-
Notifications
You must be signed in to change notification settings - Fork 7
/
Copy pathREADME
39 lines (30 loc) · 1.63 KB
/
README
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
Testing the P4/C Firewall:
1. Follow instructions on http://iconicsp4.cloudapp.net/ to install the NFP SDK RTE,
setup access to the ICONICS repository and identifying your SmartNIC
To install the package:
yum install nfp-sdk6-p4-config-<smartnic>-p4c_firewall_state_table-<version>.noarch
All the available packages can be listed with:
repoquery -a --repoid=iconics
2. The Firewall controller and test script will be installed to:
/opt/nfp_pif/etc/smartnic-configs/<smartnic>-p4c_firewall_state_table/
3. Run the Firewall Controller on the host where the SmartNIC is installed:
python fw_v2_ctrlr.py -h
python fw_v2_ctrlr.py -i 111.111.111.111 -t 100
4. Run the Test Script where you generate your traffic:
./p4c-firewall-test.sh <internal port> <external port>
./p4c-firewall-test.sh p6p1 p6p2
Make sure you have downloaded the .pcap files provided in this repo
Make sure you have tcpreplay installed on your host:
yum install tcpreplay
The .pcap files must be in the same directory as the test script.
5. Setup:
______________ ______________
| SmartNIC | |TraditionalNIC|
| p0|---------|p6p1<Internal>|
| Firewall | | |
| p4|---------|p6p2<External>|
|______________| |______________|
The test script will do the following:
- Send a packet from <external> to p4: No rule yet -> Drop
- Send a packet from <internal> to p0: New Flow -> NAT -> Forward to p4
- Send a packet from <external> to p4: Known Flow -> NAT -> Forward to p0