You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
ID of IPv6 VRF table where to install LocalSID routing components (LocalSids with End.AD function ignore this setting due to missing setting in the API. The End.AD functionality is separated from the SRv6 functionality and have no binary API. It has only the CLI API and that doesn't have the installation vrf id (in VPP API called FIB table) setting configurable.) Non-zero VRF has to be explicitly created (see api/models/vpp/l3/vrf.proto)
vrf index of IPv4 table that should be used for lookup. vrf_index and fib_table_id should refer to the same routing table. VRF index refer to it from client side and FIB table id from VPP-internal side (index of memory allocated structure from pool)(source: https://wiki.fd.io/view/VPP/Per-feature_Notes). Non-zero VRF has to be explicitly created (see api/models/vpp/l3/vrf.proto)
LocalSID.EndDT6
End function behavior of endpoint with decapsulation and specific IPv6 table lookup
vrf index of IPv6 table that should be used for lookup. vrf_index and fib_table_id should refer to the same routing table. VRF index refer to it from client side and FIB table id from VPP-internal side (index of memory allocated structure from pool)(source: https://wiki.fd.io/view/VPP/Per-feature_Notes). Non-zero VRF has to be explicitly created (see api/models/vpp/l3/vrf.proto)
LocalSID.EndDX2
End function behavior of endpoint with decapsulation and Layer-2 cross-connect (or DX2 with egress VLAN rewrite when VLAN notzero - not supported this variant yet)
vrf index of IPv6 table that should be used for lookup. vrf_index and fib_table_id should refer to the same routing table. VRF index refer to it from client side and FIB table id from VPP-internal side (index of memory allocated structure from pool)(source: https://wiki.fd.io/view/VPP/Per-feature_Notes). Non-zero VRF has to be explicitly created (see api/models/vpp/l3/vrf.proto)
LocalSID.EndX
End function behavior of endpoint with Layer-3 cross-connect (IPv6)
ID of IPv6 VRF table where to install Policy routing components (for loadbalancing/spray are used VPP features that are using VRF table) Non-zero VRF has to be explicitly created (see api/models/vpp/l3/vrf.proto)
ID of IPv4/IPv6 VRF table where to install L3 Steering routing components (VRF table type (IPv4/IPv6) is decided by prefix_address value) Non-zero VRF has to be explicitly created (see api/models/vpp/l3/vrf.proto)
SocketPath defines path to unix domain socket used for punt packets to the host. In dumps, it will actually contain the socket defined in VPP config under punt section.
IPRedirect
IPRedirect allows otherwise dropped packet which destination IP address
matching some of the VPP addresses to redirect to the defined next hop address
via the TX interface.
ToHost allows otherwise dropped packet which destination IP address matching
some of the VPP interface IP addresses to be punted to the host.
L3 and L4 protocols can be used for filtering */
SocketPath defines path to unix domain socket used for punt packets to the host. In dumps, it will actually contain the socket defined in VPP config under punt section.
IP address from Twice-NAT address pool that should be used as source IP in twice-NAT processing. This is override for default behaviour of choosing the first IP address from twice-NAT pool that has available at least one free port (NAT is tracking translation sessions and exhausts free ports for given IP address). This is needed for example in use cases when multiple twice-NAT translations need to use different IP Addresses as source IP addresses. This functionality works with VPP 20.09 and newer. It also needs to have twice_nat set to ENABLED. It doesn't work for load-balanced static mappings (=local_ips has multiple values).
Nat44Global defines global NAT44 configuration.
In VPP version 21.01 and newer the NAT44 plugin has to be explicitly enabled (by default it is
disabled so that it doesn't consume any computational resources). With ligato control-plane
the NAT44 plugin is enabled by submitting the NAT44Global configuration (even default values
will make the plugin enabled). Without Nat44Global, all other NAT44 configuration items
(DNat44, Nat44Interface and Nat44AddressPool) will be in the PENDING state.
Enable/disable endpoint-independent mode. In endpoint-independent (also known as "simple") mode the VPP NAT plugin holds less information for each session, but only works with outbound NAT and static mappings. In endpoint-dependent mode, which ligato selects as the default, the VPP NAT plugin uses more information to track each session, which in turn enables additional features such as out-to-in-only and twice-nat. In older versions of VPP (<= 20.09) this field is ignored because mode at which the NAT44 plugin operates is given by the VPP startup configuration file (i.e. config created before VPP even starts, therefore not managed by ligato). The endpoint-independent mode is the default and the dependent mode is turned on with this config stanza (included in vpp.conf used by ligato for older VPPs): nat { endpoint-dependent }
VR advertisement interval in milliseconds, should be => 10 and <= 65535. (Later, in implemetation it is converted into centiseconds, so precision may be lost).
Controls whether a virtual router in Master state will accept packets addressed to the address owner's IPvX address as its own if it is not the IPvX address owner.
Unicast mode may be used to take advantage of newer token ring adapter implementations that support non-promiscuous reception for multiple unicast MAC addresses and to avoid both the multicast traffic and usage conflicts associated with the use of token ring functional addresses.
ID is mandatory identification for VRF table. NOTE: do not confuse with fib index (shown by some VPP CLIs), which is VPP's internal offset in the vector of allocated tables.
Label is an optional description for the table. - maximum allowed length is 63 characters - included in the output from the VPP CLI command "show ip fib" - if undefined, then VPP will generate label using the template "-VRF:"
FlowHashSettings allows tuning of hash calculation of IP flows in the VRF table.
This affects hash table size as well as the stickiness of flows by load-balancing.
If not defined, default settings that are implicitly enabled are:
VRF identifier, field required for remote client. This value should be consistent with VRF ID in static route key. If it is not, value from key will be preffered and this field will be overriden. Non-zero VRF has to be explicitly created (see api/models/vpp/l3/vrf.proto)
Preference defines path preference. Lower preference is preferred. Only paths with the best preference contribute to forwarding (a poor man's primary and backup).
Specifies VRF ID for the next hop lookup / recursive lookup
Route.RouteType
Name
Number
Description
INTRA_VRF
0
Forwarding is being done in the specified vrf_id only, or according to the specified outgoing interface.
INTER_VRF
1
Forwarding is being done by lookup into a different VRF, specified as via_vrf_id field. In case of these routes, the outgoing interface should not be specified. The next hop IP address does not have to be specified either, in that case VPP does full recursive lookup in the via_vrf_id VRF.
DROP
2
Drops the network communication designated for specific IP address.
Deprecated. List of policy entries belonging to this SPD. Deprecated and actually trying to use this will return an error. Use separate model for Security Policy (SP) defined below.
Name of the host (Linux) interface to bind to. This type of reference is suitable for scenarios when the target interface is not managed (and should not be touched) by the agent. In such cases the interface does not have logical name in the agent's namespace and can only be referenced by the host interface name (i.e. the name used in the Linux network stack). Please note that agent learns about externally created interfaces through netlink notifications. If, however, the target interface is managed by the agent, then it is recommended to use the alternative reference <linux_interface> (see below), pointing to the interface by its logical name. One advantage of such approach is, that if AF-PACKET and the target Linux interface are requested to be created at the same time, then it can be done inside the same transaction because the agent does not rely on any notification from the Linux. It is mandatory to define either <host_if_name> or <linux_interface>.
Logical name of the Linux interface to bind to. This is an alternative interface reference to <host_if_name> and preferred if the target interface is managed by the agent and not created externally (see comments for <host_if_name> for explanation). It is mandatory to define either <host_if_name> or <linux_interface>.
BondLink
BondLink defines configuration for interface type: BOND_INTERFACE
IPSecLink defines configuration for interface type: IPSEC_TUNNEL
In VPP 21.06 and newer, IPSecLink serves just for creation of the link and thus only tunnel_mode is taken into
account and all of the remaining (deprecated) fields are ignored.
Please use separate SecurityPolicy, SecurityAssociation and TunnelProtection messages from ligato.vpp.ipsec
package to associate SA, SP and tunnel protection with the link.
IPAddresses define list of IP addresses for the interface and must be defined in the following format: /. Interface IP address can be also allocated via netalloc plugin and referenced here, see: api/models/netalloc/netalloc.proto
Vrf defines the ID of VRF table that the interface is assigned to. The VRF table must be explicitely configured (see api/models/vpp/l3/vrf.proto). When using unnumbered interface the actual vrf is inherited from the interface referenced by the numbered interface and this field is ignored.
Name of the TAP interface in the host OS; if empty, it will be auto-generated (suitable for combination with TAP_TO_VPP interface from Linux ifplugin, because then this name is only temporary anyway)
If TAP connects VPP with microservice, fill this parameter with the target microservice name - should match with the namespace reference of the associated TAP_TO_VPP interface (it is still moved to the namespace by Linux-ifplugin but VPP-ifplugin needs to be aware of this dependency)
EnableTunnel enables tunnel mode for TAP interface.
VmxNet3Link
VmxNet3Link defines configuration for interface type: VMXNET3_INTERFACE
PCI address (unsigned 32bit int) is derived from vmxnet3 interface name. It is expected that the interface
name is in format vmxnet3-<d>/<b>/<s>/<f>, where d stands for domain (max ffff), b is bus (max ff),
s is slot (max 1f) and f is function (max 7). All values are base 16
TEB - Transparent Ethernet Bridging - the tunnel is in L2 mode
ERSPAN
3
ERSPAN - the tunnel is for port mirror SPAN output
GtpuLink.NextNode
Name
Number
Description
DEFAULT
0
The default next node is l2-input
L2
1
l2-input
IP4
2
ip4-input
IP6
3
ip6-input
IPIPLink.Mode
Name
Number
Description
POINT_TO_POINT
0
point-to-point tunnel
POINT_TO_MULTIPOINT
1
point-to multipoint tunnel (supported starting from VPP 20.05)
IPSecLink.Mode
Name
Number
Description
POINT_TO_POINT
0
point-to-point tunnel
POINT_TO_MULTIPOINT
1
point-to multipoint tunnel (supported starting from VPP 20.05)
Interface.RxMode.Type
Type definition is from: vpp/include/vnet/interface.h
Name
Number
Description
UNKNOWN
0
POLLING
1
INTERRUPT
2
ADAPTIVE
3
DEFAULT
4
Interface.Type
Type defines VPP interface types.
Name
Number
Description
UNDEFINED_TYPE
0
SUB_INTERFACE
1
SOFTWARE_LOOPBACK
2
DPDK
3
MEMIF
4
TAP
5
AF_PACKET
6
VXLAN_TUNNEL
7
IPSEC_TUNNEL
8
Deprecated in VPP 20.01+. Use IPIP_TUNNEL + ipsec.TunnelProtection instead.
VMXNET3_INTERFACE
9
BOND_INTERFACE
10
GRE_TUNNEL
11
GTPU_TUNNEL
12
IPIP_TUNNEL
13
WIREGUARD_TUNNEL
14
RDMA
15
MemifLink.MemifMode
Name
Number
Description
ETHERNET
0
IP
1
PUNT_INJECT
2
RDMALink.Mode
Name
Number
Description
AUTO
0
IBV
1
InfiniBand Verb (using libibverb).
DV
2
Direct Verb allows the driver to access the NIC HW RX/TX rings directly instead of having to go through libibverb and suffering associated overhead. It will be automatically selected if the adapter supports it.
DNSCache configuration models VPP's DNS cache server functionality. The main goal of this functionality is
to cache DNS records and minimize external DNS traffic.
The presence of this configuration enables the VPP DNS functionality and VPP start to acts as DNS cache Server.
It responds on standard DNS port(53) to DNS requests. Removing of this configuration disables the VPP DNS
functionality.
List of upstream DNS servers that are contacted by VPP when unknown domain name needs to be resolved. The results are cached and there should be no further upstream DNS server request for the same domain name until cached DNS record expiration.
IP protocol number (http://www.iana.org/assignments/protocol-numbers/protocol-numbers.xhtml) Zero value (i.e. undefined protocol) means that the protocol to match will be automatically selected from one of the ICMP/ICMP6/TCP/UDP based on the rule definition. For example, if "icmp" is defined and src/dst addresses are IPv6 then packets of the ICMP6 protocol will be matched, etc.
ACL.Rule.IpRule.PortRange
Inclusive range representing destination ports to be used. When
only lower-port is present, it represents a single port.
Binary mask for tcp flags to match. MSB order (FIN at position 0). Applied as logical AND to tcp flags field of the packet being matched, before it is compared with tcp-flags-value.
Binary value for tcp flags to match. MSB order (FIN at position 0). Before tcp-flags-value is compared with tcp flags field of the packet being matched, tcp-flags-mask is applied to packet field value.
Before source-mac-address is compared with source mac address field of the packet being matched, source-mac-address-mask is applied to packet field value.
Source MAC address mask. Applied as logical AND with source mac address field of the packet being matched, before it is compared with source-mac-address.
IPAllocation represents a single allocated IP address.
To reference allocated address, instead of entering specific IP address
for interface/route/ARP/..., use one of the following string templates
prefixed with netalloc keyword "alloc" followed by colon:
a) reference IP address allocated for an interface:
"alloc:<network_name>/<interface_name>"
b) when interface is given (e.g. when asked for IP from interface model),
interface_name can be omitted:
"alloc:<network_name>"
c) reference default gateway IP address assigned to an interface:
"alloc:<network_name>/<interface_name>/GW"
d) when asking for GW IP for interface which is given, interface_name
can be omitted:
"alloc:<network_name>/GW"
NetworkName is some label assigned to the network where the IP address was assigned to the given interface. In theory, interface can have multiple IP adresses or there can be multiple address allocators and the network name allows to separate them. The network name is not allowed to contain forward slashes.
Address is an IP addres allocated to the interface inside the given network. If the address is specified without a mask, the all-ones mask (/32 for IPv4, /128 for IPv6) will be assumed.
Gw is the address of the default gateway assigned to the interface in the given network. If the address is specified without a mask, then either: a) the mask of the is used provided that GW IP falls into the same network IP range, or b) the all-ones mask is used otherwise
IPAddressForm
IPAddressForm can be used in descriptors whose models reference allocated IP
addresses, to ask for a specific form in which the address should applied.
Name
Number
Description
UNDEFINED_FORM
0
ADDR_ONLY
1
ADDR_ONLY = apply address without mask, e.g. 192.168.2.5
ADDR_WITH_MASK
2
ADDR_WITH_MASK = apply address including the mask of the network, e.g. 192.168.2.5/24
ADDR_NET
3
ADDR_NET = apply network implied by the address, e.g. for 192.168.2.10/24 apply 192.168.2.0/24
SINGLE_ADDR_NET
4
SINGLE_ADDR_NET = apply address with an all-ones mask (i.e. /32 for IPv4, /128 for IPv6)
IPAddressSource
IPAddressSource can be used to remember the source of an IP address.
(e.g. to distinguish allocated IP addresses from statically defined ones)
Name
Number
Description
UNDEFINED_SOURCE
0
STATIC
1
STATIC is IP address statically assigned in the NB configuration.
FROM_DHCP
2
FROM_DHCP is set when IP address is obtained from DHCP.
ALLOC_REF
3
ALLOC_REF is a reference inside NB configuration to an allocated IP address.
EXISTING
4
EXISTING is set when IP address is assigned to (EXISTING) interface externally (i.e. by a different agent or manually by an administrator).
Reference defines reference specific to the namespace type: * namespace ID (NSID) * PID number (PID) * file path (FD) * microservice label (MICROSERVICE)
NetNamespace.ReferenceType
Name
Number
Description
UNDEFINED
0
NSID
1
named namespace
PID
2
namespace of a given process
FD
3
namespace referenced by a file handle
MICROSERVICE
4
namespace of a docker container running given microservice
Destination network address in the format / (mandatory) Address can be also allocated via netalloc plugin and referenced here, see: api/models/netalloc/netalloc.proto
Gateway IP address (without mask, optional). Address can be also allocated via netalloc plugin and referenced here, see: api/models/netalloc/netalloc.proto
IPAddresses define list of IP addresses for the interface and must be defined in the following format: /. Interface IP address can be also allocated via netalloc plugin and referenced here, see: api/models/netalloc/netalloc.proto
PhysAddress represents physical address (MAC) of the interface. Random address will be assigned if left empty. Not used (and not supported) by VRF devices.
Reference to the logical name of a VRF_DEVICE interface. If defined, this interface will be enslaved to the VRF device and will thus become part of the VRF (L3-level separation) that the device represents. Interfaces enslaved to the same VRF_DEVICE master interface therefore comprise single VRF with a separate routing table.
Routing table associated with the VRF. Table ID is an 8-bit unsigned integer value. Please note that 253, 254 and 255 are reserved values for special routing tables (main, default, local). Multiple VRFs inside the same network namespace should each use a different routing table. For more information, visit: http://linux-ip.net/html/routing-tables.html
Interface.Type
Name
Number
Description
UNDEFINED
0
VETH
1
TAP_TO_VPP
2
TAP created by VPP to have the Linux-side further configured
LOOPBACK
3
LOOPBACK is used to attach configuration to an existing "lo" interface, but unlike EXISTING type it is not limited to the default network namespace (i.e. loopbacks in other containers can be referenced also). To create an additional interface which effectively acts as a loopback, use DUMMY interface (see below).
EXISTING
4
Wait for and potentially attach additional network configuration to an interface created externally (i.e. not by this agent) in the default network namespace (i.e. same as used by the agent). Behaviour of the EXISTING interface depends on the values of ip_addresses and link_only attributes as follows: 1. link_only=false and ip_addresses are empty: agent waits for interface to be created externally and then configures it in the L2-only mode (resync will remove any IP addresses configured from outside of the agent) 2. link_only=false and ip_addresses are non-empty: agent waits for interface to be created externally and then attaches the selected IP addresses to it (resync removes any other IPs added externally) 3. link_only=true and ip_addresses are empty: agent only waits for the interface to exists (it doesn't wait for or change any IP addresses attached to it) 4. link_only=true and ip_addresses are non empty: agent waits for the interface to exists and the selected IP addresses to be assigned (i.e. there will be derived value for each expected IP address in the PENDING state until the address is assigned to the interface externally)
VRF_DEVICE
5
In Linux, VRF is implemented as yet another type of netdevice (i.e. listed with ip link show). Network interfaces are then assigned to VRF simply by enslaving them to the VRF device. For more information, visit: https://www.kernel.org/doc/Documentation/networking/vrf.txt
DUMMY
6
Create a dummy Linux interface which effectively behaves just like the loopback.
- for invalid value, details is a list of invalid fields - for pending value, details is a list of missing dependencies (labels)
TxnOperation
Name
Number
Description
UNDEFINED
0
VALIDATE
1
CREATE
2
UPDATE
3
DELETE
4
ValueState
Name
Number
Description
NONEXISTENT
0
ValueState_NONEXISTENT is assigned to value that was deleted or has never existed.
MISSING
1
ValueState_MISSING is assigned to NB value that was configured but refresh found it to be missing.
UNIMPLEMENTED
2
ValueState_UNIMPLEMENTED marks value received from NB that cannot be configured because there is no registered descriptor associated with it.
REMOVED
3
ValueState_REMOVED is assigned to NB value after it was removed or when it is being re-created. The state is only temporary: for re-create, the value transits to whatever state the following Create operation produces, and delete values are removed from the graph (go to the NONEXISTENT state) immediately after the notification about the state change is sent.
CONFIGURED
4
ValueState_CONFIGURED marks value defined by NB and successfully configured.
OBTAINED
5
ValueState_OBTAINED marks value not managed by NB, instead created automatically or externally in SB. The KVScheduler learns about the value either using Retrieve() or through a SB notification.
DISCOVERED
6
ValueState_DISCOVERED marks NB value that was found (=retrieved) by refresh but not actually configured by the agent in this run.
PENDING
7
ValueState_PENDING represents (NB) value that cannot be configured yet due to missing dependencies.
INVALID
8
ValueState_INVALID represents (NB) value that will not be configured because it has a logically invalid content as declared by the Validate method of the associated descriptor. The corresponding error and the list of affected fields are stored in the structure available via for invalid value.
FAILED
9
ValueState_FAILED marks (NB) value for which the last executed operation returned an error. The error and the type of the operation which caused the error are stored in the structure available via for failed value.
RETRYING
10
ValueState_RETRYING marks unsucessfully applied (NB) value, for which, however, one or more attempts to fix the error by repeating the last operation are planned, and only if all the retries fail, the value will then transit to the FAILED state.
full_proto_file_name is full name of proto file that is needed to identify it. It has the form "<proto package name ('.' replaced with '/')>/" (i.e. for this proto model it is "ligato/generic/meta.proto"). If you are using rpc ProtoFileDescriptor for additional information retrieve for known models from rpc KnownModels call, you can use usually present ModelDetail's generic.ModelDetail_Option for key "protoFile" that is containing full proto file name in correct format.
file_import_descriptors is set of file descriptors that the file_descriptor is using as import. This is needed when converting file descriptor proto to protoreflect.FileDescriptor (using "google.golang.org/protobuf/reflect/protodesc".NewFile(...) )
MetaService
MetaService defines the RPC methods for managing generic models.
ProtoFileDescriptor returns proto file descriptor for proto file identified by full name. The proto file descriptor is in form of proto messages (file descriptor proto and proto of its imports) so there are needed additional steps to join them into protoreflect.FileDescriptor ("google.golang.org/protobuf/reflect/protodesc".NewFile(...)).
This rpc can be used together with knownModels rpc to retrieve additional model information. Message descriptor can be retrieved from file descriptor corresponding to knownModel message and used with proto reflecting to get all kinds of information about the known model.
Due to nature of data retrieval, it is expected that at least one message from that proto file is registered as known model. |
WaitDone option can be used to block until either config delete is done (non-pending) or request times out.
NOTE: WaitDone is intended to be used for config updates that depend on some event from dataplane to fully configure. Using this with incomplete config updates will require another update request to unblock. |
FullResync option can be used to overwrite all existing config with config update.
NOTE: Using FullResync with empty config update will remove all existing config. |
| wait_done | bool | | WaitDone option can be used to block until either config update is done (non-pending) or request times out.
NOTE: WaitDone is intended to be used for config updates that depend on some event from dataplane to fully configure. Using this with incomplete config updates will require another update request to unblock. |
UpdateResponse
ConfiguratorService
ConfiguratorService provides basic operations for managing configuration
and monitoring actual state.
VRF id of tenant, 0xFFFFFFFF means independent of VRF. Non-zero (and not all-ones) VRF has to be explicitly created (see proto/ligato/vpp/l3/vrf.proto).
Last IP address of the pool. Should be higher than first_ip or empty.
Nat64IPv6Prefix
IPv4-Embedded IPv6 Address Prefix used for NAT64.
If no prefix is configured (at all or for a given VRF), then the well-known prefix (64:ff9b::/96) is used.
VRF id of tenant. At most one IPv6 prefix can be configured for a given VRF (that's why VRF is part of the key but prefix is not). Non-zero (and not all-ones) VRF has to be explicitly created (see proto/ligato/vpp/l3/vrf.proto).