vpp-dev@lists.fd.io | VPP not dropping packets with incorrect vlan tags on untagged interface

Home Messages Hashtags Subgroups

Date Date 1 - 2 of 2

VPP not dropping packets with incorrect vlan tags on untagged interface

Krishna, Parameswaran #22707 Hi Experts, I’m using VPP v22.02.0-26. I have a physical interface TwentyFiveGigabitEthernet3/0/0/4096 in bridge-domain 10(untagged) and I have configured “l2 efp-filter” on all the interfaces. I expected that at the ingress of interface TwentyFiveGigabitEthernet3/0/0/4096, only untagged packets or packets with Vlan tag 10 will be accepted and packets with any other VLAN tags other than 10 will be dropped. But, I observed that a packet with VLAN tag 11 also was accepted and it got flooded on bridge-domain 10. I tried creating a sub-interface with untagged option to see if it would help in achieving the expected behavior, but I’m seeing the below error. DBGvpp# create sub-interfaces TwentyFiveGigabitEthernet3/0/0/4096 10 untagged create sub-interfaces: vlan is already in use Is there a way to achieve the behavior I’m expecting ? Please let me know if there is a way. Thanks in advance. Best regards, Parameswaran Krishnamurthy Trace and show outputs ======================= DBGvpp# show bridge-domain BD-ID Index BSN Age(min) Learning U-Forwrd UU-Flood Flooding ARP-Term arp-ufwd Learn-co Learn-li BVI-Intf 10 1 0 off on on flood on off off 6 16777216 N/A 11 2 0 off on on flood on off off 0 16777216 N/A DBGvpp# show bridge-domain 10 detail BD-ID Index BSN Age(min) Learning U-Forwrd UU-Flood Flooding ARP-Term arp-ufwd Learn-co Learn-li BVI-Intf 10 1 0 off on on flood on off off 6 16777216 N/A SPAN (span-l2-input) INPUT_CLASSIFY (l2-input-classify) INPUT_FEAT_ARC (l2-input-feat-arc) POLICER_CLAS (l2-policer-classify) ACL (l2-input-acl) VPATH (vpath-input-l2) L2_IP_QOS_RECORD (l2-ip-qos-record) VTR (l2-input-vtr) LEARN (l2-learn) RW (l2-rw) FWD (l2-fwd) UU_FLOOD (l2-flood) FLOOD (l2-flood) XCONNECT (l2-output) Interface If-idx ISN SHG BVI TxFlood VLAN-Tag-Rewrite TwentyFiveGigabitEthernet3/0/0 1 1 0 - * none TwentyFiveGigabitEthernet3/0/0 2 1 0 - * none TwentyFiveGigabitEthernet3/0/0 3 1 0 - * none DBGvpp# DBGvpp# show interface TwentyFiveGigabitEthernet3/0/0/4096 Name Idx State MTU (L3/IP4/IP6/MPLS) Counter Count TwentyFiveGigabitEthernet3/0/0/4 3 up 8996/0/0/0 rx packets 2176 rx bytes 458059 tx packets 28514 tx bytes 5434852 drops 7 DBGvpp# show hardware-interfaces TwentyFiveGigabitEthernet3/0/0/4096 Name Idx Link Hardware TwentyFiveGigabitEthernet3/0/0/4 3 up TwentyFiveGigabitEthernet3/0/0/4096 Link speed: 10 Gbps RX Queues: queue thread mode 0 main (0) polling Ethernet address 4e:82:65:16:80:c6 Mellanox ConnectX-4 Family carrier up full duplex max-frame-size 9018 promisc flags: admin-up promisc maybe-multiseg tx-offload intel-phdr-cksum rx-ip4-cksum rx: queues 1 (max 1024), desc 1024 (min 0 max 65535 align 1) tx: queues 1 (max 1024), desc 1024 (min 0 max 65535 align 1) pci: device 15b3:a2d6 subsystem 15b3:0051 address 0000:03:00.00 numa 0 switch info: name 0000:03:00.0 domain id 0 port id 4096 max rx packet len: 65536 promiscuous: unicast on all-multicast on vlan offload: strip off filter off qinq off rx offload avail: vlan-strip ipv4-cksum udp-cksum tcp-cksum tcp-lro vlan-filter jumbo-frame scatter timestamp rss-hash buffer-split rx offload active: ipv4-cksum jumbo-frame scatter tx offload avail: vlan-insert ipv4-cksum udp-cksum tcp-cksum tcp-tso outer-ipv4-cksum vxlan-tnl-tso gre-tnl-tso geneve-tnl-tso multi-segs mbuf-fast-free udp-tnl-tso ip-tnl-tso tx offload active: ipv4-cksum udp-cksum tcp-cksum multi-segs rss avail: ipv4-frag ipv4-tcp ipv4-udp ipv4-other ipv4 ipv6-tcp-ex ipv6-udp-ex ipv6-frag ipv6-tcp ipv6-udp ipv6-other ipv6-ex ipv6 l4-dst-only l4-src-only l3-dst-only l3-src-only rss active: none tx burst mode: Enhanced MPW + MULTI + TSO + SWP + CSUM + METADATA tx burst function: mlx5_rx_burst rx burst mode: Scalar rx burst function: mlx5_tx_burst_mtsc_empw tx frames ok 28531 tx bytes ok 5437378 rx frames ok 2056 rx bytes ok 451819 extended stats: rx_good_packets 2056 tx_good_packets 28531 rx_good_bytes 451819 tx_good_bytes 5437378 rx_q0_packets 2056 rx_q0_bytes 451819 tx_q0_packets 28531 tx_q0_bytes 5437378 rx_vport_packets 2056 rx_vport_bytes 452835 tx_vport_packets 28531 tx_vport_bytes 5551524 DBGvpp# Packet 6 00:24:03:845812: dpdk-input TwentyFiveGigabitEthernet3/0/0/4096 rx queue 0 buffer 0x54113: current data 0, length 52, buffer-pool 0, ref-count 1, trace handle 0x5 ext-hdr-valid PKT MBUF: port 2, nb_segs 1, pkt_len 52 buf_len 2176, data_len 52, ol_flags 0x80, data_off 128, phys_addr 0x8e008a00 packet_type 0x691 l2_len 0 l3_len 0 outer_l2_len 0 outer_l3_len 0 rss 0x0 fdir.hi 0x0 fdir.lo 0x0 Packet Offload Flags PKT_RX_IP_CKSUM_GOOD (0x0080) IP cksum of RX pkt. is valid PKT_RX_IP_CKSUM_NONE (0x0080) no IP cksum of RX pkt. Packet Types RTE_PTYPE_L2_ETHER (0x0001) Ethernet packet RTE_PTYPE_L3_IPV4_EXT_UNKNOWN (0x0090) IPv4 packet with or without extension headers RTE_PTYPE_L4_NONFRAG (0x0600) Non-fragmented IP packet IP4: ce:25:02:c2:a0:f2 -> 0e:ac:8a:83:b6:bb 802.1q vlan 11 IP6_HOP_BY_HOP_OPTIONS: 55.1.1.1 -> 55.1.1.2 tos 0x00, ttl 64, length 20, checksum 0x0ae5 dscp CS0 ecn NON_ECN fragment id 0x0001 00:24:03:845870: ethernet-input frame: flags 0x3, hw-if-index 3, sw-if-index 3 IP4: ce:25:02:c2:a0:f2 -> 0e:ac:8a:83:b6:bb 802.1q vlan 11 00:24:03:845915: l2-input l2-input: sw_if_index 3 dst 0e:ac:8a:83:b6:bb src ce:25:02:c2:a0:f2 [l2-learn l2-fwd l2-flood l2-flood ] 00:24:03:845927: l2-learn l2-learn: sw_if_index 3 dst 0e:ac:8a:83:b6:bb src ce:25:02:c2:a0:f2 bd_index 1 00:24:03:845940: l2-fwd l2-fwd: sw_if_index 3 dst 0e:ac:8a:83:b6:bb src ce:25:02:c2:a0:f2 bd_index 1 result [0xffffffffffffffff, -1] static age-not bvi filter learn-event learn-move 00:24:03:845952: l2-flood l2-flood: sw_if_index 3 dst 0e:ac:8a:83:b6:bb src ce:25:02:c2:a0:f2 bd_index 1 l2-flood: sw_if_index 3 dst 0e:ac:8a:83:b6:bb src ce:25:02:c2:a0:f2 bd_index 1 00:24:03:845983: l2-output l2-output: sw_if_index 2 dst 0e:ac:8a:83:b6:bb src ce:25:02:c2:a0:f2 data 81 00 00 0b 08 00 45 00 00 14 00 01 l2-output: sw_if_index 1 dst 0e:ac:8a:83:b6:bb src ce:25:02:c2:a0:f2 data 81 00 00 0b 08 00 45 00 00 14 00 01 00:24:03:845997: l2-efp-filter l2-output-vtr: sw_if_index 2 dst 0e:ac:8a:83:b6:bb src ce:25:02:c2:a0:f2 data 81 00 00 0b 08 00 45 00 00 14 00 01 l2-output-vtr: sw_if_index 1 dst 0e:ac:8a:83:b6:bb src ce:25:02:c2:a0:f2 data 81 00 00 0b 08 00 45 00 00 14 00 01 00:24:03:846026: TwentyFiveGigabitEthernet3/0/0/4095-output TwentyFiveGigabitEthernet3/0/0/4095 IP4: ce:25:02:c2:a0:f2 -> 0e:ac:8a:83:b6:bb 802.1q vlan 11 IP6_HOP_BY_HOP_OPTIONS: 55.1.1.1 -> 55.1.1.2 tos 0x00, ttl 64, length 20, checksum 0x0ae5 dscp CS0 ecn NON_ECN fragment id 0x0001 00:24:03:846038: TwentyFiveGigabitEthernet3/0/0-output TwentyFiveGigabitEthernet3/0/0 IP4: ce:25:02:c2:a0:f2 -> 0e:ac:8a:83:b6:bb 802.1q vlan 11 IP6_HOP_BY_HOP_OPTIONS: 55.1.1.1 -> 55.1.1.2 tos 0x00, ttl 64, length 20, checksum 0x0ae5 dscp CS0 ecn NON_ECN fragment id 0x0001 00:24:03:846043: TwentyFiveGigabitEthernet3/0/0/4095-tx TwentyFiveGigabitEthernet3/0/0/4095 tx queue 0 buffer 0x54113: current data 0, length 52, buffer-pool 0, ref-count 1, trace handle 0x5 ext-hdr-valid vlan-1-deep l2-hdr-offset 0 l3-hdr-offset 18 PKT MBUF: port 2, nb_segs 1, pkt_len 52 buf_len 2176, data_len 52, ol_flags 0x80, data_off 128, phys_addr 0x8e008a00 packet_type 0x691 l2_len 0 l3_len 0 outer_l2_len 0 outer_l3_len 0 rss 0x0 fdir.hi 0x0 fdir.lo 0x0 Packet Offload Flags PKT_RX_IP_CKSUM_GOOD (0x0080) IP cksum of RX pkt. is valid PKT_RX_IP_CKSUM_NONE (0x0080) no IP cksum of RX pkt. Packet Types RTE_PTYPE_L2_ETHER (0x0001) Ethernet packet RTE_PTYPE_L3_IPV4_EXT_UNKNOWN (0x0090) IPv4 packet with or without extension headers RTE_PTYPE_L4_NONFRAG (0x0600) Non-fragmented IP packet IP4: ce:25:02:c2:a0:f2 -> 0e:ac:8a:83:b6:bb 802.1q vlan 11 IP6_HOP_BY_HOP_OPTIONS: 55.1.1.1 -> 55.1.1.2 tos 0x00, ttl 64, length 20, checksum 0x0ae5 dscp CS0 ecn NON_ECN fragment id 0x0001 00:24:03:846063: TwentyFiveGigabitEthernet3/0/0-tx TwentyFiveGigabitEthernet3/0/0 tx queue 0 buffer 0x425d3: current data 0, length 52, buffer-pool 0, ref-count 1, trace handle 0x5 vlan-1-deep l2-hdr-offset 0 l3-hdr-offset 18 PKT MBUF: port 65535, nb_segs 1, pkt_len 52 buf_len 2176, data_len 52, ol_flags 0x0, data_off 128, phys_addr 0x8ef2ea00 packet_type 0x0 l2_len 0 l3_len 0 outer_l2_len 0 outer_l3_len 0 rss 0x0 fdir.hi 0x0 fdir.lo 0x0 IP4: ce:25:02:c2:a0:f2 -> 0e:ac:8a:83:b6:bb 802.1q vlan 11 IP6_HOP_BY_HOP_OPTIONS: 55.1.1.1 -> 55.1.1.2 tos 0x00, ttl 64, length 20, checksum 0x0ae5 dscp CS0 ecn NON_ECN fragment id 0x0001
More All Messages By This Member
Krishna, Parameswaran #22728 Hi, Did anyone get a chance to look at this issue? If anyone has any sort of input, that will be of great help. Please let me know if any additional information is needed. Thank you. Best regards, Parameswaran
More All Messages By This Member

1 - 2 of 2

1

Previous Topic Next Topic

Home Hashtags Subgroups Terms