-.. BSD LICENSE
- Copyright(c) 2010-2014 Intel Corporation. All rights reserved.
- All rights reserved.
-
- Redistribution and use in source and binary forms, with or without
- modification, are permitted provided that the following conditions
- are met:
-
- * Redistributions of source code must retain the above copyright
- notice, this list of conditions and the following disclaimer.
- * Redistributions in binary form must reproduce the above copyright
- notice, this list of conditions and the following disclaimer in
- the documentation and/or other materials provided with the
- distribution.
- * Neither the name of Intel Corporation nor the names of its
- contributors may be used to endorse or promote products derived
- from this software without specific prior written permission.
-
- THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
- "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
- LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
- A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
- OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
- LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
- DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
- THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
- (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
- OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+.. SPDX-License-Identifier: BSD-3-Clause
+ Copyright(c) 2010-2014 Intel Corporation.
L3 Forwarding with Access Control Sample Application
====================================================
the application extracts the necessary information from the TCP/IP header of the received packet and
performs a lookup in the rule database to figure out whether the packets should be dropped (in the ACL range)
or forwarded to desired ports.
-The initialization and run-time paths are similar to those of the L3 forwarding application
-(see Chapter 10, "L3 Forwarding Sample Application" for more information).
+The initialization and run-time paths are similar to those of the :doc:`l3_forward`.
However, there are significant differences in the two applications.
For example, the original L3 forwarding application uses either LPM or
an exact match algorithm to perform forwarding port lookup,
Packet 3 matches Rule 3 and is forwarded to port 0.
For more details on the rule file format,
-please refer to rule_ipv4.db and rule_ipv6.db files (inside <RTE_SDK>/examples/l3fwd-acl/).
+please refer to rule_ipv4.db and rule_ipv6.db files (inside dpdk/examples/l3fwd-acl/).
Application Phases
~~~~~~~~~~~~~~~~~~
Compiling the Application
-------------------------
-To compile the application:
+To compile the sample application see :doc:`compiling`.
-#. Go to the sample application directory:
-
- .. code-block:: console
-
- export RTE_SDK=/path/to/rte_sdk
- cd ${RTE_SDK}/examples/l3fwd-acl
-
-#. Set the target (a default target is used if not specified). For example:
-
- .. code-block:: console
-
- export RTE_TARGET=x86_64-native-linuxapp-gcc
-
- See the *DPDK IPL Getting Started Guide* for possible RTE_TARGET values.
-
-#. Build the application:
-
- .. code-block:: console
-
- make
+The application is located in the ``l3fwd-acl`` sub-directory.
Running the Application
-----------------------
.. code-block:: console
- ./build/l3fwd-acl [EAL options] -- -p PORTMASK [-P] --config(port,queue,lcore)[,(port,queue,lcore)] --rule_ipv4 FILENAME rule_ipv6 FILENAME [--scalar] [--enable-jumbo [--max-pkt-len PKTLEN]] [--no-numa]
+ ./<build_dir>/examples/dpdk-l3fwd-acl [EAL options] -- -p PORTMASK [-P] --config(port,queue,lcore)[,(port,queue,lcore)] --rule_ipv4 FILENAME rule_ipv6 FILENAME [--alg=<val>] [--enable-jumbo [--max-pkt-len PKTLEN]] [--no-numa] [--eth-dest=X,MM:MM:MM:MM:MM:MM]
where,
* --rule_ipv6 FILENAME: Specifies the IPv6 ACL and route rules file
-* --scalar: Use a scalar function to perform rule lookup
+* --alg=<val>: optional, ACL classify method to use, one of:
+ ``scalar|sse|avx2|neon|altivec|avx512x16|avx512x32``
* --enable-jumbo: optional, enables jumbo frames
* --no-numa: optional, disables numa awareness
-As an example, consider a dual processor socket platform where cores 0, 2, 4, 6, 8 and 10 appear on socket 0,
-while cores 1, 3, 5, 7, 9 and 11 appear on socket 1.
-Let's say that the user wants to use memory from both NUMA nodes,
-the platform has only two ports and the user wants to use two cores from each processor socket to do the packet processing.
+* --eth-dest=X,MM:MM:MM:MM:MM:MM: optional, ethernet destination for port X
+
+For example, consider a dual processor socket platform with 8 physical cores, where cores 0-7 and 16-23 appear on socket 0,
+while cores 8-15 and 24-31 appear on socket 1.
-To enable L3 forwarding between two ports, using two cores from each processor,
-while also taking advantage of local memory access by optimizing around NUMA,
-the user must enable two queues from each port,
-pin to the appropriate cores and allocate memory from the appropriate NUMA node.
-This is achieved using the following command:
+To enable L3 forwarding between two ports, assuming that both ports are in the same socket, using two cores, cores 1 and 2,
+(which are in the same socket too), use the following command:
.. code-block:: console
- ./build/l3fwd-acl -c f -n 4 -- -p 0x3 --config="(0,0,0),(0,1,2),(1,0,1),(1,1,3)" --rule_ipv4="./rule_ipv4.db" -- rule_ipv6="./rule_ipv6.db" --scalar
+ ./<build_dir>/examples/dpdk-l3fwd-acl -l 1,2 -n 4 -- -p 0x3 --config="(0,0,1),(1,0,2)" --rule_ipv4="./rule_ipv4.db" -- rule_ipv6="./rule_ipv6.db" --alg=scalar
In this command:
-* The -c option enables cores 0, 1, 2, 3
+* The -l option enables cores 1, 2
* The -p option enables ports 0 and 1
-* The --config option enables two queues on each port and maps each (port,queue) pair to a specific core.
- Logic to enable multiple RX queues using RSS and to allocate memory from the correct NUMA nodes is included in the application
- and is done transparently.
+* The --config option enables one queue on each port and maps each (port,queue) pair to a specific core.
The following table shows the mapping in this example:
- +----------+------------+-----------+------------------------------------------------+
- | **Port** | **Queue** | **lcore** | **Description** |
- | | | | |
- +==========+============+===========+================================================+
- | 0 | 0 | 0 | Map queue 0 from port 0 to lcore 0. |
- | | | | |
- +----------+------------+-----------+------------------------------------------------+
- | 0 | 1 | 2 | Map queue 1 from port 0 to lcore 2. |
- | | | | |
- +----------+------------+-----------+------------------------------------------------+
- | 1 | 0 | 1 | Map queue 0 from port 1 to lcore 1. |
- | | | | |
- +----------+------------+-----------+------------------------------------------------+
- | 1 | 1 | 3 | Map queue 1 from port 1 to lcore 3. |
- | | | | |
- +----------+------------+-----------+------------------------------------------------+
+ +----------+------------+-----------+-------------------------------------+
+ | **Port** | **Queue** | **lcore** | **Description** |
+ | | | | |
+ +==========+============+===========+=====================================+
+ | 0 | 0 | 1 | Map queue 0 from port 0 to lcore 1. |
+ | | | | |
+ +----------+------------+-----------+-------------------------------------+
+ | 1 | 0 | 2 | Map queue 0 from port 1 to lcore 2. |
+ | | | | |
+ +----------+------------+-----------+-------------------------------------+
* The --rule_ipv4 option specifies the reading of IPv4 rules sets from the ./ rule_ipv4.db file.
* The --rule_ipv6 option specifies the reading of IPv6 rules sets from the ./ rule_ipv6.db file.
-* The --scalar option specifies the performing of rule lookup with a scalar function.
+* The --alg=scalar option specifies the performing of rule lookup with a scalar function.
Explanation
-----------
The following sections provide some explanation of the sample application code.
-The aspects of port, device and CPU configuration are similar to those of the L3 forwarding application
-(see Chapter 10, "L3 Forwarding Sample Application" for more information).
+The aspects of port, device and CPU configuration are similar to those of the :doc:`l3_forward`.
The following sections describe aspects that are specific to L3 forwarding with access control.
Parse Rules from File