hugepage 25 | volumes: 26 | - name: hugepage 27 | emptyDir: 28 | medium: HugePages 29 | -------------------------------------------------------------------------------- /test/yaml/trex/trex-console.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | function generate_trex_py () { 4 | IP_ADDR=$(ip -4 addr show eth0 | grep inet | awk '{print $2}' | cut -d '/' -f 1) 5 | export SRC_ADDRESS=$IP_ADDR 6 | export DST_ADDRESS=${DST_ADDRESS:-1.2.3.4} 7 | export DST_PORT=${DST_PORT:-4444} 8 | export SRC_PORT=${SRC_PORT:-4444} 9 | export SRC_PORT2=${SRC_PORT2:-$SRC_PORT} 10 | echo "Using $SRC_ADDRESS:[$SRC_PORT..$SRC_PORT2] -> $DST_ADDRESS:$DST_PORT" 11 | cat /trex-scripts/trex_template.py | envsubst > /trex-scripts/trex.py 12 | echo "$ trex-console" 13 | echo "$ start -f /trex-scripts/trex.py -p 0 -m 10mbps" 14 | echo "## To show stats (use q to quit)" 15 | echo "$ tui" 16 | echo "## To update to full speed" 17 | echo "$ update -m 100%" 18 | echo "## To stop traffic generation" 19 | echo "$ stop -a" 20 | } 21 | 22 | generate_trex_py 23 | 24 | export PYTHONPATH=/usr/local/share/trex-interactive 25 | export TREX_EXT_LIBS=/usr/local/share/trex-external_libs 26 | 27 | python3 -m trex.console.trex_console $@ 28 | -------------------------------------------------------------------------------- /test/yaml/trex/trex-start.sh: -------------------------------------------------------------------------------- 1 | 2 | function generate_trex_conf () { 3 | echo "--- 4 | - port_limit: 2 5 | version: 2 6 | interfaces: ['--vdev=net_memif,role=client,socket=vpp/memif-eth0,socket-abstract=yes,zero-copy=no', 'dummy'] 7 | c: 4 8 | port_info: 9 | - dest_mac: 02:00:00:00:00:02 10 | src_mac: 02:00:00:00:00:01 11 | platform: 12 | master_thread_id: 15 13 | latency_thread_id: 16 14 | dual_if: 15 | - socket: 0 16 | threads: [17, 18, 19, 20] 17 | - socket: 1 18 | threads: [21, 22, 23, 36] 19 | " > /etc/trex_cfg.yaml 20 | } 21 | 22 | generate_trex_conf 23 | trex -i $@ 24 | 25 | -------------------------------------------------------------------------------- /test/yaml/trex/trex_template.py: -------------------------------------------------------------------------------- 1 | from trex_stl_lib.api import * 2 | 3 | class STLS1(object): 4 | 5 | def create_stream (self): 6 | 7 | base_pkt = Ether()/IP(dst="${DST_ADDRESS}")/UDP(dport=${DST_PORT}) 8 | size = 1440 9 | 10 | pad = max(0, size - len(base_pkt) - 4) * 'x' 11 | 12 | vm = STLVM() 13 | 14 | vm.tuple_var(name="tuple", ip_min="${SRC_ADDRESS}", ip_max="${SRC_ADDRESS}", 15 | port_min=${SRC_PORT}, port_max=${SRC_PORT2}, limit_flows=10000) 16 | 17 | vm.write(fv_name="tuple.ip", pkt_offset="IP.src") 18 | vm.fix_chksum() 19 | 20 | vm.write(fv_name="tuple.port", pkt_offset="UDP.sport") 21 | 22 | pkt = STLPktBuilder(pkt=base_pkt/pad, vm=vm) 23 | 24 | return STLStream(packet=pkt, mode=STLTXCont()) 25 | 26 | def get_streams (self, direction = 0, **kwargs): 27 | return [self.create_stream()] 28 | 29 | 30 | # dynamic load - used for trex console or simulator 31 | def register(): 32 | return STLS1() 33 | 34 | 35 | 36 | # start -f trex.py -m 10mbps -p 0 -------------------------------------------------------------------------------- /test/yaml/wrk/Dockerfile: -------------------------------------------------------------------------------- 1 | FROM ubuntu:18.04 2 | 3 | RUN apt-get update && apt-get install -y \ 4 | iperf \ 5 | iproute2 \ 6 | net-tools \ 7 | iptables \ 8 | iproute2 \ 9 | iputils-ping \ 10 | inetutils-traceroute \ 11 | netcat \ 12 | dnsutils \ 13 | tcpdump \ 14 | git \ 15 | build-essential \ 16 | python3 \ 17 | unzip \ 18 | curl 19 | 20 | RUN mkdir -p /root/patches 21 | ADD ./patches/*.patch /root/patches/ 22 | 23 | RUN cd /root && \ 24 | git clone https://github.com/wg/wrk && \ 25 | cd wrk && \ 26 | patch -p1 < /root/patches/0001-no-keepalive-option.patch && \ 27 | rm -r /root/patches && \ 28 | make -j8 29 | 30 | ADD wrk.py /root/wrk/wrk.py 31 | WORKDIR /root/wrk 32 | 33 | ENTRYPOINT ["tail", "-f", "/dev/null"] -------------------------------------------------------------------------------- /test/yaml/wrk/test.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Pod 3 | metadata: 4 | name: wrk-client 5 | namespace: wrk 6 | spec: 7 | containers: 8 | - name: wrk-client 9 | image: calicovpp/test-wrk 10 | imagePullPolicy: IfNotPresent 11 | securityContext: 12 | privileged: true 13 | --- -------------------------------------------------------------------------------- /vpp-manager/README.md: -------------------------------------------------------------------------------- 1 | # VPP Manager 2 | 3 | This simple program manages VPP in the context of the Calico-VPP intgration. 4 | It is responsible for: 5 | - VPP IP configuration. It supports statically replicating the linux configuration, getting the configuration from the Calico node object, and using DHCP. It creates a tap interface in Linux that gives the host access to the container network. If this configuration fails, this program cleanly aborts. 6 | - Init program responsibilities: it propagates received signals to VPP. Since VPP should not spawn any other processes, zombie reaping is not necessary. 7 | - Cleanup: When VPP exits, it properly restores the configuration to what it was before launch, so that Linux gets connectivity back if there is only one interface. This program then exits with VPP's exit code. 8 | -------------------------------------------------------------------------------- /vpp-manager/images/dev/Dockerfile: -------------------------------------------------------------------------------- 1 | FROM ubuntu:22.04 2 | 3 | LABEL maintainer="nskrzypc@cisco.com" 4 | 5 | WORKDIR /root/ 6 | 7 | RUN apt-get update \ 8 | && apt-get install -y openssl libapr1 libnuma1 libasan5 \ 9 | libmbedcrypto7 libmbedtls14 libmbedx509-1 libsubunit0 \ 10 | iptables iproute2 iputils-ping inetutils-traceroute \ 11 | netcat-openbsd ethtool gdb \ 12 | && rm -rf /var/lib/apt/lists/* 13 | 14 | ADD entrypoint.sh /usr/bin/entrypoint 15 | ADD vpp.sh /usr/bin/vpp 16 | ADD vppctl.sh /usr/bin/vppctl 17 | 18 | RUN chmod +x /usr/bin/entrypoint /usr/bin/vppctl /usr/bin/vpp 19 | ADD vppdev.sh /usr/bin/calivppctl 20 | 21 | ENTRYPOINT ["/usr/bin/entrypoint"] 22 | -------------------------------------------------------------------------------- /vpp-manager/images/dev/entrypoint.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | VPP_MANAGER=/repo/vpp-manager/images/ubuntu/vpp-manager 4 | 5 | _trap() { 6 | echo "Caught $1 signal!" 7 | kill -$1 "$child" 2>/dev/null 8 | } 9 | 10 | trap "_trap TERM" SIGTERM 11 | trap "_trap KILL" SIGKILL 12 | trap "_trap INT" SIGINT 13 | trap "_trap QUIT" SIGQUIT 14 | trap "_trap HUP" SIGHUP 15 | trap "_trap ABRT" SIGABRT 16 | 17 | # This targets a vpp that is compiled separately 18 | # living in $VPP_DIR which is mounted 19 | # from the host home by yaml/overlays/dev 20 | 21 | # Assumes that 22 | # vpp was built by make -C vpp-manager/ vpp 23 | 24 | if [[ "x$DEBUG" == xsleep ]]; then 25 | tail -f /dev/null 26 | else 27 | $VPP_MANAGER & 28 | child=$! 29 | while kill -0 $child > /dev/null 2>&1 30 | do 31 | wait $child 32 | done 33 | fi -------------------------------------------------------------------------------- /vpp-manager/images/dev/vpp.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | VPP_DIR=/repo/vpp-manager/vpp_build 4 | 5 | _trap() { 6 | echo "Caught $1 signal!" 7 | kill -$1 "$child" 2>/dev/null 8 | } 9 | 10 | trap "_trap TERM" SIGTERM 11 | trap "_trap KILL" SIGKILL 12 | trap "_trap INT" SIGINT 13 | trap "_trap QUIT" SIGQUIT 14 | trap "_trap HUP" SIGHUP 15 | trap "_trap ABRT" SIGABRT 16 | 17 | # This targets a vpp that is compiled separately 18 | # living in $VPP_DIR which is mounted 19 | # from the host home by yaml/overlays/dev 20 | 21 | # Assumes that 22 | # vpp was built by make -C vpp-manager/ vpp 23 | 24 | if [[ "x$DEBUG" != x ]]; then 25 | VPP="$VPP_DIR/build-root/install-vpp_debug-native/vpp" 26 | else 27 | VPP="$VPP_DIR/build-root/install-vpp-native/vpp" 28 | fi 29 | 30 | export LD_LIBRARY_PATH=$VPP/lib/x86_64-linux-gnu 31 | $VPP/bin/vpp $@ & 32 | child=$! 33 | while kill -0 $child > /dev/null 2>&1 34 | do 35 | wait $child 36 | done 37 | -------------------------------------------------------------------------------- /vpp-manager/images/dev/vppctl.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | VPP_DIR=/repo/vpp-manager/vpp_build 4 | 5 | # This targets a vpp that is compiled separately 6 | # living in $VPP_DIR which is mounted 7 | # from the host home by yaml/overlays/dev 8 | 9 | # Assumes that 10 | # vpp was built by make -C vpp-manager/ vpp 11 | 12 | if [[ "x$DEBUG" != x ]]; then 13 | VPP="$VPP_DIR/build-root/install-vpp_debug-native/vpp" 14 | else 15 | VPP="$VPP_DIR/build-root/install-vpp-native/vpp" 16 | fi 17 | 18 | export LD_LIBRARY_PATH=$VPP/lib/x86_64-linux-gnu 19 | $VPP/bin/vppctl $@ 20 | -------------------------------------------------------------------------------- /vpp-manager/images/init-eks/Dockerfile: -------------------------------------------------------------------------------- 1 | FROM centos:8 2 | 3 | LABEL maintainer="nskrzypc@cisco.com" 4 | 5 | ADD init_eks.sh /init_eks.sh 6 | ADD entrypoint.sh /entrypoint.sh 7 | 8 | ENTRYPOINT ["/entrypoint.sh"] 9 | -------------------------------------------------------------------------------- /vpp-manager/images/init-eks/entrypoint.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | cp /init_eks.sh /host/usr/local/bin/init_eks.sh 4 | cat << EOF | chroot /host 5 | /usr/local/bin/init_eks.sh 6 | EOF 7 | 8 | # sleep 10 years 9 | sleep 315360000 10 | -------------------------------------------------------------------------------- /vpp-manager/images/ubuntu-build/Dockerfile: -------------------------------------------------------------------------------- 1 | FROM ubuntu:22.04 2 | 3 | LABEL maintainer="aloaugus@cisco.com" 4 | 5 | # DEB_DEPENDS from VPP's Makefile, added here to be cached 6 | # This must be updated when the list of VPP dependencies change 7 | RUN apt-get update \ 8 | && DEBIAN_FRONTEND=noninteractive apt-get install -y \ 9 | curl build-essential autoconf automake ccache \ 10 | debhelper dkms git libtool libapr1-dev dh-python \ 11 | libconfuse-dev git-review exuberant-ctags cscope pkg-config \ 12 | gcovr lcov chrpath autoconf libnuma-dev \ 13 | python3-all python3-setuptools check \ 14 | libffi-dev python3-ply \ 15 | cmake ninja-build python3-jsonschema python3-yaml \ 16 | python3-venv \ 17 | python3-dev python3-pip \ 18 | libnl-3-dev libnl-route-3-dev libmnl-dev \ 19 | python3-virtualenv \ 20 | libssl-dev \ 21 | libelf-dev libpcap-dev \ 22 | iperf3 \ 23 | nasm \ 24 | iperf ethtool \ 25 | libpcap-dev \ 26 | python3-virtualenv \ 27 | libssl-dev \ 28 | clang clang-format-11 \ 29 | libffi7 \ 30 | enchant-2 \ 31 | tshark \ 32 | libllvm15 libclang-cpp15 clang-format-15 libonig5 libjq1 jq libunwind8 liblzma-dev libunwind-dev \ 33 | libiberty-dev 34 | 35 | WORKDIR / 36 | 37 | # Hack around tar issue setting symlinks mtime on mac os bind mounts 38 | # This issue only happens on the dpdk tarball, and the -m flag causes 39 | # nasm to try to rebuild things that fail, hence the if 40 | RUN cd /usr/bin; mv tar tar.orig && \ 41 | echo '#!/bin/bash\nif [[ "$*" == *dpdk* || "$*" == *rdma* ]] ; then ARGS="-m" ; fi\n/usr/bin/tar.orig $ARGS --no-same-owner "$@"' > tar && \ 42 | chmod a+x tar 43 | 44 | ADD build_script.sh / 45 | 46 | CMD "/build_script.sh" 47 | -------------------------------------------------------------------------------- /vpp-manager/images/ubuntu-build/build_script.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | set -o errexit 4 | 5 | cd ${VPP_MGR_DIR}/vpp_build 6 | 7 | make build-release 8 | if [ "${NO_BUILD_DEBS}" != "true" ]; then 9 | rm -f ./build-root/*.deb ./build-root/*.changes ./build-root/*.buildinfo 10 | make pkg-deb 11 | fi 12 | 13 | -------------------------------------------------------------------------------- /vpp-manager/images/ubuntu/Dockerfile: -------------------------------------------------------------------------------- 1 | FROM ubuntu:22.04 2 | 3 | LABEL maintainer="nskrzypc@cisco.com" 4 | 5 | RUN apt-get update \ 6 | && apt-get install -y openssl libapr1 libnuma1 \ 7 | libmbedcrypto7 libmbedtls14 libmbedx509-1 libsubunit0 \ 8 | iproute2 ifupdown ethtool libnl-3-dev libnl-route-3-dev \ 9 | libpcap0.8 libunwind8 \ 10 | && rm -rf /var/lib/apt/lists/* 11 | 12 | # set work directory 13 | WORKDIR /root/ 14 | 15 | RUN mkdir /tmp/vpp 16 | 17 | COPY *.deb /tmp/vpp/ 18 | 19 | RUN export VPP_INSTALL_SKIP_SYSCTL=1 && \ 20 | dpkg -i /tmp/vpp/libvppinfra_*.deb \ 21 | /tmp/vpp/vpp_*.deb \ 22 | /tmp/vpp/vpp-plugin-core_*.deb \ 23 | /tmp/vpp/vpp-plugin-dpdk_*.deb \ 24 | /tmp/vpp/vpp-dbg_*.deb \ 25 | /tmp/vpp/vpp-plugin-devtools_*.deb 26 | 27 | RUN rm -rf /tmp/vpp 28 | ADD vpp-manager /usr/bin/ 29 | ADD vppdev.sh /usr/bin/calivppctl 30 | ADD version /etc/calicovppversion 31 | 32 | # This takes an additionnal 40MB 33 | ARG WITH_GDB 34 | RUN if [ "$WITH_GDB" = "yes" ] ; then apt-get update && apt-get -y --no-install-recommends install gdb ; fi 35 | 36 | ENTRYPOINT ["/usr/bin/vpp-manager"] 37 | -------------------------------------------------------------------------------- /vpplink/acl.go: -------------------------------------------------------------------------------- 1 | // Copyright (C) 2021 Cisco Systems Inc. 2 | // 3 | // Licensed under the Apache License, Version 2.0 (the "License"); 4 | // you may not use this file except in compliance with the License. 5 | // You may obtain a copy of the License at 6 | // 7 | // http://www.apache.org/licenses/LICENSE-2.0 8 | // 9 | // Unless required by applicable law or agreed to in writing, software 10 | // distributed under the License is distributed on an "AS IS" BASIS, 11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or 12 | // implied. 13 | // See the License for the specific language governing permissions and 14 | // limitations under the License. 15 | 16 | package vpplink 17 | 18 | import ( 19 | "fmt" 20 | 21 | vppacl "github.com/projectcalico/vpp-dataplane/v3/vpplink/generated/bindings/acl" 22 | "github.com/projectcalico/vpp-dataplane/v3/vpplink/generated/bindings/acl_types" 23 | "github.com/projectcalico/vpp-dataplane/v3/vpplink/types" 24 | ) 25 | 26 | func (v *VppLink) AddACL(acl *types.ACL) error { 27 | client := vppacl.NewServiceClient(v.GetConnection()) 28 | 29 | rules := make([]acl_types.ACLRule, 0, len(acl.Rules)) 30 | for _, aclRule := range acl.Rules { 31 | rules = append(rules, aclRule.ToVppACLRule()) 32 | } 33 | 34 | response, err := client.ACLAddReplace(v.GetContext(), &vppacl.ACLAddReplace{ 35 | ACLIndex: ^uint32(0), 36 | Tag: acl.Tag, 37 | R: rules, 38 | Count: uint32(len(rules)), 39 | }) 40 | if err != nil { 41 | return fmt.Errorf("failed to add ACL: %w", err) 42 | } 43 | acl.ACLIndex = response.ACLIndex 44 | return nil 45 | } 46 | 47 | func (v *VppLink) DelACL(aclIndex uint32) error { 48 | client := vppacl.NewServiceClient(v.GetConnection()) 49 | 50 | _, err := client.ACLDel(v.GetContext(), &vppacl.ACLDel{ 51 | ACLIndex: aclIndex, 52 | }) 53 | if err != nil { 54 | return fmt.Errorf("failed to delete ACL: %w", err) 55 | } 56 | return nil 57 | } 58 | -------------------------------------------------------------------------------- /vpplink/addr.go: -------------------------------------------------------------------------------- 1 | // Copyright (C) 2019 Cisco Systems Inc. 2 | // 3 | // Licensed under the Apache License, Version 2.0 (the "License"); 4 | // you may not use this file except in compliance with the License. 5 | // You may obtain a copy of the License at 6 | // 7 | // http://www.apache.org/licenses/LICENSE-2.0 8 | // 9 | // Unless required by applicable law or agreed to in writing, software 10 | // distributed under the License is distributed on an "AS IS" BASIS, 11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or 12 | // implied. 13 | // See the License for the specific language governing permissions and 14 | // limitations under the License. 15 | 16 | package vpplink 17 | 18 | import ( 19 | "net" 20 | 21 | "github.com/projectcalico/vpp-dataplane/v3/vpplink/types" 22 | ) 23 | 24 | func IsIP4(ip net.IP) bool { 25 | return types.IsIP4(ip) 26 | } 27 | 28 | func IsIP6(ip net.IP) bool { 29 | return types.IsIP6(ip) 30 | } 31 | 32 | func AddrFamilyDiffers(addr1 net.IP, addr2 net.IP) bool { 33 | if IsIP4(addr1) && IsIP4(addr2) || IsIP6(addr1) && IsIP6(addr2) { 34 | return true 35 | } 36 | return false 37 | } 38 | -------------------------------------------------------------------------------- /vpplink/af_xdp.go: -------------------------------------------------------------------------------- 1 | // Copyright (C) 2020 Cisco Systems Inc. 2 | // 3 | // Licensed under the Apache License, Version 2.0 (the "License"); 4 | // you may not use this file except in compliance with the License. 5 | // You may obtain a copy of the License at 6 | // 7 | // http://www.apache.org/licenses/LICENSE-2.0 8 | // 9 | // Unless required by applicable law or agreed to in writing, software 10 | // distributed under the License is distributed on an "AS IS" BASIS, 11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or 12 | // implied. 13 | // See the License for the specific language governing permissions and 14 | // limitations under the License. 15 | 16 | package vpplink 17 | 18 | import ( 19 | "fmt" 20 | 21 | "github.com/projectcalico/vpp-dataplane/v3/vpplink/generated/bindings/af_xdp" 22 | "github.com/projectcalico/vpp-dataplane/v3/vpplink/generated/bindings/interface_types" 23 | "github.com/projectcalico/vpp-dataplane/v3/vpplink/types" 24 | ) 25 | 26 | func (v *VppLink) CreateAfXDP(intf *types.VppXDPInterface) error { 27 | client := af_xdp.NewServiceClient(v.GetConnection()) 28 | 29 | request := &af_xdp.AfXdpCreateV3{ 30 | HostIf: intf.HostInterfaceName, 31 | Name: intf.Name, 32 | RxqNum: uint16(DefaultIntTo(intf.NumRxQueues, 1)), 33 | RxqSize: uint16(DefaultIntTo(intf.RxQueueSize, 1024)), 34 | TxqSize: uint16(DefaultIntTo(intf.TxQueueSize, 1024)), 35 | Mode: af_xdp.AF_XDP_API_MODE_AUTO, 36 | } 37 | response, err := client.AfXdpCreateV3(v.GetContext(), request) 38 | if err != nil { 39 | return fmt.Errorf("failed to create AfXDP (%+v): %w", request, err) 40 | } 41 | intf.SwIfIndex = uint32(response.SwIfIndex) 42 | return nil 43 | } 44 | 45 | func (v *VppLink) DeleteAfXDP(intf *types.VppXDPInterface) error { 46 | client := af_xdp.NewServiceClient(v.GetConnection()) 47 | 48 | _, err := client.AfXdpDelete(v.GetContext(), &af_xdp.AfXdpDelete{ 49 | SwIfIndex: interface_types.InterfaceIndex(intf.SwIfIndex), 50 | }) 51 | if err != nil { 52 | return fmt.Errorf("failed to delete AfXDP (%v): %w", intf.SwIfIndex, err) 53 | } 54 | return nil 55 | } 56 | -------------------------------------------------------------------------------- /vpplink/arp.go: -------------------------------------------------------------------------------- 1 | // Copyright (C) 2019 Cisco Systems Inc. 2 | // 3 | // Licensed under the Apache License, Version 2.0 (the "License"); 4 | // you may not use this file except in compliance with the License. 5 | // You may obtain a copy of the License at 6 | // 7 | // http://www.apache.org/licenses/LICENSE-2.0 8 | // 9 | // Unless required by applicable law or agreed to in writing, software 10 | // distributed under the License is distributed on an "AS IS" BASIS, 11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or 12 | // implied. 13 | // See the License for the specific language governing permissions and 14 | // limitations under the License. 15 | 16 | package vpplink 17 | 18 | import ( 19 | "fmt" 20 | 21 | "github.com/projectcalico/vpp-dataplane/v3/vpplink/generated/bindings/arp" 22 | "github.com/projectcalico/vpp-dataplane/v3/vpplink/generated/bindings/interface_types" 23 | "github.com/projectcalico/vpp-dataplane/v3/vpplink/generated/bindings/ip_types" 24 | ) 25 | 26 | func (v *VppLink) EnableArpProxy(swIfIndex, tableID uint32) error { 27 | client := arp.NewServiceClient(v.GetConnection()) 28 | 29 | // First enable global arp proxy 30 | //set arp proxy table-id 0 start 0.0.0.0 end 255.255.255.255 31 | request := &arp.ProxyArpAddDel{ 32 | IsAdd: true, 33 | Proxy: arp.ProxyArp{ 34 | TableID: tableID, 35 | Low: ip_types.IP4Address{0, 0, 0, 0}, 36 | Hi: ip_types.IP4Address{255, 255, 255, 255}, 37 | }, 38 | } 39 | _, err := client.ProxyArpAddDel(v.GetContext(), request) 40 | if err != nil { 41 | return fmt.Errorf("failed to add ProxyARP (%+v): %w", request, err) 42 | } 43 | 44 | _, err = client.ProxyArpIntfcEnableDisable(v.GetContext(), &arp.ProxyArpIntfcEnableDisable{ 45 | Enable: true, 46 | SwIfIndex: interface_types.InterfaceIndex(swIfIndex), 47 | }) 48 | if err != nil { 49 | return fmt.Errorf("failed to enable ProxyARP (swifidx %d): %w", swIfIndex, err) 50 | } 51 | return nil 52 | } 53 | -------------------------------------------------------------------------------- /vpplink/crypto_sw_scheduler.go: -------------------------------------------------------------------------------- 1 | // Copyright (C) 2019 Cisco Systems Inc. 2 | // 3 | // Licensed under the Apache License, Version 2.0 (the "License"); 4 | // you may not use this file except in compliance with the License. 5 | // You may obtain a copy of the License at 6 | // 7 | // http://www.apache.org/licenses/LICENSE-2.0 8 | // 9 | // Unless required by applicable law or agreed to in writing, software 10 | // distributed under the License is distributed on an "AS IS" BASIS, 11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or 12 | // implied. 13 | // See the License for the specific language governing permissions and 14 | // limitations under the License. 15 | 16 | package vpplink 17 | 18 | import ( 19 | "fmt" 20 | 21 | "github.com/projectcalico/vpp-dataplane/v3/vpplink/generated/bindings/crypto_sw_scheduler" 22 | ) 23 | 24 | func (v *VppLink) SetCryptoWorker(workerIndex uint32, enable bool) error { 25 | client := crypto_sw_scheduler.NewServiceClient(v.GetConnection()) 26 | 27 | _, err := client.CryptoSwSchedulerSetWorker(v.GetContext(), &crypto_sw_scheduler.CryptoSwSchedulerSetWorker{ 28 | WorkerIndex: workerIndex, 29 | CryptoEnable: enable, 30 | }) 31 | if err != nil { 32 | return fmt.Errorf("crypto_sw_scheduler setWorker enable failed: %w", err) 33 | } 34 | return nil 35 | } 36 | -------------------------------------------------------------------------------- /vpplink/generated/.gitignore: -------------------------------------------------------------------------------- 1 | .cherries-cache 2 | .bin -------------------------------------------------------------------------------- /vpplink/generated/bindings/af_xdp/af_xdp_rpc.ba.go: -------------------------------------------------------------------------------- 1 | // Code generated by GoVPP's binapi-generator. DO NOT EDIT. 2 | 3 | package af_xdp 4 | 5 | import ( 6 | "context" 7 | 8 | api "go.fd.io/govpp/api" 9 | ) 10 | 11 | // RPCService defines RPC service af_xdp. 12 | type RPCService interface { 13 | AfXdpCreateV3(ctx context.Context, in *AfXdpCreateV3) (*AfXdpCreateV3Reply, error) 14 | AfXdpDelete(ctx context.Context, in *AfXdpDelete) (*AfXdpDeleteReply, error) 15 | } 16 | 17 | type serviceClient struct { 18 | conn api.Connection 19 | } 20 | 21 | func NewServiceClient(conn api.Connection) RPCService { 22 | return &serviceClient{conn} 23 | } 24 | 25 | func (c *serviceClient) AfXdpCreateV3(ctx context.Context, in *AfXdpCreateV3) (*AfXdpCreateV3Reply, error) { 26 | out := new(AfXdpCreateV3Reply) 27 | err := c.conn.Invoke(ctx, in, out) 28 | if err != nil { 29 | return nil, err 30 | } 31 | return out, api.RetvalToVPPApiError(out.Retval) 32 | } 33 | 34 | func (c *serviceClient) AfXdpDelete(ctx context.Context, in *AfXdpDelete) (*AfXdpDeleteReply, error) { 35 | out := new(AfXdpDeleteReply) 36 | err := c.conn.Invoke(ctx, in, out) 37 | if err != nil { 38 | return nil, err 39 | } 40 | return out, api.RetvalToVPPApiError(out.Retval) 41 | } 42 | -------------------------------------------------------------------------------- /vpplink/generated/bindings/avf/avf_rpc.ba.go: -------------------------------------------------------------------------------- 1 | // Code generated by GoVPP's binapi-generator. DO NOT EDIT. 2 | 3 | package avf 4 | 5 | import ( 6 | "context" 7 | 8 | api "go.fd.io/govpp/api" 9 | ) 10 | 11 | // RPCService defines RPC service avf. 12 | type RPCService interface { 13 | AvfCreate(ctx context.Context, in *AvfCreate) (*AvfCreateReply, error) 14 | AvfDelete(ctx context.Context, in *AvfDelete) (*AvfDeleteReply, error) 15 | } 16 | 17 | type serviceClient struct { 18 | conn api.Connection 19 | } 20 | 21 | func NewServiceClient(conn api.Connection) RPCService { 22 | return &serviceClient{conn} 23 | } 24 | 25 | func (c *serviceClient) AvfCreate(ctx context.Context, in *AvfCreate) (*AvfCreateReply, error) { 26 | out := new(AvfCreateReply) 27 | err := c.conn.Invoke(ctx, in, out) 28 | if err != nil { 29 | return nil, err 30 | } 31 | return out, api.RetvalToVPPApiError(out.Retval) 32 | } 33 | 34 | func (c *serviceClient) AvfDelete(ctx context.Context, in *AvfDelete) (*AvfDeleteReply, error) { 35 | out := new(AvfDeleteReply) 36 | err := c.conn.Invoke(ctx, in, out) 37 | if err != nil { 38 | return nil, err 39 | } 40 | return out, api.RetvalToVPPApiError(out.Retval) 41 | } 42 | -------------------------------------------------------------------------------- /vpplink/generated/bindings/crypto_sw_scheduler/crypto_sw_scheduler_rpc.ba.go: -------------------------------------------------------------------------------- 1 | // Code generated by GoVPP's binapi-generator. DO NOT EDIT. 2 | 3 | package crypto_sw_scheduler 4 | 5 | import ( 6 | "context" 7 | 8 | api "go.fd.io/govpp/api" 9 | ) 10 | 11 | // RPCService defines RPC service crypto_sw_scheduler. 12 | type RPCService interface { 13 | CryptoSwSchedulerSetWorker(ctx context.Context, in *CryptoSwSchedulerSetWorker) (*CryptoSwSchedulerSetWorkerReply, error) 14 | } 15 | 16 | type serviceClient struct { 17 | conn api.Connection 18 | } 19 | 20 | func NewServiceClient(conn api.Connection) RPCService { 21 | return &serviceClient{conn} 22 | } 23 | 24 | func (c *serviceClient) CryptoSwSchedulerSetWorker(ctx context.Context, in *CryptoSwSchedulerSetWorker) (*CryptoSwSchedulerSetWorkerReply, error) { 25 | out := new(CryptoSwSchedulerSetWorkerReply) 26 | err := c.conn.Invoke(ctx, in, out) 27 | if err != nil { 28 | return nil, err 29 | } 30 | return out, api.RetvalToVPPApiError(out.Retval) 31 | } 32 | -------------------------------------------------------------------------------- /vpplink/generated/bindings/ethernet_types/ethernet_types.ba.go: -------------------------------------------------------------------------------- 1 | // Code generated by GoVPP's binapi-generator. DO NOT EDIT. 2 | 3 | // Package ethernet_types contains generated bindings for API file ethernet_types.api. 4 | // 5 | // Contents: 6 | // - 1 alias 7 | package ethernet_types 8 | 9 | import ( 10 | "net" 11 | 12 | api "go.fd.io/govpp/api" 13 | ) 14 | 15 | // This is a compile-time assertion to ensure that this generated file 16 | // is compatible with the GoVPP api package it is being compiled against. 17 | // A compilation error at this line likely means your copy of the 18 | // GoVPP api package needs to be updated. 19 | const _ = api.GoVppAPIPackageIsVersion2 20 | 21 | const ( 22 | APIFile = "ethernet_types" 23 | APIVersion = "1.0.0" 24 | VersionCrc = 0xf24103d6 25 | ) 26 | 27 | // MacAddress defines alias 'mac_address'. 28 | type MacAddress [6]uint8 29 | 30 | func NewMacAddress(mac net.HardwareAddr) MacAddress { 31 | var macaddr MacAddress 32 | copy(macaddr[:], mac[:]) 33 | return macaddr 34 | } 35 | 36 | func ParseMacAddress(s string) (MacAddress, error) { 37 | var macaddr MacAddress 38 | mac, err := net.ParseMAC(s) 39 | if err != nil { 40 | return macaddr, err 41 | } 42 | copy(macaddr[:], mac[:]) 43 | return macaddr, nil 44 | } 45 | 46 | func (x MacAddress) ToMAC() net.HardwareAddr { 47 | return net.HardwareAddr(x[:]) 48 | } 49 | 50 | func (x MacAddress) String() string { 51 | return x.ToMAC().String() 52 | } 53 | 54 | func (x *MacAddress) MarshalText() ([]byte, error) { 55 | return []byte(x.String()), nil 56 | } 57 | 58 | func (x *MacAddress) UnmarshalText(text []byte) error { 59 | mac, err := ParseMacAddress(string(text)) 60 | if err != nil { 61 | return err 62 | } 63 | *x = mac 64 | return nil 65 | } 66 | -------------------------------------------------------------------------------- /vpplink/generated/bindings/feature/feature_rpc.ba.go: -------------------------------------------------------------------------------- 1 | // Code generated by GoVPP's binapi-generator. DO NOT EDIT. 2 | 3 | package feature 4 | 5 | import ( 6 | "context" 7 | 8 | api "go.fd.io/govpp/api" 9 | ) 10 | 11 | // RPCService defines RPC service feature. 12 | type RPCService interface { 13 | FeatureEnableDisable(ctx context.Context, in *FeatureEnableDisable) (*FeatureEnableDisableReply, error) 14 | FeatureIsEnabled(ctx context.Context, in *FeatureIsEnabled) (*FeatureIsEnabledReply, error) 15 | } 16 | 17 | type serviceClient struct { 18 | conn api.Connection 19 | } 20 | 21 | func NewServiceClient(conn api.Connection) RPCService { 22 | return &serviceClient{conn} 23 | } 24 | 25 | func (c *serviceClient) FeatureEnableDisable(ctx context.Context, in *FeatureEnableDisable) (*FeatureEnableDisableReply, error) { 26 | out := new(FeatureEnableDisableReply) 27 | err := c.conn.Invoke(ctx, in, out) 28 | if err != nil { 29 | return nil, err 30 | } 31 | return out, api.RetvalToVPPApiError(out.Retval) 32 | } 33 | 34 | func (c *serviceClient) FeatureIsEnabled(ctx context.Context, in *FeatureIsEnabled) (*FeatureIsEnabledReply, error) { 35 | out := new(FeatureIsEnabledReply) 36 | err := c.conn.Invoke(ctx, in, out) 37 | if err != nil { 38 | return nil, err 39 | } 40 | return out, api.RetvalToVPPApiError(out.Retval) 41 | } 42 | -------------------------------------------------------------------------------- /vpplink/generated/bindings/gso/gso_rpc.ba.go: -------------------------------------------------------------------------------- 1 | // Code generated by GoVPP's binapi-generator. DO NOT EDIT. 2 | 3 | package gso 4 | 5 | import ( 6 | "context" 7 | 8 | api "go.fd.io/govpp/api" 9 | ) 10 | 11 | // RPCService defines RPC service gso. 12 | type RPCService interface { 13 | FeatureGsoEnableDisable(ctx context.Context, in *FeatureGsoEnableDisable) (*FeatureGsoEnableDisableReply, error) 14 | } 15 | 16 | type serviceClient struct { 17 | conn api.Connection 18 | } 19 | 20 | func NewServiceClient(conn api.Connection) RPCService { 21 | return &serviceClient{conn} 22 | } 23 | 24 | func (c *serviceClient) FeatureGsoEnableDisable(ctx context.Context, in *FeatureGsoEnableDisable) (*FeatureGsoEnableDisableReply, error) { 25 | out := new(FeatureGsoEnableDisableReply) 26 | err := c.conn.Invoke(ctx, in, out) 27 | if err != nil { 28 | return nil, err 29 | } 30 | return out, api.RetvalToVPPApiError(out.Retval) 31 | } 32 | -------------------------------------------------------------------------------- /vpplink/generated/bindings/pci_types/pci_types.ba.go: -------------------------------------------------------------------------------- 1 | // Code generated by GoVPP's binapi-generator. DO NOT EDIT. 2 | 3 | // Package pci_types contains generated bindings for API file pci_types.api. 4 | // 5 | // Contents: 6 | // - 1 struct 7 | package pci_types 8 | 9 | import ( 10 | api "go.fd.io/govpp/api" 11 | ) 12 | 13 | // This is a compile-time assertion to ensure that this generated file 14 | // is compatible with the GoVPP api package it is being compiled against. 15 | // A compilation error at this line likely means your copy of the 16 | // GoVPP api package needs to be updated. 17 | const _ = api.GoVppAPIPackageIsVersion2 18 | 19 | const ( 20 | APIFile = "pci_types" 21 | APIVersion = "1.0.0" 22 | VersionCrc = 0x5d418665 23 | ) 24 | 25 | // PciAddress defines type 'pci_address'. 26 | type PciAddress struct { 27 | Domain uint16 `binapi:"u16,name=domain" json:"domain,omitempty"` 28 | Bus uint8 `binapi:"u8,name=bus" json:"bus,omitempty"` 29 | Slot uint8 `binapi:"u8,name=slot" json:"slot,omitempty"` 30 | Function uint8 `binapi:"u8,name=function" json:"function,omitempty"` 31 | } 32 | -------------------------------------------------------------------------------- /vpplink/generated/gen.go: -------------------------------------------------------------------------------- 1 | //go:build generate 2 | 3 | package generated 4 | 5 | import ( 6 | _ "github.com/calico-vpp/vpplink/pkg" 7 | _ "go.fd.io/govpp/cmd/binapi-generator" 8 | ) 9 | 10 | //go:generate go build -buildmode=plugin -o ./.bin/vpplink_plugin.so github.com/calico-vpp/vpplink/pkg 11 | //go:generate go run go.fd.io/govpp/cmd/binapi-generator --no-version-info --no-source-path-info --gen rpc,./.bin/vpplink_plugin.so -o ./bindings --input $VPP_DIR ikev2 gso arp interface ip ipip ipsec ip_neighbor tapv2 nat44_ed cnat af_packet feature ip6_nd punt vxlan af_xdp vlib virtio avf wireguard capo memif acl abf crypto_sw_scheduler sr rdma vmxnet3 pbl memclnt session vpe urpf classify ip_session_redirect 12 | -------------------------------------------------------------------------------- /vpplink/generated/generate.log: -------------------------------------------------------------------------------- 1 | VPP Version : 25.06-rc0~247-gaf9fa5d40 2 | Binapi-generator version : v0.11.0 3 | VPP Base commit : 698517b76 gerrit:34726/3 interface: add buffer stats api 4 | ------------------ Cherry picked commits -------------------- 5 | ip: add support for checksum in IP midchain 6 | capo: Calico Policies plugin 7 | acl: acl-plugin custom policies 8 | cnat: [WIP] no k8s maglev from pods 9 | pbl: Port based balancer 10 | gerrit:revert:39675/5 Revert "ip-neighbor: do not use sas to determine NS source address" 11 | gerrit:34726/3 interface: add buffer stats api 12 | ------------------------------------------------------------- 13 | -------------------------------------------------------------------------------- /vpplink/generated/patches/0002-cnat-WIP-no-k8s-maglev-from-pods.patch: -------------------------------------------------------------------------------- 1 | From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 2 | From: Nathan Skrzypczak 3 | Date: Mon, 8 Mar 2021 19:00:04 +0100 4 | Subject: [PATCH 2/5] cnat: [WIP] no k8s maglev from pods 5 | 6 | Type: improvement 7 | 8 | Change-Id: If0702dbc51c308f0bb0ed16149c293d7adf9a984 9 | Signed-off-by: Nathan Skrzypczak 10 | --- 11 | src/plugins/cnat/cnat_node_feature.c | 8 +++++++- 12 | 1 file changed, 7 insertions(+), 1 deletion(-) 13 | 14 | diff --git a/src/plugins/cnat/cnat_node_feature.c b/src/plugins/cnat/cnat_node_feature.c 15 | index 76aa89398..fd3b90a1a 100644 16 | --- a/src/plugins/cnat/cnat_node_feature.c 17 | +++ b/src/plugins/cnat/cnat_node_feature.c 18 | @@ -43,6 +43,7 @@ cnat_input_feature_fn (vlib_main_t *vm, vlib_node_runtime_t *node, 19 | int session_not_found, cnat_session_t *session) 20 | { 21 | vlib_combined_counter_main_t *cntm = &cnat_translation_counters; 22 | + cnat_snat_policy_main_t *cpm = &cnat_snat_policy_main; 23 | const cnat_translation_t *ct = NULL; 24 | ip4_header_t *ip4 = NULL; 25 | ip_protocol_t iproto; 26 | @@ -53,6 +54,9 @@ cnat_input_feature_fn (vlib_main_t *vm, vlib_node_runtime_t *node, 27 | index_t cti; 28 | u8 trace_flags = 0; 29 | 30 | + u32 in_if = vnet_buffer (b)->sw_if_index[VLIB_RX]; 31 | + int ispod; 32 | + 33 | /* By default follow arc default next */ 34 | vnet_feature_next (&next0, b); 35 | 36 | @@ -127,7 +131,9 @@ cnat_input_feature_fn (vlib_main_t *vm, vlib_node_runtime_t *node, 37 | session->value.cs_port[VLIB_RX] = udp0->src_port; 38 | session->value.flags = 0; 39 | 40 | - if (trk0->ct_flags & CNAT_TRK_FLAG_NO_NAT) 41 | + ispod = clib_bitmap_get ( 42 | + cpm->interface_maps[CNAT_SNAT_IF_MAP_INCLUDE_POD], in_if); 43 | + if (trk0->ct_flags & CNAT_TRK_FLAG_NO_NAT && !ispod) 44 | { 45 | const dpo_id_t *dpo0; 46 | const load_balance_t *lb1; 47 | -- 48 | 2.39.2 49 | 50 | -------------------------------------------------------------------------------- /vpplink/rdma.go: -------------------------------------------------------------------------------- 1 | // Copyright (C) 2020 Cisco Systems Inc. 2 | // 3 | // Licensed under the Apache License, Version 2.0 (the "License"); 4 | // you may not use this file except in compliance with the License. 5 | // You may obtain a copy of the License at 6 | // 7 | // http://www.apache.org/licenses/LICENSE-2.0 8 | // 9 | // Unless required by applicable law or agreed to in writing, software 10 | // distributed under the License is distributed on an "AS IS" BASIS, 11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or 12 | // implied. 13 | // See the License for the specific language governing permissions and 14 | // limitations under the License. 15 | 16 | package vpplink 17 | 18 | import ( 19 | "fmt" 20 | 21 | "github.com/projectcalico/vpp-dataplane/v3/vpplink/generated/bindings/rdma" 22 | "github.com/projectcalico/vpp-dataplane/v3/vpplink/types" 23 | ) 24 | 25 | func (v *VppLink) CreateRDMA(intf *types.RDMAInterface) (swIfIndex uint32, err error) { 26 | client := rdma.NewServiceClient(v.GetConnection()) 27 | 28 | response, err := client.RdmaCreateV2(v.GetContext(), &rdma.RdmaCreateV2{ 29 | HostIf: intf.HostInterfaceName, 30 | RxqNum: uint16(intf.NumRxQueues), 31 | RxqSize: uint16(intf.RxQueueSize), 32 | TxqSize: uint16(intf.TxQueueSize), 33 | }) 34 | if err != nil { 35 | return 0, fmt.Errorf("failed to create RDMA interface: %w", err) 36 | } 37 | intf.SwIfIndex = uint32(response.SwIfIndex) 38 | return uint32(response.SwIfIndex), nil 39 | } 40 | -------------------------------------------------------------------------------- /vpplink/stats.go: -------------------------------------------------------------------------------- 1 | // Copyright (C) 2019 Cisco Systems Inc. 2 | // 3 | // Licensed under the Apache License, Version 2.0 (the "License"); 4 | // you may not use this file except in compliance with the License. 5 | // You may obtain a copy of the License at 6 | // 7 | // http://www.apache.org/licenses/LICENSE-2.0 8 | // 9 | // Unless required by applicable law or agreed to in writing, software 10 | // distributed under the License is distributed on an "AS IS" BASIS, 11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or 12 | // implied. 13 | // See the License for the specific language governing permissions and 14 | // limitations under the License. 15 | 16 | package vpplink 17 | 18 | import ( 19 | "fmt" 20 | 21 | "go.fd.io/govpp/adapter" 22 | "go.fd.io/govpp/adapter/statsclient" 23 | 24 | interfaces "github.com/projectcalico/vpp-dataplane/v3/vpplink/generated/bindings/interface" 25 | ) 26 | 27 | func GetInterfaceStats(sc *statsclient.StatsClient) (ifNames adapter.NameStat, dumpStats []adapter.StatEntry, err error) { 28 | 29 | dumpStatsNames, err := sc.DumpStats("/if/names") 30 | if err != nil { 31 | return nil, nil, fmt.Errorf("dump stats failed: %w", err) 32 | } 33 | if len(dumpStatsNames) == 0 { 34 | return nil, nil, fmt.Errorf("no interfaces available: %w", err) 35 | } 36 | ifNames, ok := dumpStatsNames[0].Data.(adapter.NameStat) 37 | if !ok { 38 | return nil, nil, fmt.Errorf("dumpStatsNames[0].Data. is not an adapter.NameStat: %v", dumpStatsNames[0].Data) 39 | } 40 | 41 | dumpStats, err = sc.DumpStats("/if/") 42 | if err != nil { 43 | return nil, nil, fmt.Errorf("dump stats failed: %w", err) 44 | } 45 | return ifNames, dumpStats, nil 46 | } 47 | 48 | func (v *VppLink) GetBufferStats() (available uint32, cached uint32, used uint32, err error) { 49 | client := interfaces.NewServiceClient(v.GetConnection()) 50 | 51 | response, err := client.GetBuffersStats(v.GetContext(), &interfaces.GetBuffersStats{}) 52 | if err != nil { 53 | return 0, 0, 0, fmt.Errorf("failed to get buffer stats: %w", err) 54 | } 55 | return response.AvailableBuffers, response.CachedBuffers, response.UsedBuffers, nil 56 | } 57 | -------------------------------------------------------------------------------- /vpplink/types/abf.go: -------------------------------------------------------------------------------- 1 | // Copyright (C) 2021 Cisco Systems Inc. 2 | // 3 | // Licensed under the Apache License, Version 2.0 (the "License"); 4 | // you may not use this file except in compliance with the License. 5 | // You may obtain a copy of the License at 6 | // 7 | // http://www.apache.org/licenses/LICENSE-2.0 8 | // 9 | // Unless required by applicable law or agreed to in writing, software 10 | // distributed under the License is distributed on an "AS IS" BASIS, 11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or 12 | // implied. 13 | // See the License for the specific language governing permissions and 14 | // limitations under the License. 15 | 16 | package types 17 | 18 | type AbfPolicy struct { 19 | Paths []RoutePath 20 | PolicyID uint32 21 | AclIndex uint32 22 | } 23 | -------------------------------------------------------------------------------- /vpplink/types/acl.go: -------------------------------------------------------------------------------- 1 | // Copyright (C) 2021 Cisco Systems Inc. 2 | // 3 | // Licensed under the Apache License, Version 2.0 (the "License"); 4 | // you may not use this file except in compliance with the License. 5 | // You may obtain a copy of the License at 6 | // 7 | // http://www.apache.org/licenses/LICENSE-2.0 8 | // 9 | // Unless required by applicable law or agreed to in writing, software 10 | // distributed under the License is distributed on an "AS IS" BASIS, 11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or 12 | // implied. 13 | // See the License for the specific language governing permissions and 14 | // limitations under the License. 15 | 16 | package types 17 | 18 | import ( 19 | "net" 20 | 21 | "github.com/projectcalico/vpp-dataplane/v3/vpplink/generated/bindings/acl_types" 22 | ) 23 | 24 | type ACLRule struct { 25 | Src net.IPNet 26 | Dst net.IPNet 27 | SrcPort uint16 28 | DstPort uint16 29 | Proto IPProto 30 | } 31 | 32 | func (r *ACLRule) ToVppACLRule() acl_types.ACLRule { 33 | rule := acl_types.ACLRule{ 34 | IsPermit: acl_types.ACL_ACTION_API_PERMIT, 35 | SrcPrefix: ToVppPrefix(&r.Src), 36 | DstPrefix: ToVppPrefix(&r.Dst), 37 | Proto: ToVppIPProto(r.Proto), 38 | SrcportOrIcmptypeFirst: r.SrcPort, 39 | SrcportOrIcmptypeLast: r.SrcPort, 40 | DstportOrIcmpcodeFirst: r.DstPort, 41 | DstportOrIcmpcodeLast: r.DstPort, 42 | } 43 | if r.SrcPort == 0 { 44 | rule.SrcportOrIcmptypeLast = ^uint16(0) 45 | } 46 | if r.DstPort == 0 { 47 | rule.DstportOrIcmpcodeLast = ^uint16(0) 48 | } 49 | if AddrIsZeros(r.Src.IP) { 50 | rule.SrcPrefix.Address.Af = rule.DstPrefix.Address.Af 51 | } 52 | return rule 53 | } 54 | 55 | type ACL struct { 56 | ACLIndex uint32 57 | Tag string 58 | Rules []ACLRule 59 | } 60 | -------------------------------------------------------------------------------- /vpplink/types/errors.go: -------------------------------------------------------------------------------- 1 | // Copyright (C) 2023 Cisco Systems Inc. 2 | // 3 | // Licensed under the Apache License, Version 2.0 (the "License"); 4 | // you may not use this file except in compliance with the License. 5 | // You may obtain a copy of the License at 6 | // 7 | // http://www.apache.org/licenses/LICENSE-2.0 8 | // 9 | // Unless required by applicable law or agreed to in writing, software 10 | // distributed under the License is distributed on an "AS IS" BASIS, 11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or 12 | // implied. 13 | // See the License for the specific language governing permissions and 14 | // limitations under the License. 15 | 16 | package types 17 | 18 | import ( 19 | "go.fd.io/govpp/api" 20 | ) 21 | 22 | var ( 23 | VppErrorUnimplemented = api.UNIMPLEMENTED 24 | ) 25 | -------------------------------------------------------------------------------- /vpplink/types/errors_test.go: -------------------------------------------------------------------------------- 1 | // Copyright (C) 2023 Cisco Systems Inc. 2 | // 3 | // Licensed under the Apache License, Version 2.0 (the "License"); 4 | // you may not use this file except in compliance with the License. 5 | // You may obtain a copy of the License at 6 | // 7 | // http://www.apache.org/licenses/LICENSE-2.0 8 | // 9 | // Unless required by applicable law or agreed to in writing, software 10 | // distributed under the License is distributed on an "AS IS" BASIS, 11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or 12 | // implied. 13 | // See the License for the specific language governing permissions and 14 | // limitations under the License. 15 | 16 | package types 17 | 18 | import ( 19 | gerrors "errors" 20 | "testing" 21 | 22 | "github.com/pkg/errors" 23 | "go.fd.io/govpp/api" 24 | 25 | . "github.com/onsi/ginkgo" 26 | . "github.com/onsi/gomega" 27 | ) 28 | 29 | func TestCommonConfig(t *testing.T) { 30 | RegisterFailHandler(Fail) 31 | RunSpecs(t, "vpplink types tests") 32 | } 33 | 34 | var _ = Describe("Test Vpplink types", func() { 35 | It("Vpplink errors comparisons testing", func() { 36 | err := api.RetvalToVPPApiError(int32(api.UNIMPLEMENTED)) 37 | err = errors.Wrapf(err, "Something else") 38 | Expect(gerrors.Is(err, VppErrorUnimplemented)).To(BeTrue()) 39 | err = api.RetvalToVPPApiError(int32(api.SYSCALL_ERROR_1)) 40 | Expect(gerrors.Is(err, VppErrorUnimplemented)).To(BeFalse()) 41 | }) 42 | }) 43 | -------------------------------------------------------------------------------- /vpplink/types/ethernet.go: -------------------------------------------------------------------------------- 1 | package types 2 | 3 | import ( 4 | "net" 5 | 6 | "github.com/projectcalico/vpp-dataplane/v3/vpplink/generated/bindings/ethernet_types" 7 | ) 8 | 9 | func MacAddress(hwAddr net.HardwareAddr) ethernet_types.MacAddress { 10 | return ethernet_types.NewMacAddress(hwAddr) 11 | } 12 | -------------------------------------------------------------------------------- /vpplink/types/ipsec.go: -------------------------------------------------------------------------------- 1 | // Copyright (C) 2019 Cisco Systems Inc. 2 | // 3 | // Licensed under the Apache License, Version 2.0 (the "License"); 4 | // you may not use this file except in compliance with the License. 5 | // You may obtain a copy of the License at 6 | // 7 | // http://www.apache.org/licenses/LICENSE-2.0 8 | // 9 | // Unless required by applicable law or agreed to in writing, software 10 | // distributed under the License is distributed on an "AS IS" BASIS, 11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or 12 | // implied. 13 | // See the License for the specific language governing permissions and 14 | // limitations under the License. 15 | 16 | package types 17 | 18 | import ( 19 | "net" 20 | ) 21 | 22 | type IPsecTunnelProtection struct { 23 | SwIfIndex uint32 24 | NextHop net.IP 25 | OutSAIndex uint32 26 | InSAIndices []uint32 27 | } 28 | -------------------------------------------------------------------------------- /vpplink/types/memif.go: -------------------------------------------------------------------------------- 1 | // Copyright (C) 2021 Cisco Systems Inc. 2 | // 3 | // Licensed under the Apache License, Version 2.0 (the "License"); 4 | // you may not use this file except in compliance with the License. 5 | // You may obtain a copy of the License at 6 | // 7 | // http://www.apache.org/licenses/LICENSE-2.0 8 | // 9 | // Unless required by applicable law or agreed to in writing, software 10 | // distributed under the License is distributed on an "AS IS" BASIS, 11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or 12 | // implied. 13 | // See the License for the specific language governing permissions and 14 | // limitations under the License. 15 | 16 | package types 17 | 18 | import ( 19 | "net" 20 | 21 | "github.com/projectcalico/vpp-dataplane/v3/vpplink/generated/bindings/interface_types" 22 | "github.com/projectcalico/vpp-dataplane/v3/vpplink/generated/bindings/memif" 23 | ) 24 | 25 | type MemifRole uint32 26 | type MemifMode uint32 27 | type MemifFlag uint32 28 | 29 | const ( 30 | MemifMaster MemifRole = MemifRole(memif.MEMIF_ROLE_API_MASTER) 31 | MemifSlave MemifRole = MemifRole(memif.MEMIF_ROLE_API_SLAVE) 32 | 33 | MemifModeEthernet MemifMode = MemifMode(memif.MEMIF_MODE_API_ETHERNET) 34 | MemifModeIP MemifMode = MemifMode(memif.MEMIF_MODE_API_IP) 35 | MemifModePuntInject MemifMode = MemifMode(memif.MEMIF_MODE_API_PUNT_INJECT) 36 | 37 | MemifAdminUp MemifFlag = MemifFlag(interface_types.IF_STATUS_API_FLAG_ADMIN_UP) 38 | MemifLinkUp MemifFlag = MemifFlag(interface_types.IF_STATUS_API_FLAG_LINK_UP) 39 | ) 40 | 41 | type Memif struct { 42 | Role MemifRole 43 | Mode MemifMode 44 | NumRxQueues int 45 | NumTxQueues int 46 | QueueSize int 47 | MacAddress net.HardwareAddr 48 | SocketId uint32 49 | SwIfIndex uint32 50 | Flags MemifFlag 51 | } 52 | 53 | type MemifSocket struct { 54 | SocketID uint32 55 | SocketFilename string 56 | } 57 | -------------------------------------------------------------------------------- /vpplink/types/nat.go: -------------------------------------------------------------------------------- 1 | // Copyright (C) 2019 Cisco Systems Inc. 2 | // 3 | // Licensed under the Apache License, Version 2.0 (the "License"); 4 | // you may not use this file except in compliance with the License. 5 | // You may obtain a copy of the License at 6 | // 7 | // http://www.apache.org/licenses/LICENSE-2.0 8 | // 9 | // Unless required by applicable law or agreed to in writing, software 10 | // distributed under the License is distributed on an "AS IS" BASIS, 11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or 12 | // implied. 13 | // See the License for the specific language governing permissions and 14 | // limitations under the License. 15 | 16 | package types 17 | 18 | import ( 19 | "fmt" 20 | "net" 21 | 22 | "github.com/projectcalico/vpp-dataplane/v3/vpplink/generated/bindings/nat_types" 23 | ) 24 | 25 | type NatFlags uint8 26 | 27 | const ( 28 | NatNone NatFlags = NatFlags(nat_types.NAT_IS_NONE) 29 | NatTwice NatFlags = NatFlags(nat_types.NAT_IS_TWICE_NAT) 30 | NatSelfTwice NatFlags = NatFlags(nat_types.NAT_IS_SELF_TWICE_NAT) 31 | NatOut2In NatFlags = NatFlags(nat_types.NAT_IS_OUT2IN_ONLY) 32 | NatAddrOnly NatFlags = NatFlags(nat_types.NAT_IS_ADDR_ONLY) 33 | NatOutside NatFlags = NatFlags(nat_types.NAT_IS_OUTSIDE) 34 | NatInside NatFlags = NatFlags(nat_types.NAT_IS_INSIDE) 35 | NatStatic NatFlags = NatFlags(nat_types.NAT_IS_STATIC) 36 | NatExtHostValid NatFlags = NatFlags(nat_types.NAT_IS_EXT_HOST_VALID) 37 | ) 38 | 39 | func ToVppNatConfigFlags(flags NatFlags) nat_types.NatConfigFlags { 40 | return nat_types.NatConfigFlags(flags) 41 | } 42 | 43 | type Nat44Entry struct { 44 | ServiceIP net.IP 45 | ServicePort int32 46 | Protocol IPProto 47 | BackendIPs []net.IP 48 | BackendPort int32 49 | } 50 | 51 | func (n *Nat44Entry) String() string { 52 | return fmt.Sprintf("%s %s:%d -> %+v:%d", 53 | n.Protocol.String(), 54 | n.ServiceIP.String(), 55 | n.ServicePort, 56 | n.BackendIPs, 57 | n.BackendPort, 58 | ) 59 | } 60 | -------------------------------------------------------------------------------- /vpplink/types/neigh.go: -------------------------------------------------------------------------------- 1 | // Copyright (C) 2019 Cisco Systems Inc. 2 | // 3 | // Licensed under the Apache License, Version 2.0 (the "License"); 4 | // you may not use this file except in compliance with the License. 5 | // You may obtain a copy of the License at 6 | // 7 | // http://www.apache.org/licenses/LICENSE-2.0 8 | // 9 | // Unless required by applicable law or agreed to in writing, software 10 | // distributed under the License is distributed on an "AS IS" BASIS, 11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or 12 | // implied. 13 | // See the License for the specific language governing permissions and 14 | // limitations under the License. 15 | 16 | package types 17 | 18 | import ( 19 | "net" 20 | 21 | "github.com/projectcalico/vpp-dataplane/v3/vpplink/generated/bindings/ip_neighbor" 22 | ) 23 | 24 | type IPNeighborFlags uint32 25 | 26 | const ( 27 | IPNeighborNone IPNeighborFlags = IPNeighborFlags(ip_neighbor.IP_API_NEIGHBOR_FLAG_NONE) 28 | IPNeighborStatic IPNeighborFlags = IPNeighborFlags(ip_neighbor.IP_API_NEIGHBOR_FLAG_STATIC) 29 | IPNeighborNoFibEntry IPNeighborFlags = IPNeighborFlags(ip_neighbor.IP_API_NEIGHBOR_FLAG_NO_FIB_ENTRY) 30 | ) 31 | 32 | type Neighbor struct { 33 | SwIfIndex uint32 34 | IP net.IP 35 | HardwareAddr net.HardwareAddr 36 | Flags IPNeighborFlags 37 | } 38 | 39 | func ToVppNeighborFlags(flags IPNeighborFlags) ip_neighbor.IPNeighborFlags { 40 | return ip_neighbor.IPNeighborFlags(flags) 41 | } 42 | 43 | func FromVppNeighborFlags(flags ip_neighbor.IPNeighborFlags) IPNeighborFlags { 44 | return IPNeighborFlags(flags) 45 | } 46 | -------------------------------------------------------------------------------- /vpplink/types/pbl.go: -------------------------------------------------------------------------------- 1 | // Copyright (C) 2021 Cisco Systems Inc. 2 | // 3 | // Licensed under the Apache License, Version 2.0 (the "License"); 4 | // you may not use this file except in compliance with the License. 5 | // You may obtain a copy of the License at 6 | // 7 | // http://www.apache.org/licenses/LICENSE-2.0 8 | // 9 | // Unless required by applicable law or agreed to in writing, software 10 | // distributed under the License is distributed on an "AS IS" BASIS, 11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or 12 | // implied. 13 | // See the License for the specific language governing permissions and 14 | // limitations under the License. 15 | 16 | package types 17 | 18 | import ( 19 | "net" 20 | ) 21 | 22 | type PblPortRange struct { 23 | Start uint16 24 | End uint16 25 | Proto IPProto 26 | } 27 | 28 | type PblClient struct { 29 | ID uint32 30 | TableId uint32 31 | Addr net.IP 32 | Path RoutePath 33 | PortRanges []PblPortRange 34 | } 35 | -------------------------------------------------------------------------------- /vpplink/types/redirect.go: -------------------------------------------------------------------------------- 1 | // Copyright (C) 2022 Cisco Systems Inc. 2 | // 3 | // Licensed under the Apache License, Version 2.0 (the "License"); 4 | // you may not use this file except in compliance with the License. 5 | // You may obtain a copy of the License at 6 | // 7 | // http://www.apache.org/licenses/LICENSE-2.0 8 | // 9 | // Unless required by applicable law or agreed to in writing, software 10 | // distributed under the License is distributed on an "AS IS" BASIS, 11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or 12 | // implied. 13 | // See the License for the specific language governing permissions and 14 | // limitations under the License. 15 | 16 | package types 17 | 18 | import ( 19 | "fmt" 20 | ) 21 | 22 | type SessionRedirect struct { 23 | FiveTuple 24 | TableIndex uint32 25 | IsPunt bool 26 | OpaqueIndex uint32 27 | } 28 | 29 | func (sr *SessionRedirect) String() string { 30 | return fmt.Sprintf("[tbl:%d %s]", sr.TableIndex, sr.FiveTuple.String()) 31 | } 32 | 33 | func (sr *SessionRedirect) VppString() string { 34 | match, err := sr.GetMatch() 35 | if err != nil { 36 | return "" 37 | } 38 | return fmt.Sprintf("%x", match) 39 | } 40 | -------------------------------------------------------------------------------- /vpplink/types/session.go: -------------------------------------------------------------------------------- 1 | // Copyright (C) 2021 Cisco Systems Inc. 2 | // 3 | // Licensed under the Apache License, Version 2.0 (the "License"); 4 | // you may not use this file except in compliance with the License. 5 | // You may obtain a copy of the License at 6 | // 7 | // http://www.apache.org/licenses/LICENSE-2.0 8 | // 9 | // Unless required by applicable law or agreed to in writing, software 10 | // distributed under the License is distributed on an "AS IS" BASIS, 11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or 12 | // implied. 13 | // See the License for the specific language governing permissions and 14 | // limitations under the License. 15 | 16 | package types 17 | 18 | type SessionAppNamespace struct { 19 | NamespaceId string 20 | Netns string 21 | SwIfIndex uint32 22 | SocketName string 23 | Secret uint64 24 | } 25 | -------------------------------------------------------------------------------- /vpplink/types/vxlan.go: -------------------------------------------------------------------------------- 1 | // Copyright (C) 2020 Cisco Systems Inc. 2 | // 3 | // Licensed under the Apache License, Version 2.0 (the "License"); 4 | // you may not use this file except in compliance with the License. 5 | // You may obtain a copy of the License at 6 | // 7 | // http://www.apache.org/licenses/LICENSE-2.0 8 | // 9 | // Unless required by applicable law or agreed to in writing, software 10 | // distributed under the License is distributed on an "AS IS" BASIS, 11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or 12 | // implied. 13 | // See the License for the specific language governing permissions and 14 | // limitations under the License. 15 | 16 | package types 17 | 18 | import ( 19 | "fmt" 20 | "net" 21 | ) 22 | 23 | type VXLanTunnel struct { 24 | SrcAddress net.IP 25 | DstAddress net.IP 26 | SrcPort uint16 27 | DstPort uint16 28 | Vni uint32 29 | DecapNextIndex uint32 30 | SwIfIndex uint32 31 | } 32 | 33 | func (t *VXLanTunnel) String() string { 34 | return fmt.Sprintf("[%d]vni=%d %s:%d->%s:%d", t.SwIfIndex, t.Vni, t.SrcAddress, t.SrcPort, t.DstAddress, t.DstPort) 35 | } 36 | -------------------------------------------------------------------------------- /vpplink/urpf.go: -------------------------------------------------------------------------------- 1 | // Copyright (C) 2022 Cisco Systems Inc. 2 | // 3 | // Licensed under the Apache License, Version 2.0 (the "License"); 4 | // you may not use this file except in compliance with the License. 5 | // You may obtain a copy of the License at 6 | // 7 | // http://www.apache.org/licenses/LICENSE-2.0 8 | // 9 | // Unless required by applicable law or agreed to in writing, software 10 | // distributed under the License is distributed on an "AS IS" BASIS, 11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or 12 | // implied. 13 | // See the License for the specific language governing permissions and 14 | // limitations under the License. 15 | 16 | package vpplink 17 | 18 | import ( 19 | "fmt" 20 | 21 | "github.com/projectcalico/vpp-dataplane/v3/vpplink/generated/bindings/interface_types" 22 | "github.com/projectcalico/vpp-dataplane/v3/vpplink/generated/bindings/ip_types" 23 | "github.com/projectcalico/vpp-dataplane/v3/vpplink/generated/bindings/urpf" 24 | ) 25 | 26 | func (v *VppLink) SetCustomURPF(swifindex uint32, tableId uint32) error { 27 | client := urpf.NewServiceClient(v.GetConnection()) 28 | 29 | _, err := client.UrpfUpdateV2(v.GetContext(), &urpf.UrpfUpdateV2{ 30 | Mode: urpf.URPF_API_MODE_LOOSE, 31 | SwIfIndex: interface_types.InterfaceIndex(swifindex), 32 | Af: ip_types.ADDRESS_IP4, 33 | IsInput: true, 34 | TableID: tableId, 35 | }) 36 | if err != nil { 37 | return fmt.Errorf("failed to set URPF mode to loose: %w", err) 38 | } 39 | return nil 40 | } 41 | 42 | func (v *VppLink) UnsetURPF(swifindex uint32) error { 43 | client := urpf.NewServiceClient(v.GetConnection()) 44 | 45 | _, err := client.UrpfUpdateV2(v.GetContext(), &urpf.UrpfUpdateV2{ 46 | Mode: urpf.URPF_API_MODE_OFF, 47 | SwIfIndex: interface_types.InterfaceIndex(swifindex), 48 | Af: ip_types.ADDRESS_IP4, 49 | IsInput: true, 50 | }) 51 | if err != nil { 52 | return fmt.Errorf("failed to set URPF mode to off: %w", err) 53 | } 54 | 55 | return nil 56 | } 57 | -------------------------------------------------------------------------------- /vpplink/util.go: -------------------------------------------------------------------------------- 1 | package vpplink 2 | 3 | const ( 4 | AnyInterface = ^uint32(0) 5 | ) 6 | 7 | var ( 8 | strAddRemove = map[bool]string{true: "add", false: "remove"} 9 | strSetUnset = map[bool]string{true: "set", false: "unset"} 10 | strUpDown = map[bool]string{true: "up", false: "down"} 11 | strEnableDisable = map[bool]string{true: "enable", false: "disable"} 12 | strIP46 = map[bool]string{true: "IP6", false: "IP4"} 13 | ) 14 | 15 | func DefaultIntTo(value, defaultValue int) int { 16 | if value == 0 { 17 | return defaultValue 18 | } else { 19 | return value 20 | } 21 | } 22 | 23 | func isAddStr(isAdd bool) string { 24 | if isAdd { 25 | return "add" 26 | } else { 27 | return "delete" 28 | } 29 | } 30 | -------------------------------------------------------------------------------- /vpplink/vmxnet3.go: -------------------------------------------------------------------------------- 1 | // Copyright (C) 2020 Cisco Systems Inc. 2 | // 3 | // Licensed under the Apache License, Version 2.0 (the "License"); 4 | // you may not use this file except in compliance with the License. 5 | // You may obtain a copy of the License at 6 | // 7 | // http://www.apache.org/licenses/LICENSE-2.0 8 | // 9 | // Unless required by applicable law or agreed to in writing, software 10 | // distributed under the License is distributed on an "AS IS" BASIS, 11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or 12 | // implied. 13 | // See the License for the specific language governing permissions and 14 | // limitations under the License. 15 | 16 | package vpplink 17 | 18 | import ( 19 | "fmt" 20 | 21 | "github.com/projectcalico/vpp-dataplane/v3/vpplink/generated/bindings/vmxnet3" 22 | "github.com/projectcalico/vpp-dataplane/v3/vpplink/types" 23 | ) 24 | 25 | func (v *VppLink) CreateVmxnet3(intf *types.Vmxnet3Interface) (uint32, error) { 26 | pci, err := types.GetPciIdInt(intf.PciId) 27 | if err != nil { 28 | return 0, fmt.Errorf("error parsing PCI id: %w", err) 29 | } 30 | client := vmxnet3.NewServiceClient(v.GetConnection()) 31 | 32 | request := &vmxnet3.Vmxnet3Create{ 33 | PciAddr: pci, 34 | RxqNum: uint16(intf.NumRxQueues), 35 | RxqSize: uint16(intf.RxQueueSize), 36 | TxqSize: uint16(intf.TxQueueSize), 37 | TxqNum: uint16(intf.NumTxQueues), 38 | EnableGso: intf.EnableGso, 39 | } 40 | response, err := client.Vmxnet3Create(v.GetContext(), request) 41 | if err != nil { 42 | return ^uint32(0), fmt.Errorf("failed to create Vmxnet3 interface: %w", err) 43 | } 44 | 45 | intf.SwIfIndex = uint32(response.SwIfIndex) 46 | return uint32(response.SwIfIndex), nil 47 | } 48 | -------------------------------------------------------------------------------- /vpplink/vpe.go: -------------------------------------------------------------------------------- 1 | // Copyright (C) 2021 Cisco Systems Inc. 2 | // 3 | // Licensed under the Apache License, Version 2.0 (the "License"); 4 | // you may not use this file except in compliance with the License. 5 | // You may obtain a copy of the License at 6 | // 7 | // http://www.apache.org/licenses/LICENSE-2.0 8 | // 9 | // Unless required by applicable law or agreed to in writing, software 10 | // distributed under the License is distributed on an "AS IS" BASIS, 11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or 12 | // implied. 13 | // See the License for the specific language governing permissions and 14 | // limitations under the License. 15 | 16 | package vpplink 17 | 18 | import ( 19 | "fmt" 20 | 21 | "github.com/projectcalico/vpp-dataplane/v3/vpplink/generated/bindings/vlib" 22 | "github.com/projectcalico/vpp-dataplane/v3/vpplink/generated/bindings/vpe" 23 | ) 24 | 25 | func (v *VppLink) GetVPPVersion() (string, error) { 26 | client := vpe.NewServiceClient(v.GetConnection()) 27 | 28 | response, err := client.ShowVersion(v.GetContext(), &vpe.ShowVersion{}) 29 | if err != nil { 30 | return "", fmt.Errorf("failed to get VPP version: %w", err) 31 | } 32 | return response.Version, nil 33 | } 34 | 35 | // RunCli sends CLI command to VPP and returns response. 36 | func (v *VppLink) RunCli(cmd string) (string, error) { 37 | client := vlib.NewServiceClient(v.GetConnection()) 38 | 39 | response, err := client.CliInband(v.GetContext(), &vlib.CliInband{ 40 | Cmd: cmd, 41 | }) 42 | if err != nil { 43 | return "", fmt.Errorf("failed to run VPP CLI command %q: %w", cmd, err) 44 | } 45 | return response.Reply, nil 46 | } 47 | -------------------------------------------------------------------------------- /vpplink/vpplink.go: -------------------------------------------------------------------------------- 1 | // Copyright (C) 2019 Cisco Systems Inc. 2 | // 3 | // Licensed under the Apache License, Version 2.0 (the "License"); 4 | // you may not use this file except in compliance with the License. 5 | // You may obtain a copy of the License at 6 | // 7 | // http://www.apache.org/licenses/LICENSE-2.0 8 | // 9 | // Unless required by applicable law or agreed to in writing, software 10 | // distributed under the License is distributed on an "AS IS" BASIS, 11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or 12 | // implied. 13 | // See the License for the specific language governing permissions and 14 | // limitations under the License. 15 | 16 | package vpplink 17 | 18 | import ( 19 | "os" 20 | "sync" 21 | 22 | "github.com/sirupsen/logrus" 23 | 24 | "github.com/projectcalico/vpp-dataplane/v3/vpplink/generated" 25 | ) 26 | 27 | type VppLink struct { 28 | *generated.Vpp 29 | pid uint32 30 | watcherLock sync.Mutex 31 | interfaceEventWatchers []*interfaceEventWatcher 32 | stopEvents func() error 33 | } 34 | 35 | func NewVppLink(socket string, logger *logrus.Entry) (*VppLink, error) { 36 | vpp, err := generated.NewVpp(socket, logger) 37 | return &VppLink{Vpp: vpp, pid: uint32(os.Getpid())}, err 38 | } 39 | -------------------------------------------------------------------------------- /yaml/base/kustomization.yaml: -------------------------------------------------------------------------------- 1 | resources: 2 | - calico-vpp-daemonset.yaml 3 | -------------------------------------------------------------------------------- /yaml/calico/installation-default.yaml: -------------------------------------------------------------------------------- 1 | # This section includes base Calico installation configuration. 2 | # For more information, see: https://projectcalico.docs.tigera.io/master/reference/installation/api#operator.tigera.io/v1.Installation 3 | apiVersion: operator.tigera.io/v1 4 | kind: Installation 5 | metadata: 6 | name: default 7 | spec: 8 | # Configures Calico networking. 9 | calicoNetwork: 10 | linuxDataplane: VPP 11 | 12 | --- 13 | 14 | # This section configures the Calico API server. 15 | # For more information, see: https://projectcalico.docs.tigera.io/master/reference/installation/api#operator.tigera.io/v1.APIServer 16 | apiVersion: operator.tigera.io/v1 17 | kind: APIServer 18 | metadata: 19 | name: default 20 | spec: {} 21 | 22 | -------------------------------------------------------------------------------- /yaml/calico/installation-eks.yaml: -------------------------------------------------------------------------------- 1 | # This section includes base Calico installation configuration. 2 | # For more information, see: https://docs.tigera.io/calico/latest/reference/installation/api#operator.tigera.io/v1.Installation 3 | apiVersion: operator.tigera.io/v1 4 | kind: Installation 5 | metadata: 6 | name: default 7 | spec: 8 | # Configures Calico networking. 9 | cni: 10 | type: Calico 11 | calicoNetwork: 12 | bgp: Enabled 13 | linuxDataplane: VPP 14 | nodeAddressAutodetectionV4: 15 | interface: eth0 16 | ipPools: 17 | - cidr: 10.10.0.0/16 18 | 19 | 20 | --- 21 | 22 | # This section configures the Calico API server. 23 | # For more information, see: https://docs.tigera.io/calico/latest/reference/installation/api#operator.tigera.io/v1.APIServer 24 | apiVersion: operator.tigera.io/v1 25 | kind: APIServer 26 | metadata: 27 | name: default 28 | spec: {} 29 | -------------------------------------------------------------------------------- /yaml/calico/installation-flat.yaml: -------------------------------------------------------------------------------- 1 | # This section includes base Calico installation configuration. 2 | # For more information, see: https://projectcalico.docs.tigera.io/master/reference/installation/api#operator.tigera.io/v1.Installation 3 | apiVersion: operator.tigera.io/v1 4 | kind: Installation 5 | metadata: 6 | name: default 7 | spec: 8 | # Configures Calico networking. 9 | calicoNetwork: 10 | linuxDataplane: VPP 11 | nodeAddressAutodetectionV4: 12 | interface: eth0 13 | ipPools: 14 | - cidr: 172.16.0.0/16 15 | encapsulation: None 16 | 17 | 18 | --- 19 | 20 | # This section configures the Calico API server. 21 | # For more information, see: https://projectcalico.docs.tigera.io/master/reference/installation/api#operator.tigera.io/v1.APIServer 22 | apiVersion: operator.tigera.io/v1 23 | kind: APIServer 24 | metadata: 25 | name: default 26 | spec: {} 27 | -------------------------------------------------------------------------------- /yaml/calico/installation-test-v4.yaml: -------------------------------------------------------------------------------- 1 | # This section includes base Calico installation configuration. 2 | # For more information, see: https://projectcalico.docs.tigera.io/master/reference/installation/api#operator.tigera.io/v1.Installation 3 | apiVersion: operator.tigera.io/v1 4 | kind: Installation 5 | metadata: 6 | name: default 7 | spec: 8 | # Configures Calico networking. 9 | calicoNetwork: 10 | linuxDataplane: VPP 11 | nodeAddressAutodetectionV4: 12 | interface: eth1 13 | ipPools: 14 | - cidr: 172.16.0.0/16 15 | 16 | 17 | --- 18 | 19 | # This section configures the Calico API server. 20 | # For more information, see: https://projectcalico.docs.tigera.io/master/reference/installation/api#operator.tigera.io/v1.APIServer 21 | apiVersion: operator.tigera.io/v1 22 | kind: APIServer 23 | metadata: 24 | name: default 25 | spec: {} 26 | -------------------------------------------------------------------------------- /yaml/calico/installation-test-v6.yaml: -------------------------------------------------------------------------------- 1 | # This section includes base Calico installation configuration. 2 | # For more information, see: https://projectcalico.docs.tigera.io/master/reference/installation/api#operator.tigera.io/v1.Installation 3 | apiVersion: operator.tigera.io/v1 4 | kind: Installation 5 | metadata: 6 | name: default 7 | spec: 8 | # Configures Calico networking. 9 | calicoNetwork: 10 | linuxDataplane: VPP 11 | nodeAddressAutodetectionV4: 12 | interface: eth1 13 | ipPools: 14 | - cidr: "fd01::/64" 15 | 16 | 17 | --- 18 | 19 | # This section configures the Calico API server. 20 | # For more information, see: https://projectcalico.docs.tigera.io/master/reference/installation/api#operator.tigera.io/v1.APIServer 21 | apiVersion: operator.tigera.io/v1 22 | kind: APIServer 23 | metadata: 24 | name: default 25 | spec: {} 26 | -------------------------------------------------------------------------------- /yaml/calico/installation-vxlan-v6.yaml: -------------------------------------------------------------------------------- 1 | # This section includes base Calico installation configuration. 2 | # For more information, see: https://projectcalico.docs.tigera.io/master/reference/installation/api#operator.tigera.io/v1.Installation 3 | apiVersion: operator.tigera.io/v1 4 | kind: Installation 5 | metadata: 6 | name: default 7 | spec: 8 | # Configures Calico networking. 9 | calicoNetwork: 10 | linuxDataplane: VPP 11 | nodeAddressAutodetectionV4: 12 | interface: eth1 13 | ipPools: 14 | - cidr: "fd01::/64" 15 | encapsulation: VXLAN 16 | 17 | --- 18 | 19 | # This section configures the Calico API server. 20 | # For more information, see: https://projectcalico.docs.tigera.io/master/reference/installation/api#operator.tigera.io/v1.APIServer 21 | apiVersion: operator.tigera.io/v1 22 | kind: APIServer 23 | metadata: 24 | name: default 25 | spec: {} 26 | -------------------------------------------------------------------------------- /yaml/calico/installation-vxlan.yaml: -------------------------------------------------------------------------------- 1 | # This section includes base Calico installation configuration. 2 | # For more information, see: https://projectcalico.docs.tigera.io/master/reference/installation/api#operator.tigera.io/v1.Installation 3 | apiVersion: operator.tigera.io/v1 4 | kind: Installation 5 | metadata: 6 | name: default 7 | spec: 8 | # Configures Calico networking. 9 | calicoNetwork: 10 | linuxDataplane: VPP 11 | nodeAddressAutodetectionV4: 12 | interface: eth1 13 | ipPools: 14 | - cidr: 172.16.0.0/16 15 | encapsulation: VXLAN 16 | 17 | --- 18 | 19 | # This section configures the Calico API server. 20 | # For more information, see: https://projectcalico.docs.tigera.io/master/reference/installation/api#operator.tigera.io/v1.APIServer 21 | apiVersion: operator.tigera.io/v1 22 | kind: APIServer 23 | metadata: 24 | name: default 25 | spec: {} 26 | -------------------------------------------------------------------------------- /yaml/components/ipsec/ipsec.yaml: -------------------------------------------------------------------------------- 1 | kind: ConfigMap 2 | apiVersion: v1 3 | metadata: 4 | name: calico-vpp-config 5 | namespace: calico-vpp-dataplane 6 | data: 7 | CALICOVPP_FEATURE_GATES: |- 8 | { 9 | "ipsecEnabled": true 10 | } 11 | --- 12 | kind: DaemonSet 13 | apiVersion: apps/v1 14 | metadata: 15 | name: calico-vpp-node 16 | namespace: calico-vpp-dataplane 17 | spec: 18 | template: 19 | spec: 20 | containers: 21 | - name: agent 22 | env: 23 | - name: CALICOVPP_IPSEC_IKEV2_PSK 24 | valueFrom: 25 | secretKeyRef: 26 | name: calicovpp-ipsec-secret 27 | key: psk 28 | -------------------------------------------------------------------------------- /yaml/components/ipsec/kustomization.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kustomize.config.k8s.io/v1alpha1 # <-- Component notation 2 | kind: Component 3 | 4 | patchesStrategicMerge: 5 | - ipsec.yaml 6 | -------------------------------------------------------------------------------- /yaml/components/multinet/kustomization.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kustomize.config.k8s.io/v1alpha1 # <-- Component notation 2 | kind: Component 3 | 4 | resources: 5 | - monitor-deployment.yaml 6 | 7 | patchesStrategicMerge: 8 | - multinet.yaml 9 | -------------------------------------------------------------------------------- /yaml/components/multinet/monitor-deployment.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: apps/v1 2 | kind: Deployment 3 | metadata: 4 | name: multinet-monitor-deployment 5 | namespace: calico-vpp-dataplane 6 | labels: 7 | k8s-app: calico-vpp-node 8 | spec: 9 | replicas: 1 10 | selector: 11 | matchLabels: 12 | k8s-app: calico-vpp-node 13 | template: 14 | metadata: 15 | labels: 16 | k8s-app: calico-vpp-node 17 | spec: 18 | serviceAccountName: calico-vpp-node-sa 19 | containers: 20 | - name: multinet-monitor 21 | image: docker.io/calicovpp/multinet-monitor:latest 22 | imagePullPolicy: IfNotPresent 23 | resources: 24 | requests: 25 | cpu: 250m 26 | -------------------------------------------------------------------------------- /yaml/components/srv6/kustomization.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kustomize.config.k8s.io/v1alpha1 # <-- Component notation 2 | kind: Component 3 | 4 | resources: 5 | - srv6res.yaml 6 | 7 | patchesStrategicMerge: 8 | - srv6.yaml 9 | -------------------------------------------------------------------------------- /yaml/components/srv6/srv6.yaml: -------------------------------------------------------------------------------- 1 | kind: ConfigMap 2 | apiVersion: v1 3 | metadata: 4 | name: calico-vpp-config 5 | namespace: calico-vpp-dataplane 6 | data: 7 | SERVICE_PREFIX: "10.96.0.0/12" 8 | CALICOVPP_DEBUG: |- 9 | { 10 | "gsoEnabled": false 11 | } 12 | CALICOVPP_SRV6: |- 13 | { 14 | "policyPool": "cafe::/118", 15 | "localsidPool": "fcff::/48" 16 | } 17 | CALICOVPP_FEATURE_GATES: |- 18 | { 19 | "srv6Enabled": true 20 | } 21 | -------------------------------------------------------------------------------- /yaml/components/srv6/srv6res.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | items: 3 | - apiVersion: crd.projectcalico.org/v1 4 | kind: IPPool 5 | metadata: 6 | name: default-ipv4-ippool 7 | spec: 8 | blockSize: 26 9 | cidr: 172.16.0.0/16 10 | ipipMode: Never 11 | natOutgoing: true 12 | nodeSelector: all() 13 | vxlanMode: Never 14 | - apiVersion: crd.projectcalico.org/v1 15 | kind: IPPool 16 | metadata: 17 | name: default-ipv6-ippool 18 | spec: 19 | blockSize: 122 20 | cidr: fdfb:af47:32af::/48 21 | ipipMode: Never 22 | nodeSelector: all() 23 | vxlanMode: Never 24 | - apiVersion: crd.projectcalico.org/v1 25 | kind: IPPool 26 | metadata: 27 | name: sr-policies-pool 28 | spec: 29 | blockSize: 122 30 | cidr: cafe::/118 31 | ipipMode: Never 32 | nodeSelector: '!all()' 33 | vxlanMode: Never 34 | - apiVersion: crd.projectcalico.org/v1 35 | kind: IPPool 36 | metadata: 37 | name: sr-localsids-pool-master 38 | spec: 39 | cidr: fcff:0:0:00AA::/64 40 | ipipMode: Never 41 | nodeSelector: kubernetes.io/hostname == 'master' 42 | vxlanMode: Never 43 | - apiVersion: crd.projectcalico.org/v1 44 | kind: IPPool 45 | metadata: 46 | name: sr-localsids-pool-node1 47 | spec: 48 | cidr: fcff:0:0:11AA::/64 49 | ipipMode: Never 50 | nodeSelector: kubernetes.io/hostname == 'node1' 51 | vxlanMode: Never 52 | - apiVersion: crd.projectcalico.org/v1 53 | kind: IPPool 54 | metadata: 55 | name: sr-localsids-pool-node2 56 | spec: 57 | cidr: fcff:0:0:12AA::/64 58 | ipipMode: Never 59 | nodeSelector: kubernetes.io/hostname == 'node2' 60 | vxlanMode: Never 61 | kind: List 62 | metadata: 63 | resourceVersion: "" 64 | selfLink: "" -------------------------------------------------------------------------------- /yaml/components/vagrant-mounts/kustomization.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kustomize.config.k8s.io/v1alpha1 # <-- Component notation 2 | kind: Component 3 | 4 | patchesStrategicMerge: 5 | - mounts.yaml 6 | - update.yaml 7 | -------------------------------------------------------------------------------- /yaml/components/vagrant-mounts/mounts.yaml: -------------------------------------------------------------------------------- 1 | kind: DaemonSet 2 | apiVersion: apps/v1 3 | metadata: 4 | name: calico-vpp-node 5 | namespace: calico-vpp-dataplane 6 | spec: 7 | template: 8 | spec: 9 | containers: 10 | - name: agent 11 | imagePullPolicy: Never 12 | volumeMounts: 13 | - name: repo-root 14 | mountPath: /repo 15 | - name: repo-root 16 | mountPath: /home/hostuser/vpp-dataplane 17 | readOnly: true 18 | - name: api-proxy-binary 19 | mountPath: /bin/felix-api-proxy 20 | readOnly: true 21 | - name: agent-binary 22 | mountPath: /bin/calico-vpp-agent 23 | readOnly: true 24 | - name: vpp 25 | imagePullPolicy: Never 26 | env: 27 | - name: CALICOVPP_LOG_LEVEL 28 | value: debug 29 | volumeMounts: 30 | - name: repo-root 31 | mountPath: /repo 32 | - name: vpp-root 33 | mountPath: /home/hostuser/vpp 34 | readOnly: true 35 | - name: repo-root 36 | mountPath: /home/hostuser/vpp-dataplane 37 | readOnly: true 38 | volumes: 39 | # Used to put the latest binaries in the containers (dev images) without rebuilding images in testing 40 | - name: repo-root 41 | hostPath: 42 | type: Directory 43 | path: /host-repo 44 | - name: api-proxy-binary 45 | hostPath: 46 | type: File 47 | path: /host-repo/calico-vpp-agent/bin/felix-api-proxy 48 | - name: agent-binary 49 | hostPath: 50 | type: File 51 | path: /host-repo/calico-vpp-agent/bin/calico-vpp-agent 52 | - name: vpp-root 53 | hostPath: 54 | type: Directory 55 | path: /host-repo/vpp-manager/vpp_build 56 | 57 | -------------------------------------------------------------------------------- /yaml/components/vagrant-mounts/update.yaml: -------------------------------------------------------------------------------- 1 | kind: DaemonSet 2 | apiVersion: apps/v1 3 | metadata: 4 | name: calico-vpp-node 5 | namespace: calico-vpp-dataplane 6 | spec: 7 | updateStrategy: 8 | type: RollingUpdate 9 | rollingUpdate: 10 | maxUnavailable: 5 11 | -------------------------------------------------------------------------------- /yaml/generated/.gitkeep: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/projectcalico/vpp-dataplane/bf1252c1b0187a5d9e0cb7951509ab1f06ab597a/yaml/generated/.gitkeep -------------------------------------------------------------------------------- /yaml/overlays/default-huge/default-huge.yaml: -------------------------------------------------------------------------------- 1 | kind: ConfigMap 2 | apiVersion: v1 3 | metadata: 4 | name: calico-vpp-config 5 | namespace: calico-vpp-dataplane 6 | data: 7 | CALICOVPP_INTERFACES: |- 8 | { 9 | "maxPodIfSpec": { 10 | "rx": 10, "tx": 10, "rxqsz": 1024, "txqsz": 1024 11 | }, 12 | "defaultPodIfSpec": { 13 | "rx": 1, "tx":1, "isl3": true 14 | }, 15 | "vppHostTapSpec": { 16 | "rx": 1, "tx":1, "rxqsz": 1024, "txqsz": 1024, "isl3": false 17 | }, 18 | "uplinkInterfaces": [ 19 | { 20 | "interfaceName": "eth1", 21 | "vppDriver": "" 22 | } 23 | ] 24 | } 25 | --- 26 | kind: DaemonSet 27 | apiVersion: apps/v1 28 | metadata: 29 | name: calico-vpp-node 30 | namespace: calico-vpp-dataplane 31 | spec: 32 | template: 33 | spec: 34 | containers: 35 | - name: vpp 36 | resources: 37 | limits: 38 | hugepages-2Mi: 512Mi 39 | -------------------------------------------------------------------------------- /yaml/overlays/default-huge/kustomization.yaml: -------------------------------------------------------------------------------- 1 | bases: 2 | - ../../base 3 | patchesStrategicMerge: 4 | - default-huge.yaml 5 | -------------------------------------------------------------------------------- /yaml/overlays/default-multinet/kustomization.yaml: -------------------------------------------------------------------------------- 1 | bases: 2 | - ../../base 3 | components: 4 | - ../../components/multinet 5 | -------------------------------------------------------------------------------- /yaml/overlays/dev/calico-vpp-dev-configmap.yaml: -------------------------------------------------------------------------------- 1 | kind: ConfigMap 2 | apiVersion: v1 3 | metadata: 4 | name: calico-vpp-config 5 | namespace: calico-vpp-dataplane 6 | data: 7 | CALICOVPP_LOG_LEVEL: ${CALICOVPP_LOG_LEVEL} 8 | CALICOVPP_BGP_LOG_LEVEL: ${CALICOVPP_BGP_LOG_LEVEL} 9 | SERVICE_PREFIX: ${SERVICE_PREFIX} 10 | CALICOVPP_IPSEC_IKEV2_PSK: ${CALICOVPP_IPSEC_IKEV2_PSK} 11 | CALICOVPP_SWAP_DRIVER: ${CALICOVPP_SWAP_DRIVER} 12 | CALICOVPP_INIT_SCRIPT_TEMPLATE: ${CALICOVPP_INIT_SCRIPT_TEMPLATE} 13 | CALICOVPP_CONFIG_TEMPLATE: ${CALICOVPP_CONFIG_TEMPLATE} 14 | CALICOVPP_CONFIG_EXEC_TEMPLATE: ${CALICOVPP_CONFIG_EXEC_TEMPLATE} 15 | DEBUG: ${DEBUG} 16 | CALICOVPP_INITIAL_CONFIG: ${CALICOVPP_INITIAL_CONFIG} 17 | CALICOVPP_DEBUG: ${CALICOVPP_DEBUG} 18 | CALICOVPP_INTERFACES: ${CALICOVPP_INTERFACES} 19 | CALICOVPP_FEATURE_GATES: ${CALICOVPP_FEATURE_GATES} 20 | CALICOVPP_IPSEC: ${CALICOVPP_IPSEC} 21 | CALICOVPP_SRV6: ${CALICOVPP_SRV6} 22 | CALICOVPP_LOG_FORMAT: pretty 23 | -------------------------------------------------------------------------------- /yaml/overlays/dev/calico-vpp-dev-patch.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | kind: DaemonSet 3 | apiVersion: apps/v1 4 | metadata: 5 | name: calico-vpp-node 6 | namespace: calico-vpp-dataplane 7 | spec: 8 | template: 9 | spec: 10 | containers: 11 | - name: agent 12 | image: ${CALICO_AGENT_IMAGE} 13 | imagePullPolicy: ${IMAGE_PULL_POLICY} 14 | - name: vpp 15 | image: ${CALICO_VPP_IMAGE} 16 | imagePullPolicy: ${IMAGE_PULL_POLICY} 17 | env: 18 | - name: DATASTORE_TYPE 19 | value: kubernetes 20 | - name: WAIT_FOR_DATASTORE 21 | value: "true" 22 | - name: NODENAME 23 | valueFrom: 24 | fieldRef: 25 | fieldPath: spec.nodeName 26 | # Updates to -env below 27 | - name: LD_LIBRARY_PATH 28 | value: "/repo/vpp-manager/vpp_build/build-root/install-vpp-native/vpp/" 29 | resources: 30 | requests: 31 | cpu: 1 32 | memory: 4Gi 33 | limits: 34 | memory: 80Gi 35 | hugepages-2Mi: 4Gi 36 | volumeMounts: 37 | # Add your home to the container we can launch rebulid vpp 38 | # without the whole container 39 | - name: repo-directory 40 | mountPath: /repo 41 | - name: ssl-certs 42 | mountPath: /etc/ssl/certs/ 43 | - name: share-certs 44 | mountPath: /usr/share/ca-certificates 45 | volumes: 46 | - name: repo-directory 47 | hostPath: 48 | path: ${REPO_DIRECTORY} 49 | - name: ssl-certs 50 | hostPath: 51 | path: /etc/ssl/certs/ 52 | - name: share-certs 53 | hostPath: 54 | path: /usr/share/ca-certificates 55 | -------------------------------------------------------------------------------- /yaml/overlays/dev/calico-vpp-nohuge.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | kind: DaemonSet 3 | apiVersion: apps/v1 4 | metadata: 5 | name: calico-vpp-node 6 | namespace: calico-vpp-dataplane 7 | spec: 8 | template: 9 | spec: 10 | containers: 11 | - name: vpp 12 | resources: 13 | limits: 14 | hugepages-2Mi: -------------------------------------------------------------------------------- /yaml/overlays/dev/installation-dev.yaml: -------------------------------------------------------------------------------- 1 | # This section includes base Calico installation configuration. 2 | # For more information, see: https://projectcalico.docs.tigera.io/master/reference/installation/api#operator.tigera.io/v1.Installation 3 | apiVersion: operator.tigera.io/v1 4 | kind: Installation 5 | metadata: 6 | name: default 7 | spec: 8 | # Configures Calico networking. 9 | calicoNetwork: 10 | linuxDataplane: VPP 11 | mtu: ${CALICO_MTU} 12 | nodeAddressAutodetectionV4: 13 | interface: ${CALICOVPP_MAIN_INTERFACE} 14 | nodeAddressAutodetectionV6: 15 | interface: ${CALICOVPP_MAIN_INTERFACE} 16 | ipPools: 17 | ${INSTALLATION_CIDRS} 18 | --- 19 | 20 | # This section configures the Calico API server. 21 | # For more information, see: https://projectcalico.docs.tigera.io/master/reference/installation/api#operator.tigera.io/v1.APIServer 22 | apiVersion: operator.tigera.io/v1 23 | kind: APIServer 24 | metadata: 25 | name: default 26 | spec: {} 27 | 28 | -------------------------------------------------------------------------------- /yaml/overlays/dev/multinet-monitor-dev-patch.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: apps/v1 3 | kind: Deployment 4 | metadata: 5 | name: multinet-monitor-deployment 6 | namespace: calico-vpp-dataplane 7 | spec: 8 | template: 9 | spec: 10 | containers: 11 | - name: multinet-monitor 12 | image: ${MULTINET_MONITOR_IMAGE} 13 | imagePullPolicy: ${IMAGE_PULL_POLICY} 14 | -------------------------------------------------------------------------------- /yaml/overlays/dpdk/dpdk.yaml: -------------------------------------------------------------------------------- 1 | kind: ConfigMap 2 | apiVersion: v1 3 | metadata: 4 | name: calico-vpp-config 5 | namespace: calico-vpp-dataplane 6 | data: 7 | CALICOVPP_INTERFACES: |- 8 | { 9 | "maxPodIfSpec": { 10 | "rx": 10, "tx": 10, "rxqsz": 1024, "txqsz": 1024 11 | }, 12 | "defaultPodIfSpec": { 13 | "rx": 1, "tx":1, "isl3": true 14 | }, 15 | "vppHostTapSpec": { 16 | "rx": 1, "tx":1, "rxqsz": 1024, "txqsz": 1024, "isl3": false 17 | }, 18 | "uplinkInterfaces": [ 19 | { 20 | "interfaceName": "eth1", 21 | "vppDriver": "dpdk" 22 | } 23 | ] 24 | } 25 | --- 26 | kind: DaemonSet 27 | apiVersion: apps/v1 28 | metadata: 29 | name: calico-vpp-node 30 | namespace: calico-vpp-dataplane 31 | spec: 32 | template: 33 | spec: 34 | containers: 35 | - name: vpp 36 | resources: 37 | limits: 38 | hugepages-2Mi: 512Mi 39 | -------------------------------------------------------------------------------- /yaml/overlays/dpdk/kustomization.yaml: -------------------------------------------------------------------------------- 1 | bases: 2 | - ../../base 3 | patchesStrategicMerge: 4 | - dpdk.yaml 5 | -------------------------------------------------------------------------------- /yaml/overlays/eks-dpdk-multinet/kustomization.yaml: -------------------------------------------------------------------------------- 1 | resources: 2 | - ../eks-dpdk 3 | components: 4 | - ../../components/multinet 5 | -------------------------------------------------------------------------------- /yaml/overlays/eks-dpdk/eks-config.yaml: -------------------------------------------------------------------------------- 1 | kind: ConfigMap 2 | apiVersion: v1 3 | metadata: 4 | name: calico-vpp-config 5 | namespace: calico-vpp-dataplane 6 | data: # Configuration template for VPP in EKS 7 | CALICOVPP_INTERFACES: |- 8 | { 9 | "maxPodIfSpec": { 10 | "rx": 10, "tx": 10, "rxqsz": 1024, "txqsz": 1024 11 | }, 12 | "defaultPodIfSpec": { 13 | "rx": 1, "tx":1, "isl3": true 14 | }, 15 | "vppHostTapSpec": { 16 | "rx": 1, "tx":1, "rxqsz": 1024, "txqsz": 1024, "isl3": false 17 | }, 18 | "uplinkInterfaces": [ 19 | { 20 | "interfaceName": "eth0", 21 | "vppDriver": "dpdk" 22 | } 23 | ] 24 | } 25 | --- 26 | kind: DaemonSet 27 | apiVersion: apps/v1 28 | metadata: 29 | name: calico-vpp-node 30 | namespace: calico-vpp-dataplane 31 | spec: 32 | template: 33 | spec: 34 | containers: 35 | - name: vpp 36 | resources: 37 | limits: 38 | hugepages-2Mi: 512Mi 39 | -------------------------------------------------------------------------------- /yaml/overlays/eks-dpdk/kustomization.yaml: -------------------------------------------------------------------------------- 1 | bases: 2 | - ../eks 3 | patchesStrategicMerge: 4 | - eks-config.yaml 5 | -------------------------------------------------------------------------------- /yaml/overlays/eks-multinet/kustomization.yaml: -------------------------------------------------------------------------------- 1 | resources: 2 | - ../eks 3 | components: 4 | - ../../components/multinet 5 | -------------------------------------------------------------------------------- /yaml/overlays/eks/eks-config.yaml: -------------------------------------------------------------------------------- 1 | kind: ConfigMap 2 | apiVersion: v1 3 | metadata: 4 | name: calico-vpp-config 5 | namespace: calico-vpp-dataplane 6 | data: # Configuration template for VPP in EKS 7 | SERVICE_PREFIX: 10.100.0.0/16 8 | CALICOVPP_INTERFACES: |- 9 | { 10 | "maxPodIfSpec": { 11 | "rx": 10, "tx": 10, "rxqsz": 1024, "txqsz": 1024 12 | }, 13 | "defaultPodIfSpec": { 14 | "rx": 1, "tx":1, "isl3": true 15 | }, 16 | "vppHostTapSpec": { 17 | "rx": 1, "tx":1, "rxqsz": 1024, "txqsz": 1024, "isl3": false 18 | }, 19 | "uplinkInterfaces": [ 20 | { 21 | "interfaceName": "eth0", 22 | "vppDriver": "af_packet" 23 | } 24 | ] 25 | } 26 | --- 27 | kind: DaemonSet 28 | apiVersion: apps/v1 29 | metadata: 30 | name: calico-vpp-node 31 | namespace: calico-vpp-dataplane 32 | spec: 33 | template: 34 | spec: 35 | containers: 36 | - name: vpp 37 | env: 38 | - name: CALICOVPP_HOOK_BEFORE_VPP_RUN 39 | value: "echo 'sudo systemctl stop network ; sudo systemctl kill network' | chroot /host" 40 | - name: CALICOVPP_HOOK_VPP_RUNNING 41 | value: "echo 'sudo systemctl start network' | chroot /host" 42 | - name: CALICOVPP_HOOK_VPP_DONE_OK 43 | value: "echo 'sudo systemctl stop network ; sudo systemctl kill network ; sudo systemctl start network' | chroot /host" 44 | - name: CALICOVPP_HOOK_VPP_ERRORED 45 | value: "echo 'sudo systemctl stop network ; sudo systemctl kill network ; sudo systemctl start network' | chroot /host" 46 | -------------------------------------------------------------------------------- /yaml/overlays/eks/kustomization.yaml: -------------------------------------------------------------------------------- 1 | bases: 2 | - ../../base 3 | patchesStrategicMerge: 4 | - eks-config.yaml 5 | -------------------------------------------------------------------------------- /yaml/overlays/kind-multinet/kustomization.yaml: -------------------------------------------------------------------------------- 1 | bases: 2 | - ../kind 3 | components: 4 | - ../../components/multinet 5 | -------------------------------------------------------------------------------- /yaml/overlays/kind/README.md: -------------------------------------------------------------------------------- 1 | # Kind cluster setup 2 | 3 | ``` 4 | kind create cluster --config - < 18 | -------------------------------------------------------------------------------- /yaml/platforms/openshift/03-configmap-calico-vpp-resources.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: v1 3 | kind: ConfigMap 4 | metadata: 5 | name: calico-vpp-config 6 | namespace: calico-vpp-dataplane 7 | data: 8 | CALICOVPP_CONFIG_TEMPLATE: |- 9 | unix { 10 | nodaemon 11 | full-coredump 12 | cli-listen /var/run/vpp/cli.sock 13 | pidfile /run/vpp/vpp.pid 14 | exec /etc/vpp/startup.exec 15 | } 16 | api-trace { on } 17 | cpu { 18 | workers 0 19 | } 20 | socksvr { 21 | socket-name /var/run/vpp/vpp-api.sock 22 | } 23 | plugins { 24 | plugin default { enable } 25 | plugin dpdk_plugin.so { disable } 26 | plugin calico_plugin.so { enable } 27 | plugin ping_plugin.so { disable } 28 | plugin dispatch_trace_plugin.so { enable } 29 | } 30 | buffers { 31 | buffers-per-numa 262144 32 | } 33 | CALICOVPP_INITIAL_CONFIG: |- 34 | { 35 | "vppStartupSleepSeconds": 1, 36 | "corePattern": "/var/lib/vpp/vppcore.%e.%p" 37 | } 38 | CALICOVPP_INTERFACES: |- 39 | { 40 | "maxPodIfSpec": { 41 | "rx": 10, "tx": 10, "rxqsz": 1024, "txqsz": 1024 42 | }, 43 | "defaultPodIfSpec": { 44 | "rx": 1, "tx":1, "isl3": true 45 | }, 46 | "vppHostTapSpec": { 47 | "rx": 1, "tx":1, "rxqsz": 1024, "txqsz": 1024, "isl3": false 48 | }, 49 | "uplinkInterfaces": [ 50 | { 51 | "interfaceName": "ens5", 52 | "vppDriver": "af_packet" 53 | } 54 | ] 55 | } 56 | SERVICE_PREFIX: 172.30.0.0/16 57 | -------------------------------------------------------------------------------- /yaml/platforms/openshift/03-rolebinding-calico-vpp-dataplane.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: rbac.authorization.k8s.io/v1 2 | kind: ClusterRoleBinding 3 | metadata: 4 | name: calico-vpp-node 5 | roleRef: 6 | apiGroup: rbac.authorization.k8s.io 7 | kind: ClusterRole 8 | name: calico-vpp-node-role 9 | subjects: 10 | - kind: ServiceAccount 11 | name: calico-vpp-node-sa 12 | namespace: calico-vpp-dataplane 13 | -------------------------------------------------------------------------------- /yaml/platforms/openshift/03-serviceaccount-calico-vpp-dataplane.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: ServiceAccount 3 | metadata: 4 | name: calico-vpp-node-sa 5 | namespace: calico-vpp-dataplane 6 | -------------------------------------------------------------------------------- /yaml/static/README.md: -------------------------------------------------------------------------------- 1 | ## Install Calico VPP using static Kubernetes manifest 2 | 3 | The recommended way to install Calico VPP is using operator. However, it is also possible 4 | to bypass the operator and install Calico VPP using the Kubernetes manifest directly. 5 | To be able to do so, one would need the static Calico VPP manifest. 6 | 7 | Here's how to generate the static Kubernetes manifest: 8 | 9 | * Clone the Calico VPP repo and go to the `vpp-dataplane/yaml/static` dir: 10 | 11 | ```bash 12 | cd vpp-dataplane/yaml/static 13 | ``` 14 | 15 | * Download the appropriate Calico Kubernetes manifest file. For example, to 16 | install Calico VPP v3.28.0, download the corresponding Calico v3.28.0 manifest: 17 | 18 | ```bash 19 | wget https://raw.githubusercontent.com/projectcalico/calico/release-v3.28/manifests/calico.yaml 20 | ``` 21 | 22 | * Copy the appropriate **generated** Calico VPP daemonset yaml and rename it to `calico-vpp-daemonset.yaml`. 23 | For example, to install Calico VPP v3.28.0 in EKS: 24 | 25 | ```bash 26 | git checkout release/v3.28.0 27 | cp ../generated/calico-vpp-eks.yaml ./calico-vpp-daemonset.yaml 28 | ``` 29 | 30 | One can also download the same directly: 31 | 32 | ```bash 33 | wget -O calico-vpp-daemonset.yaml https://raw.githubusercontent.com/projectcalico/vpp-dataplane/release/v3.28.0/yaml/generated/calico-vpp-eks.yaml 34 | ``` 35 | 36 | * Finally, run kustomize: 37 | 38 | ```bash 39 | kubectl kustomize . > calico-vpp-eks.yaml 40 | ``` 41 | 42 | `calico-vpp-eks.yaml` is the static Kubernetes manifest that can be used to install Calico VPP in EKS directly. 43 | 44 | 45 | Having generated the static manifest, one can then customize it per one's requirements and environment before installing. 46 | Please refer to [Getting Started](https://docs.projectcalico.org/getting-started/kubernetes/vpp/getting-started) for more information. 47 | 48 | 49 | **NOTE:** If installing in EKS, add the following to the `calico-node` env definitions: 50 | ``` 51 | - name: FELIX_AWSSRCDSTCHECK 52 | value: "Disable" 53 | ``` 54 | 55 | -------------------------------------------------------------------------------- /yaml/static/kustomization.yaml: -------------------------------------------------------------------------------- 1 | resources: 2 | - calico.yaml 3 | - calico-vpp-daemonset.yaml 4 | patchesStrategicMerge: 5 | - calico-patch.yaml 6 | --------------------------------------------------------------------------------