![]() |
FD.io VPP
v18.07.1-19-g511ce25
Vector Packet Processing
|
map add domain ip4-pfx <ip4-pfx> ip6-pfx <ip6-pfx> ip6-src <ip6-pfx> ea-bits-len <n> psid-offset <n> psid-len <n> [map-t] [map-ce] [mtu <mtu>].
Add MAP domain
vpp# map add domain
Declaration: map_add_domain_command (src/plugins/map/map.c line 2177)
Implementation: map_add_domain_command_fn.
map add rule index <domain> psid <psid> ip6-dst <ip6-addr>.
Add MAP rule to a domain
vpp# map add rule
Declaration: map_add_rule_command (src/plugins/map/map.c line 2192)
Implementation: map_add_rule_command_fn.
map del domain index <domain>.
Delete MAP domain
vpp# map del domain
Declaration: map_del_command (src/plugins/map/map.c line 2205)
Implementation: map_del_domain_command_fn.
map params fragment inner|outer.
Configure MAP fragmentation behaviour
vpp# map params fragment
Declaration: map_fragment_command (src/plugins/map/map.c line 2127)
Implementation: map_fragment_command_fn.
map params fragment ignore-df on|off.
Ignore the IPv4 Don't fragment bit
vpp# map params fragment ignore-df
Allows fragmentation of the IPv4 packet even if the DF bit is set. The choice between inner or outer fragmentation of tunnel packets is complicated. The benefit of inner fragmentation is that the ultimate endpoint must reassemble, instead of the tunnel endpoint.
Declaration and implementation
Declaration: map_fragment_df_command (src/plugins/map/map.c line 2146)
Implementation: map_fragment_df_command_fn.
Summary/usage
map params icmp source-address <ip4-address>.
Description
Specifiy the IPv4 source address used for relayed ICMP error messages
Example usage
vpp# map params icmp source-address
This command specifies which IPv4 source address (must be local to the system), that is used for relayed received IPv6 ICMP error messages.
Declaration and implementation
Declaration: map_icmp_relay_source_address_command (src/plugins/map/map.c line 2098)
Implementation: map_icmp_relay_source_address_command_fn.
Summary/usage
map params icmp6 unreachables {on|off}.
Description
Send IPv6 ICMP unreachables
Example usage
vpp# map params icmp6 unreachables
Send IPv6 ICMP unreachable messages back if security check fails or no MAP domain exists.
Declaration and implementation
Declaration: map_icmp_unreachables_command (src/plugins/map/map.c line 2114)
Implementation: map_icmp_unreachables_command_fn.
Summary/usage
map params pre-resolve {ip4-nh <address>} | {ip6-nh <address>}.
Description
Bypass IP4/IP6 lookup
Example usage
vpp# map params pre-resolve
Bypass a second FIB lookup of the translated or encapsulated packet, and forward the packet directly to the specified next-hop. This optimization trades forwarding flexibility for performance.
Declaration and implementation
Declaration: map_pre_resolve_command (src/plugins/map/map.c line 2063)
Implementation: map_pre_resolve_command_fn.
Summary/usage
map params reassembly [ip4 | ip6] [lifetime <lifetime-ms>] [pool-size <pool-size>] [buffers <buffers>] [ht-ratio <ht-ratio>].
Description
Configure MAP reassembly behaviour
Example usage
vpp# map params reassembly
Declaration and implementation
Declaration: map_ip4_reass_lifetime_command (src/plugins/map/map.c line 2025)
Implementation: map_params_reass_command_fn.
Summary/usage
map params security-check on|off.
Description
Enable or disable the MAP-E inbound security check
Example usage
vpp# map params security-check
By default, a decapsulated packet's IPv4 source address will be verified against the outer header's IPv6 source address. Disabling this feature will allow IPv4 source address spoofing.
Declaration and implementation
Declaration: map_security_check_command (src/plugins/map/map.c line 2081)
Implementation: map_security_check_command_fn.
Summary/usage
map params security-check fragments on|off.
Description
Specifiy if the inbound security check should be done on fragments
Example usage
vpp# map params security-check fragments
Typically the inbound on-decapsulation security check is only done on the first packet. The packet that contains the L4 information. While a security check on every fragment is possible, it has a cost. State must be created on the first fragment.
Declaration and implementation
Declaration: map_security_check_frag_command (src/plugins/map/map.c line 2164)
Implementation: map_security_check_frag_command_fn.
Summary/usage
map params traffic-class {0x0-0xff | copy}.
Description
Set or copy the IP TOS/Traffic Class field
Example usage
vpp# map params traffic-class
This command is used to set the traffic-class field in translated or encapsulated packets. If copy is specifed (the default) then the traffic-class/TOS field is copied from the original packet to the translated / encapsulating header.
Declaration and implementation
Declaration: map_traffic_class_command (src/plugins/map/map.c line 2045)
Implementation: map_traffic_class_command_fn.
Summary/usage
show map domain index <n> [counters].
Description
Show MAP domains
Example usage
vpp# show map domain
Declaration and implementation
Declaration: show_map_domain_command (src/plugins/map/map.c line 2218)
Implementation: show_map_domain_command_fn.
Summary/usage
show map fragments.
Description
Show MAP fragmentation information
Example usage
vpp# show map fragments
Declaration and implementation
Declaration: show_map_fragments_command (src/plugins/map/map.c line 2244)
Implementation: show_map_fragments_command_fn.
Summary/usage
show map stats.
Description
Show MAP statistics
Example usage
vpp# show map stats
Declaration and implementation
Declaration: show_map_stats_command (src/plugins/map/map.c line 2231)
Implementation: show_map_stats_command_fn.