Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
918
Views
10
Helpful
4
Replies

Incoming UDP traffic to third-party apps on IOS XR (7.1.2)

DallasMcCall
Level 1
Level 1

‎03-12-2021 08:13 AM

Hi, I'm trying to accept udp traffic from within a linux container on an ncs 5001.

 

On the router, the lpts ifib statistics show rejections that increment with each packet I send, so I'm assuming it's blocking my traffic:

 

#show lpts ifib statistics
Fri Mar 12 07:55:27.732 PST
Flow Manager 0/RP0/CPU0:
Packets in: 140125640905045
Packets delivered locally without lookups: 113
Slice lookups: 140125761577526
Explicit drops: 140125640905045
No-entry drops: 140125761577526
Reject rate-limit drops: 140125640905045
Rejects: 10 # <-- This Increments each time I get a UDP packet packet bound for the container
Packets delivered locally: 40
Packets delivered remotely: 0
Statistics last cleared: Fri Mar 12 07:54:50 2021

 

Looking at the knobs available to me (mostly from this guide), it looks like I can configure rate limits with:

lpts pifib hardware police

but I already have sane-looking settings for udp traffic (nothing with rate 0).

 

Is there something else that would cause lpts to reject incoming traffic? And if so, how do I configure it?

Labels:
4 Replies 4

smilstea
Cisco Employee
Cisco Employee

‎03-13-2021 06:18 PM

I should note that I have not played around with third-party containers in XR, but this guide seems to make it out like KIM will signal to LPTS for any ports to open.

https://xrdocs.io/application-hosting/blogs/2019-08-19-application-hosting-and-packet-io-on-ios-xr-a-deep-dive/

 

Did you also set a TPA address for routing between the VM and the outside world?

 

Sam

DallasMcCall
Level 1
Level 1
In response to smilstea

‎03-15-2021 02:37 PM

Thanks for the link to that post! Very helpful details (and seems to mostly agree with the behavior I've been seeing).

 

To sanity-check myself, I setup a similar test, but with TCP and was able to send and receive traffic normally -- so I think I have the basic routing setup ~correctly and that this seems to affect UDP specifically.

 

Unfortunately, I'm still at a bit of a loss about what to try next

0 Helpful

smilstea
Cisco Employee
Cisco Employee
In response to DallasMcCall

‎03-15-2021 06:00 PM

Is there any difference in how the application in the third-party container registers tcp vs udp sockets back to the kernel? I mean do you see the socket as open in both applications in the container? Just no LPTS entry on the XR side?

 

I would start by getting a show tech lpts and show tech kim, and then we would probably need a TAC case to determine if the right calls between kernel and XR etc are being made.

 

Sam

0 Helpful

DallasMcCall
Level 1
Level 1
In response to smilstea

‎03-31-2021 08:38 AM

Sorry for the slow response -- I've filed a TAC case to help figure this out.

 

Upon further investigation, it looks like the specific way I'm creating the socket isn't being picked up by LPTS (I do a socket() and a bind() -- with no connect()). This shows up in netstat and works on other platforms, so I believe we're just not using whichever syscall KIM is looking for (documentation on what it looks for is unfortunately sparse). This is further confirmed by the fact that if I set up a udp socket with nc, it shows up in LPTS without issue.

 

I'll update this thread with whatever I find out from the TAC case.

 

Thanks again for the pointers!

0 Helpful
Customers Also Viewed These Support Documents