1. Running VPP applications

1.1. Prerequisites

  1. Linux booted on Host and DPU

  2. Login to your docker on host and DPU

  3. Bind the pktio and crypto devices to vfio-pci

source dao-env.sh

1.2. DAO Environment Setup

Following step is required to run only once after the first login to docker

~# source /dao-env.sh

1.3. L3 Router

  1. start vpp with config file at /etc/vpp/pktio_startup.conf

~# vpp -c /etc/vpp/pktio_startup.conf

  1. start vppctl command on console

~# vppctl

vpp# set int state eth0 up
vpp# set int state eth1 up
vpp# set int ip address eth0 10.29.10.1/24
vpp# set int ip address eth1 10.29.20.2/24
vpp# set ip neighbor eth0  10.29.10.10 00:00:00:01:01:01
vpp# set ip neighbor eth1  10.29.20.20 00:00:00:02:01:01
vpp# ip route add 10.29.10.10/24 via eth0
vpp# ip route add 10.29.20.20/24 via eth1
vpp# show int
vpp# trace add eth0-rx 5

  1. On host x86 machine, configure the IPs of the interfaces to send traffic

~# ifconfig intf1  10.29.10.10/24
~# ifconfig intf2  10.29.20.20/24

  1. Run tshark capture on intf2

~# tshark -i intf2 -Y "udp" -V

  1. Run scapy and send traffic

~# scapy

 >>> sendp(Ether(dst="ba:7a:5a:ae:c7:ab",src="00:00:00:01:01:01")/IP(src="10.29.10.10",dst="10.29.20.20",len=60)/UDP(dport=4000,sport=4000,len=40)/Raw(RandString(size=32)), iface="intf1", return_packets=True, count=100)

  1. Observe the traffic on tshark console on x86 host

  2. On VPP console check the graph walk

vpp# show trace

1.4. VPP as IPsec Tunnel Originator

  1. start vpp with config file at /etc/vpp/pktio_startup.conf

~# vpp -c /etc/vpp/crypto_startup.conf

  1. start vppctl command on console

~# vppctl

vpp# set int ip address eth0 10.29.10.1/24
vpp# set int state eth0 up
vpp# set ip neighbor eth0 10.29.10.10 00:00:00:01:01:01
vpp# set int promiscuous on eth0
vpp# set int ip address eth1 192.168.1.1/24
vpp# set ip neighbor eth1 192.168.1.2 00:00:00:02:01:01
vpp# set int state eth1 up
vpp# set int promiscuous on eth1
vpp# set ipsec async mode on
vpp# ipsec itf create
vpp# ipsec sa add 10 spi 1001 esp crypto-key 4a506a794f574265564551694d653768 crypto-alg aes-gcm-128 tunnel src 192.168.1.1 dst 192.168.1.2 esp
vpp# ipsec sa add 20 spi 2001 inbound crypto-alg aes-gcm-128 crypto-key 4d4662776d4d55747559767176596965 tunnel src 192.168.1.2 dst 192.168.1.1 esp
vpp# ipsec tunnel protect sa-out 10 ipsec0
vpp# set int state ipsec0 up
vpp# set interface unnum ipsec0 use eth1
vpp# ip route add 10.29.20.20/24 via ipsec0
vpp# show int
vpp# pcap trace tx  intfc eth1 max 100 file outbound_enc.pcap
vpp# trace add eth0-rx 5

  1. On host x86 machine, configure the IPs of the interfaces to send traffic

~# ifconfig intf1  10.29.10.10/24
~# ifconfig intf2  10.29.20.20/24

  1. Run tshark capture on intf2

~# tshark -i intf2 -Y "esp" -V

  1. Run scapy and send traffic

~# scapy

 >>> sendp(Ether(dst="ba:7a:5a:ae:c7:ab",src="00:00:00:01:01:01")/IP(src="10.29.10.10",dst="10.29.20.20",len=60)/UDP(dport=4000,sport=4000,len=40)/Raw(RandString(size=32)), iface="intf1", return_packets=True, count=5)

  1. Observe the ESP traffic on tshark console on x86 host ~# tshark -i intf2 -Y “esp” -V

  2. On VPP console check the graph walk vpp# show trace