-
Notifications
You must be signed in to change notification settings - Fork 322
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
EtherSwitch configuration #479
Comments
your config says that a packet received on port 0 is sent out port 0. A switch prevents this.
|
Yes I know that a switch prevents this. |
You have to build at least 2 ports to your switch, or it can't "switch" :p You have this kind of requirements in the documentation at https://github.com/kohler/click/wiki/EtherSwitch.
Note that I have from and to port0 tied to enp6sf0, else I think it's a call for problem. |
Yes, it was my misunderstanding, Ι don't know what I was thinking when I read the documentation. :p :P |
@tbarbette I saw again your configuration, If I am not completely wrong, we have ingress port enp6s0f0 and also egress port enp6s0f0. Is this right? or I did not understand the element? In my scenario I want something like this: I followed @ahenning example.
The VNF configuration is simple forwarder for testing:
Obviously this configuration did not work and Im trying to figure out, where is my misunderstanding |
All ports have 2 sides, rx and tx. FromDevice is rx and ToDevice is tx for a real device, a real NIC. KernelTap includes both at once for a virtual Tap. On the left of kernel tap you handle the tx and on the right the rx. There should be no Idle(). |
Thanks for the clarification. |
@p4pe when a packet is received on a port on the switch, the switch uses the destination mac address to decide which port to switch the packet to (if the MAC is known). In your config, the packets would not take the VNF path by it self. Connecting devices to ports does not tell the switch how to switch the packets. I am assuming this is what you want to engineer with the config, i.e to redirect traffic to the VNF. If not please let me know. If yes, and you always want the traffic to be sent to the VNF, and it will only be in the direction as per the diagram, then you don't need the complexity of the EtherSwitch. You can simply pump the packet to the KernelTap and assuming the VNF returns the packets, take the packets from KernelTap and send it out the interface you want. In that scenario the switch is not needed. Of course the L2 headers will need to be set, but that is the path to match the diagram. If the diagram is accurate, I would recommend to remove the switch. The second scenario is that maybe some packets need to be sent to the VNF and some packets will be sent straight through the switch. This is more complex. In this scenario the switch makes sense, but how will switch know where to send the packets to? The L2 headers need to be set to determine where the packets will be switched to. Here is another example config with a switch and KernelTap So if you want to use the switch to redirect packets to the VNF you need to do that redirect on the L2 header. In other words, lets say your KernelTap MAC address is 01:01:01:01:01:01 then before the packets are sent to the switch, the L2 header info needs to be changed so that the destination of the packets are 01:01:01:01:01. The destination in L2 header tells the switch which port the packets will be sent out. Assuming you want to redirect the traffic to the VNF, in the above config that would be port 2. If bidirectional traffic is needed, then the EtherSwitch will make sense. Again either the traffic needs to be redirected with EtherEncap or the L2 headers needs to be set at the Source and Sink so that the L2 info tells the switch to send the packets to the tap port. |
Thank you for the answer @ahenning , yes I want the traffic to be redirected to the VNF, and then to a second VNF before goes to the sink. I already did your first suggestion, but I was asked to do the second one with the EtherSwitch acting as an virtual switch(I was also tried a scenario with OVS and docker, but this killed the throughput). Something that I forgot to say(and write in the config) is that all interfaces are on promisc mode. |
Start with no VF, then one VF, then two :p Also if you're not handling backward traffic, then the EtherSwitch will probably not be able to learn MACs, so the switch won't work? |
The no VF scenario is working :P I already did this with the hard-wired approach.. (but my supervisor wants the switch...) |
Following your advice @tbarbette (I convinced my supervisor :P) not to use the etherswitch. So I have the following setup For my NAT configuration:
For my IPSec:
But it seems that the 27.32.11.3/32 register in the radixipseclookup table does not working. Why? |
I've never used RadixIPsecLookup, and actually IPsec. You're sure you want that one and not RadixIPLookup? What are those supplementary parameters? I know the second term should be the port, then eventually the gateway. But those "1111111111" ? BTW, you probably want "SNIFFING false" to FromDevice, as you don't want packets to continue in the IP stack. |
As Tom mentioned previously:
Using these elements on virtual interfaces might not work so I recommend to use real NIC to save a lot of trouble. Also I would again recommend to use Print and IPPrint elements to trace the packets. E.g. here the suspect is the Ipsec config but I doubt the packets are even passing through the KernelTap interface. Here is an example of chaining separate click configs together: Source: Sink: |
Hello, thank you very much for the directions! |
Hello, I'm using EtherSwitch element in order to implement a simple switch (at first) with only one input and one output port.
The click configuration is this:
But when I'm trying to start the router, I can't and took this error:
switch.click:4: ‘switch :: EtherSwitch’ input 1 unused
switch.click:4: ‘switch :: EtherSwitch’ output 1 unused
Where is my misconfiguration?
The text was updated successfully, but these errors were encountered: