examples/ip_pipeline/config/network_layers.cfg

   1 ;   BSD LICENSE
   2 ;
   3 ;   Copyright(c) 2016 Intel Corporation. All rights reserved.
   4 ;   All rights reserved.
   5 ;
   6 ;   Redistribution and use in source and binary forms, with or without
   7 ;   modification, are permitted provided that the following conditions
   8 ;   are met:
   9 ;
  10 ;     * Redistributions of source code must retain the above copyright
  11 ;       notice, this list of conditions and the following disclaimer.
  12 ;     * Redistributions in binary form must reproduce the above copyright
  13 ;       notice, this list of conditions and the following disclaimer in
  14 ;       the documentation and/or other materials provided with the
  15 ;       distribution.
  16 ;     * Neither the name of Intel Corporation nor the names of its
  17 ;       contributors may be used to endorse or promote products derived
  18 ;       from this software without specific prior written permission.
  19 ;
  20 ;   THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
  21 ;   "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
  22 ;   LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
  23 ;   A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
  24 ;   OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
  25 ;   SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
  26 ;   LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
  27 ;   DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
  28 ;   THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
  29 ;   (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
  30 ;   OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
  31
  32 ; The diagram below shows how additional protocol components can be plugged into
  33 ; the IP layer implemented by the ip_pipeline application. Pick your favorite
  34 ; open source components for dynamic ARP, ICMP, UDP or TCP termination, etc and
  35 ; connect them through SWQs to the IP infrastructure.
  36 ;
  37 ; The input packets with local destination are sent to the UDP/TCP applications
  38 ; while the input packets with remote destination are routed back to the
  39 ; network. Additional features can easily be added to this setup:
  40 ;  * IP Reassembly: add SWQs with IP reassembly enabled (typically required for
  41 ;    the input traffic with local destination);
  42 ;  * IP Fragmentation: add SWQs with IP fragmentation enabled (typically
  43 ;    required to enforce the MTU for the routed output traffic);
  44 ;  * Traffic Metering: add Flow Action pipeline instances (e.g. for metering the
  45 ;    TCP connections or ICMP input traffic);
  46 ;  * Traffic Management: add TMs for the required output LINKs;
  47 ;  * Protocol encapsulations (QinQ, MPLS) for the output packets: part of the
  48 ;    routing pipeline configuration.
  49 ;
  50 ;                     _________                       _________
  51 ;                    |         |                     |         |
  52 ;                    |   UDP   |                     |   TCP   |
  53 ;                    |   App   |                     |   App   |
  54 ;                    |_________|                     |_________|
  55 ;                       ^   |                           ^   |
  56 ;                     __|___V__                       __|___V__
  57 ;                    |         |  SWQ0 (UDP TX)      |         |  SWQ1 (TCP TX)
  58 ;                    |   UDP   |-------+             |   TCP   |------------+
  59 ;                    |         |       |             |         |            |
  60 ;                    |_________|       |             |_________|            |
  61 ;                         ^            |                  ^                 |
  62 ;                         | SWQ2       |                  | SWQ3            |
  63 ;                         | (UDP RX)   |                  | (TCP RX)        |
  64 ;                     ____|____        |              ____|____             |
  65 ;                    |         |       |             |         |            |
  66 ; RXQ<0..3>.1 ------>|Firewall +--->|  |     +------>|  Flow   +--->|       |
  67 ; (UDP local dest)   |  (P2)   | SINK0 |     |       |  (P3)   |  SINK1     |
  68 ;                    |_________| (Deny)|     |       |_________|  (RST)     |
  69 ; RXQ<0..3>.2 -------------------------|-----+                              |
  70 ; (TCP local dest)                     |                                    |
  71 ;                                      |     +------------------------------+
  72 ;                                      |     |
  73 ;                                     _V_____V_
  74 ;                                    |         |
  75 ;                                    | Routing |                   TXQ<0..3>.0
  76 ; RXQ<0..3>.0 ---------------------->|  & ARP  +----------------------------->
  77 ; (IP remote dest)                   |  (P1)   |
  78 ;                                    |_________|
  79 ;                                      |  ^  |
  80 ;                   SWQ4 +-------------+  |  |  SWQ5 (ARP miss)
  81 ;           (Route miss) |                |  +------------+
  82 ;                        |  +-------------+               |
  83 ;                     ___V__|__   SWQ6                ____V____
  84 ;                    |         |  (ICMP TX)          |         |   TXQ<0..3>.1
  85 ; RXQ<0..3>.3 ------>|  ICMP   |             +------>| Dyn ARP +------------->
  86 ; (IP local dest)    |         |             |       |         |
  87 ;                    |_________|             |       |_________|
  88 ; RXQ<0..3>.4 -------------------------------+
  89 ; (ARP)
  90 ;
  91 ; This configuration file implements the diagram presented below, where the
  92 ; dynamic ARP, ICMP, UDP and TCP components have been stubbed out and replaced
  93 ; with loop-back and packet drop devices.
  94 ;
  95 ;                     _________                       _________
  96 ;                    |         |  SWQ0 (UDP TX)      |         |  SWQ1 (TCP TX)
  97 ;                    |Loobpack |-------+             |Loopback |------------+
  98 ;                    |  (P4)   |       |             |  (P5)   |            |
  99 ;                    |_________|       |             |_________|            |
 100 ;                         ^            |                  ^                 |
 101 ;                         | SWQ2       |                  | SWQ3            |
 102 ;                         | (UDP RX)   |                  | (TCP RX)        |
 103 ;                     ____|____        |              ____|____             |
 104 ;                    |         |       |             |         |            |
 105 ; RXQ<0..3>.1 ------>|Firewall +--->|  |     +------>|  Flow   +--->|       |
 106 ; (UDP local dest)   |  (P2)   | SINK0 |     |       |  (P3)   |  SINK1     |
 107 ;                    |_________| (Deny)|     |       |_________|  (RST)     |
 108 ; RXQ<0..3>.2 -------------------------|-----+                              |
 109 ; (TCP local dest)                     |                                    |
 110 ;                                      |     +------------------------------+
 111 ;                                      |     |
 112 ;                                     _V_____V_
 113 ;                                    |         |
 114 ;                                    | Routing |                   TXQ<0..3>.0
 115 ; RXQ<0..3>.0 ---------------------->|  & ARP  +----------------------------->
 116 ; (IP remote dest)                   |  (P1)   |
 117 ;                                    |_________|
 118 ;                                      |     |
 119 ;                           SINK2 |<---+     +--->| SINK3
 120 ;                           (Route miss)            (ARP miss)
 121 ;
 122 ;                     _________                            _________
 123 ;                    |         |                          |         |
 124 ; RXQ<0..3>.3 ------>|  Drop   +--->| SINK<4..7>  +------>|  Drop   +--->| SINK<8..11>
 125 ; (IP local dest)    |  (P6)   | (IP local dest)  |       |  (P7)   |     (ARP)
 126 ;                    |_________|                  |       |_________|
 127 ; RXQ<0..3>.4 ------------------------------------+
 128 ; (ARP)
 129 ;
 130 ;
 131 ; Input packet: Ethernet/IPv4 or Ethernet/ARP
 132 ; Output packet: Ethernet/IPv4 or Ethernet/ARP
 133 ;
 134 ; Packet buffer layout (for input IPv4 packets):
 135 ; #     Field Name                      Offset (Bytes)  Size (Bytes)
 136 ; 0     Mbuf                            0                               128
 137 ; 1     Headroom                        128                             128
 138 ; 2     Ethernet header         256                             14
 139 ; 3     IPv4 header                     270                             20
 140 ; 4     ICMP/UDP/TCP header     290                             8/8/20
 141
 142 [EAL]
 143 log_level = 0
 144
 145 [LINK0]
 146 udp_local_q = 1
 147 tcp_local_q = 2
 148 ip_local_q = 3
 149 arp_q = 4
 150
 151 [LINK1]
 152 udp_local_q = 1
 153 tcp_local_q = 2
 154 ip_local_q = 3
 155 arp_q = 4
 156
 157 [LINK2]
 158 udp_local_q = 1
 159 tcp_local_q = 2
 160 ip_local_q = 3
 161 arp_q = 4
 162
 163 [LINK3]
 164 udp_local_q = 1
 165 tcp_local_q = 2
 166 ip_local_q = 3
 167 arp_q = 4
 168
 169 [PIPELINE0]
 170 type = MASTER
 171 core = 0
 172
 173 [PIPELINE1]
 174 type = ROUTING
 175 core = 1
 176 pktq_in = RXQ0.0 RXQ1.0 RXQ2.0 RXQ3.0 SWQ0 SWQ1
 177 pktq_out = TXQ0.0 TXQ1.0 TXQ2.0 TXQ3.0 SINK2 SINK3
 178 port_local_dest = 4 ; SINK2 (Drop)
 179 n_arp_entries = 1000
 180 ip_hdr_offset = 270
 181 arp_key_offset = 128
 182
 183 [PIPELINE2]
 184 type = FIREWALL
 185 core = 1
 186 pktq_in = RXQ0.1 RXQ1.1 RXQ2.1 RXQ3.1
 187 pktq_out = SWQ2 SINK0
 188 n_rules = 4096
 189
 190 [PIPELINE3]
 191 type = FLOW_CLASSIFICATION
 192 core = 1
 193 pktq_in = RXQ0.2 RXQ1.2 RXQ2.2 RXQ3.2
 194 pktq_out = SWQ3 SINK1
 195 n_flows = 65536
 196 key_size = 16                               ; IPv4 5-tuple key size
 197 key_offset = 278                            ; IPv4 5-tuple key offset
 198 key_mask = 00FF0000FFFFFFFFFFFFFFFFFFFFFFFF ; IPv4 5-tuple key mask
 199 flowid_offset = 128 ; Flow ID effectively acts as TCP socket ID
 200
 201 [PIPELINE4]
 202 type = PASS-THROUGH ; Loop-back (UDP place-holder)
 203 core = 1
 204 pktq_in = SWQ2
 205 pktq_out = SWQ0
 206 swap = 282 286 ; IPSRC <-> IPDST
 207 swap = 290 292 ; PORTSRC <-> PORTDST
 208
 209 [PIPELINE5]
 210 type = PASS-THROUGH ; Loop-back (TCP place-holder)
 211 core = 1
 212 pktq_in = SWQ3
 213 pktq_out = SWQ1
 214 swap = 282 286 ; IPSRC <-> IPDST
 215 swap = 290 292 ; PORTSRC <-> PORTDST
 216
 217 [PIPELINE6]
 218 type = PASS-THROUGH ; Drop (ICMP place-holder)
 219 core = 1
 220 pktq_in = RXQ0.3 RXQ1.3 RXQ2.3 RXQ3.3
 221 pktq_out = SINK4 SINK5 SINK6 SINK7
 222
 223 [PIPELINE7]
 224 type = PASS-THROUGH ; Drop (Dynamic ARP place-holder)
 225 core = 1
 226 pktq_in = RXQ0.4 RXQ1.4 RXQ2.4 RXQ3.4
 227 pktq_out = SINK8 SINK9 SINK10 SINK11