-
Notifications
You must be signed in to change notification settings - Fork 232
Network
The Gatekeeper network configuration allows the user to specify parameters that are relevant to the interfaces and network in general. Since the network configuration is used by each functional block, some of its state serves as a sort of global configuration for Gatekeeper.
The network configuration allows users to fully specify the Gatekeeper interfaces. Gatekeeper interfaces are composed of one or more component interfaces (or ports). Each Gatekeeper interface is assigned at most one IPv4 address and at most one IPv6 address.
Gatekeeper servers have a front and a back interface. The front interface announces routes via BGP to peers in the vantage point, and accepts incoming traffic on behalf of the protected destination. It then forwards traffic through the back interface, either to a Grantor server, to a gateway to be delivered to another network, or to a neighbor in the same network.
Grantor servers have only a front interface. They accept packets from Gatekeeper servers on the front interface, and for granted packets, they transmit them back through the front interface to the ultimate destination. When run as a Grantor server, any configuration done for the back interface is ignored.
The network configuration allows users to specify other options on Gatekeeper interfaces, such as a VLAN tag, the MTU, and a bonding mode (when more than one port is used to compose a single Gatekeeper interface).
All static configuration variables can be configured in lua/cps.lua.
These variables are likely to change from deployment-to-deployment based on the operator's preferences.
log_level
The log level for network-related logs. Can be set to any one of the following values: RTE_LOG_EMERG, RTE_LOG_ALERT, RTE_LOG_CRIT, RTE_LOG_ERR, RTE_LOG_WARNING, RTE_LOG_NOTICE, RTE_LOG_INFO, RTE_LOG_DEBUG.
Since we typically use RTE_LOG_ERROR as the most severe log condition, we recommend not to set this value below RTE_LOG_ERROR.
It is not crucial to change these variables, and they only need to be changed to fine tune the performance of Gatekeeper. Otherwise, the default values are likely fine.
front_ports & back_ports
A comma-separated string array of interface names to compose the front and back Gatekeeper interfaces, respectively.
Each interface name in the array is used as an index into the interface map specified by if_map.lua, which maps interface names to PCI addresses for use in DPDK. Therefore, to use an interface name in these arrays, it needs to have a mapping in if_map.lua.
When more than one port is specified for an interface, the ports are bonded together. See the bonding mode parameters below for more information.
front_ips & back_ips
A comma-separated string array of IP addresses for the front and back interfaces, respectively.
Each Gatekeeper interface should have at least one IP address. It can have at most one IPv4 address and at most one IPv6 address.
front_bonding_mode & back_bonding_mode
The bonding mode for the front and back ports (when applicable), respectively.
When more than one port is specified in front_ports or back_ports, the ports are bonded together using the DPDK bonding library. When ports are bonded together, a bonding mode is specified to determine how the ports function together. For example, round robin mode provides load balancing across all component ports.
Can be set to any one of the following values: BONDING_MODE_ROUND_ROBIN,BONDING_MODE_ACTIVE_BACKUP, BONDING_MODE_BALANCE, BONDING_MODE_BROADCAST, BONDING_MODE_8023AD, BONDING_MODE_TLB, BONDING_MODE_ALB.
- front_vlan_tag & back_vlan_tag
- front_vlan_insert & back_vlan_insert
Each interface can have a 12-bit VLAN tag ({front,back}_vlan_tag) applied to all egress traffic if {front,back}_vlan_insert is set to true. If set to false, no tag is applied.
These variables likely only need to be changed under extreme circumstances or for deployment-specific reasons.