diff --git a/examples/ip_pipeline/config/network_layers.cfg b/examples/ip_pipeline/config/network_layers.cfg new file mode 100644 index 0000000000..8054d9feaf --- /dev/null +++ b/examples/ip_pipeline/config/network_layers.cfg @@ -0,0 +1,223 @@ +; BSD LICENSE +; +; Copyright(c) 2016 Intel Corporation. All rights reserved. +; All rights reserved. +; +; Redistribution and use in source and binary forms, with or without +; modification, are permitted provided that the following conditions +; are met: +; +; * Redistributions of source code must retain the above copyright +; notice, this list of conditions and the following disclaimer. +; * Redistributions in binary form must reproduce the above copyright +; notice, this list of conditions and the following disclaimer in +; the documentation and/or other materials provided with the +; distribution. +; * Neither the name of Intel Corporation nor the names of its +; contributors may be used to endorse or promote products derived +; from this software without specific prior written permission. +; +; THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS +; "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT +; LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR +; A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT +; OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, +; SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT +; LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, +; DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY +; THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT +; (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE +; OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + +; The diagram below shows how additional protocol components can be plugged into +; the IP layer implemented by the ip_pipeline application. Pick your favorite +; open source components for dynamic ARP, ICMP, UDP or TCP termination, etc and +; connect them through SWQs to the IP infrastructure. +; +; The input packets with local destination are sent to the UDP/TCP applications +; while the input packets with remote destination are routed back to the +; network. Additional features can easily be added to this setup: +; * IP Reassembly: add SWQs with IP reassembly enabled (typically required for +; the input traffic with local destination); +; * IP Fragmentation: add SWQs with IP fragmentation enabled (typically +; required to enforce the MTU for the routed output traffic); +; * Traffic Metering: add Flow Action pipeline instances (e.g. for metering the +; TCP connections or ICMP input traffic); +; * Traffic Management: add TMs for the required output LINKs; +; * Protocol encapsulations (QinQ, MPLS) for the output packets: part of the +; routing pipeline configuration. +; +; _________ _________ +; | | | | +; | UDP | | TCP | +; | App | | App | +; |_________| |_________| +; ^ | ^ | +; __|___V__ __|___V__ +; | | SWQ0 (UDP TX) | | SWQ1 (TCP TX) +; | UDP |-------+ | TCP |------------+ +; | | | | | | +; |_________| | |_________| | +; ^ | ^ | +; | SWQ2 | | SWQ3 | +; | (UDP RX) | | (TCP RX) | +; ____|____ | ____|____ | +; | | | | | | +; RXQ<0..3>.1 ------>|Firewall +--->| | +------>| Flow +--->| | +; (UDP local dest) | (P2) | SINK0 | | | (P3) | SINK1 | +; |_________| (Deny)| | |_________| (RST) | +; RXQ<0..3>.2 -------------------------|-----+ | +; (TCP local dest) | | +; | +------------------------------+ +; | | +; _V_____V_ +; | | +; | Routing | TXQ<0..3>.0 +; RXQ<0..3>.0 ---------------------->| & ARP +-----------------------------> +; (IP remote dest) | (P1) | +; |_________| +; | ^ | +; SWQ4 +-------------+ | | SWQ5 (ARP miss) +; (Route miss) | | +------------+ +; | +-------------+ | +; ___V__|__ SWQ6 ____V____ +; | | (ICMP TX) | | TXQ<0..3>.1 +; RXQ<0..3>.3 ------>| ICMP | +------>| Dyn ARP +-------------> +; (IP local dest) | | | | | +; |_________| | |_________| +; RXQ<0..3>.4 -------------------------------+ +; (ARP) +; +; This configuration file implements the diagram presented below, where the +; dynamic ARP, ICMP, UDP and TCP components have been stubbed out and replaced +; with loop-back and packet drop devices. +; +; _________ _________ +; | | SWQ0 (UDP TX) | | SWQ1 (TCP TX) +; |Loobpack |-------+ |Loopback |------------+ +; | (P4) | | | (P5) | | +; |_________| | |_________| | +; ^ | ^ | +; | SWQ2 | | SWQ3 | +; | (UDP RX) | | (TCP RX) | +; ____|____ | ____|____ | +; | | | | | | +; RXQ<0..3>.1 ------>|Firewall +--->| | +------>| Flow +--->| | +; (UDP local dest) | (P2) | SINK0 | | | (P3) | SINK1 | +; |_________| (Deny)| | |_________| (RST) | +; RXQ<0..3>.2 -------------------------|-----+ | +; (TCP local dest) | | +; | +------------------------------+ +; | | +; _V_____V_ +; | | +; | Routing | TXQ<0..3>.0 +; RXQ<0..3>.0 ---------------------->| & ARP +-----------------------------> +; (IP remote dest) | (P1) | +; |_________| +; | | +; SINK2 |<---+ +--->| SINK3 +; (Route miss) (ARP miss) +; +; _________ _________ +; | | | | +; RXQ<0..3>.3 ------>| Drop +--->| SINK<4..7> +------>| Drop +--->| SINK<8..11> +; (IP local dest) | (P6) | (IP local dest) | | (P7) | (ARP) +; |_________| | |_________| +; RXQ<0..3>.4 ------------------------------------+ +; (ARP) +; +; +; Input packet: Ethernet/IPv4 or Ethernet/ARP +; Output packet: Ethernet/IPv4 or Ethernet/ARP +; +; Packet buffer layout (for input IPv4 packets): +; # Field Name Offset (Bytes) Size (Bytes) +; 0 Mbuf 0 128 +; 1 Headroom 128 128 +; 2 Ethernet header 256 14 +; 3 IPv4 header 270 20 +; 4 ICMP/UDP/TCP header 290 8/8/20 + +[EAL] +log_level = 0 + +[LINK0] +udp_local_q = 1 +tcp_local_q = 2 +ip_local_q = 3 +arp_q = 4 + +[LINK1] +udp_local_q = 1 +tcp_local_q = 2 +ip_local_q = 3 +arp_q = 4 + +[LINK2] +udp_local_q = 1 +tcp_local_q = 2 +ip_local_q = 3 +arp_q = 4 + +[LINK3] +udp_local_q = 1 +tcp_local_q = 2 +ip_local_q = 3 +arp_q = 4 + +[PIPELINE0] +type = MASTER +core = 0 + +[PIPELINE1] +type = ROUTING +core = 1 +pktq_in = RXQ0.0 RXQ1.0 RXQ2.0 RXQ3.0 SWQ0 SWQ1 +pktq_out = TXQ0.0 TXQ1.0 TXQ2.0 TXQ3.0 SINK2 SINK3 +port_local_dest = 4 ; SINK2 (Drop) +n_arp_entries = 1000 +ip_hdr_offset = 270 +arp_key_offset = 128 + +[PIPELINE2] +type = FIREWALL +core = 1 +pktq_in = RXQ0.1 RXQ1.1 RXQ2.1 RXQ3.1 +pktq_out = SWQ2 SINK0 +n_rules = 4096 + +[PIPELINE3] +type = FLOW_CLASSIFICATION +core = 1 +pktq_in = RXQ0.2 RXQ1.2 RXQ2.2 RXQ3.2 +pktq_out = SWQ3 SINK1 +n_flows = 65536 +key_size = 16 ; IPv4 5-tuple key size +key_offset = 278 ; IPv4 5-tuple key offset +key_mask = 00FF0000FFFFFFFFFFFFFFFFFFFFFFFF ; IPv4 5-tuple key mask +flowid_offset = 128 ; Flow ID effectively acts as TCP socket ID + +[PIPELINE4] +type = PASS-THROUGH ; Loop-back (UDP place-holder) +core = 1 +pktq_in = SWQ2 +pktq_out = SWQ0 + +[PIPELINE5] +type = PASS-THROUGH ; Loop-back (TCP place-holder) +core = 1 +pktq_in = SWQ3 +pktq_out = SWQ1 + +[PIPELINE6] +type = PASS-THROUGH ; Drop (ICMP place-holder) +core = 1 +pktq_in = RXQ0.3 RXQ1.3 RXQ2.3 RXQ3.3 +pktq_out = SINK4 SINK5 SINK6 SINK7 + +[PIPELINE7] +type = PASS-THROUGH ; Drop (Dynamic ARP place-holder) +core = 1 +pktq_in = RXQ0.4 RXQ1.4 RXQ2.4 RXQ3.4 +pktq_out = SINK8 SINK9 SINK10 SINK11 diff --git a/examples/ip_pipeline/config/network_layers.sh b/examples/ip_pipeline/config/network_layers.sh new file mode 100644 index 0000000000..3b86bebd86 --- /dev/null +++ b/examples/ip_pipeline/config/network_layers.sh @@ -0,0 +1,79 @@ +# +# run ./config/network_layers.sh +# + +################################################################################ +# Link configuration +################################################################################ +# Routes added implicitly when links are brought UP: +# IP Prefix = 10.0.0.1/16 => (Port 0, Local) +# IP Prefix = 10.0.0.1/32 => (Port 4, Local) +# IP Prefix = 10.1.0.1/16 => (Port 1, Local) +# IP Prefix = 10.1.0.1/32 => (Port 4, Local) +# IP Prefix = 10.2.0.1/16 => (Port 2, Local) +# IP Prefix = 10.2.0.1/32 => (Port 4, Local) +# IP Prefix = 10.3.0.1/16 => (Port 3, Local) +# IP Prefix = 10.3.0.1/32 => (Port 4, Local) +link 0 down +link 1 down +link 2 down +link 3 down +link 0 config 10.0.0.1 16 +link 1 config 10.1.0.1 16 +link 2 config 10.2.0.1 16 +link 3 config 10.3.0.1 16 +link 0 up +link 1 up +link 2 up +link 3 up +#link ls + +################################################################################ +# Static ARP +################################################################################ +p 1 arp add default 5 #SINK3 +p 1 arp add 0 10.0.0.2 a0:b0:c0:d0:e0:f0 +p 1 arp add 1 10.1.0.2 a1:b1:c1:d1:e1:f1 +p 1 arp add 2 10.2.0.2 a2:b2:c2:d2:e2:f2 +p 1 arp add 3 10.3.0.2 a3:b3:c3:d3:e3:f3 +#p 1 arp ls + +################################################################################ +# Routes +################################################################################ +p 1 route add default 4 #SINK2 +p 1 route add 100.0.0.0 16 port 0 ether 10.0.0.2 +p 1 route add 100.1.0.0 16 port 1 ether 10.1.0.2 +p 1 route add 100.2.0.0 16 port 2 ether 10.2.0.2 +p 1 route add 100.3.0.0 16 port 3 ether 10.3.0.2 +#p 1 route ls + +################################################################################ +# Local destination UDP traffic +################################################################################ +# Prio = Lowest: [SA = ANY, DA = ANY, SP = ANY, DP = ANY, PROTO = ANY] => Drop +# Prio = 1 (High): [SA = ANY, DA = 10.0.0.1, SP = ANY, DP = 1000, PROTO = UDP] => Allow +# Prio = 1 (High): [SA = ANY, DA = 10.1.0.1, SP = ANY, DP = 1001, PROTO = UDP] => Allow +# Prio = 1 (High): [SA = ANY, DA = 10.2.0.1, SP = ANY, DP = 1002, PROTO = UDP] => Allow +# Prio = 1 (High): [SA = ANY, DA = 10.3.0.1, SP = ANY, DP = 1003, PROTO = UDP] => Allow +p 1 firewall add default 1 #SINK0 +p 2 firewall add priority 1 ipv4 0.0.0.0 0 10.0.0.1 32 0 65535 1000 1000 17 0xF port 0 +p 2 firewall add priority 1 ipv4 0.0.0.0 0 10.1.0.1 32 0 65535 1001 1001 17 0xF port 0 +p 2 firewall add priority 1 ipv4 0.0.0.0 0 10.2.0.1 32 0 65535 1002 1002 17 0xF port 0 +p 2 firewall add priority 1 ipv4 0.0.0.0 0 10.3.0.1 32 0 65535 1003 1003 17 0xF port 0 +#p 2 firewall ls + +################################################################################ +# Local destination TCP traffic +################################################################################ +# Unknown connection => Drop +# TCP [SA = 100.0.0.10, DA = 10.0.0.1, SP = 1000, DP = 80] => socket ID = 0 +# TCP [SA = 100.1.0.10, DA = 10.1.0.1, SP = 1001, DP = 80] => socket ID = 1 +# TCP [SA = 100.2.0.10, DA = 10.2.0.1, SP = 1002, DP = 80] => socket ID = 2 +# TCP [SA = 100.3.0.10, DA = 10.3.0.1, SP = 1003, DP = 80] => socket ID = 3 +p 3 flow add default 1 #SINK1 +p 3 flow add ipv4 100.0.0.10 10.0.0.1 1000 80 6 port 1 id 0 +p 3 flow add ipv4 100.1.0.10 10.1.0.1 1001 80 6 port 1 id 1 +p 3 flow add ipv4 100.2.0.10 10.2.0.1 1002 80 6 port 1 id 2 +p 3 flow add ipv4 100.3.0.10 10.3.0.1 1003 80 6 port 1 id 3 +#p 3 flow ls