 |
FD.io VPP
v19.08-27-gf4dcae4
Vector Packet Processing
|
|
FD.io VPP
v19.08-27-gf4dcae4
Vector Packet Processing
|
map add domain [tag <tag>] ip4-pfx <ip4-pfx> ip6-pfx <ip6-pfx> ip6-src <ip6-pfx> ea-bits-len <n> psid-offset <n> psid-len <n> [map-t] [mtu <mtu>].
Add MAP domain
vpp# map add domain
Declaration: map_add_domain_command (src/plugins/map/map.c line 2128)
Implementation: map_add_domain_command_fn.
map add rule index <domain> psid <psid> ip6-dst <ip6-addr>.
Add MAP rule to a domain
vpp# map add rule
Declaration: map_add_rule_command (src/plugins/map/map.c line 2144)
Implementation: map_add_rule_command_fn.
map del domain index <domain>.
Delete MAP domain
vpp# map del domain
Declaration: map_del_command (src/plugins/map/map.c line 2157)
Implementation: map_del_domain_command_fn.
map interface <interface-name> [map-t] [del].
Enable MAP processing on interface (input feature)
Declaration: map_if_command (src/plugins/map/map.c line 2206)
Implementation: map_if_command_fn.
map params fragment inner|outer ignore-df|honor-df.
Configure MAP fragmentation behaviour
vpp# map params fragment
Allows fragmentation of the IPv4 packet even if the DF bit is set. The choice between inner or outer fragmentation of tunnel packets is complicated. The benefit of inner fragmentation is that the ultimate endpoint must reassemble, instead of the tunnel endpoint.
Declaration and implementation
Declaration: map_fragment_command (src/plugins/map/map.c line 2114)Implementation: map_fragment_command_fn.
Summary/usage
map params icmp source-address <ip4-address>.
Description
Specifiy the IPv4 source address used for relayed ICMP error messagesExample usagevpp# map params icmp source-address
This command specifies which IPv4 source address (must be local to the system), that is used for relayed received IPv6 ICMP error messages.
Declaration and implementation
Declaration: map_icmp_relay_source_address_command (src/plugins/map/map.c line 2079)Implementation: map_icmp_relay_source_address_command_fn.
Summary/usage
map params icmp6 unreachables {on|off}.
Description
Send IPv6 ICMP unreachablesExample usagevpp# map params icmp6 unreachables
Send IPv6 ICMP unreachable messages back if security check fails or no MAP domain exists.
Declaration and implementation
Declaration: map_icmp_unreachables_command (src/plugins/map/map.c line 2095)Implementation: map_icmp_unreachables_command_fn.
Summary/usage
map params pre-resolve {ip4-nh <address>} | {ip6-nh <address>}.
Description
Bypass IP4/IP6 lookupExample usagevpp# map params pre-resolve
Bypass a second FIB lookup of the translated or encapsulated packet, and forward the packet directly to the specified next-hop. This optimization trades forwarding flexibility for performance.
Declaration and implementation
Declaration: map_pre_resolve_command (src/plugins/map/map.c line 2037)Implementation: map_pre_resolve_command_fn.
Summary/usage
map params reassembly [ip4 | ip6] [lifetime <lifetime-ms>] [pool-size <pool-size>] [buffers <buffers>] [ht-ratio <ht-ratio>].
Description
Configure MAP reassembly behaviourExample usagevpp# map params reassembly
Declaration and implementation
Declaration: map_ip4_reass_lifetime_command (src/plugins/map/map.c line 1983)Implementation: map_params_reass_command_fn.
Summary/usage
map params security-check enable|disable fragments on|off.
Description
Enable or disable the MAP-E inbound security check
Specifiy if the inbound security check should be done on fragmentsExample usagevpp# map params security-check
By default, a decapsulated packet's IPv4 source address will be verified against the outer header's IPv6 source address. Disabling this feature will allow IPv4 source address spoofing.
Typically the inbound on-decapsulation security check is only done
on the first packet. The packet that contains the L4
information. While a security check on every fragment is possible,
it has a cost. State must be created on the first fragment.
Declaration and implementation
Declaration: map_security_check_command (src/plugins/map/map.c line 2061)Implementation: map_security_check_command_fn.
Summary/usage
map params tcp-mss <value>.
Description
TCP MSS clampingExample usagevpp# map params tcp-mss
This command is used to set the TCP MSS in translated or encapsulated packets.
Declaration and implementation
Declaration: map_tcp_mss_command (src/plugins/map/map.c line 2019)Implementation: map_tcp_mss_command_fn.
Summary/usage
map params traffic-class {0x0-0xff | copy}.
Description
Set or copy the IP TOS/Traffic Class fieldExample usagevpp# map params traffic-class
This command is used to set the traffic-class field in translated or encapsulated packets. If copy is specifed (the default) then the traffic-class/TOS field is copied from the original packet to the translated / encapsulating header.
Declaration and implementation
Declaration: map_traffic_class_command (src/plugins/map/map.c line 2003)Implementation: map_traffic_class_command_fn.
Summary/usage
show map domain index <n> [counters].
Description
Show MAP domainsExample usagevpp# show map domain
Declaration and implementation
Declaration: show_map_domain_command (src/plugins/map/map.c line 2170)Implementation: show_map_domain_command_fn.
Summary/usage
show map fragments.
Description
Show MAP fragmentation informationExample usagevpp# show map fragments
Declaration and implementation
Declaration: show_map_fragments_command (src/plugins/map/map.c line 2196)Implementation: show_map_fragments_command_fn.
Summary/usage
show map stats.
Description
Show MAP statisticsExample usagevpp# show map stats
Declaration and implementation
Declaration: show_map_stats_command (src/plugins/map/map.c line 2183)Implementation: show_map_stats_command_fn.
1.8.11