VPP: T7175: Add sFlow conf mode CLI and startup template

[ServerForge]

Change Summary

Added conf mode CLI for VPP sflow plugin and updated VPP template to include plugin.

Types of changes

• Bug fix (non-breaking change which fixes an issue)
• New feature (non-breaking change which adds functionality)
• Code style update (formatting, renaming)
• Refactoring (no functional changes)
• Other (please describe):

Related Task(s)

https://vyos.dev/T7175

Related PR(s)

vyos/vyos-build#962

Proposed changes

Added conf mode CLI for VPP sflow plugin and updated VPP template to include plugin. It allows configuring the VPP interfaces that will be sampled and the sample rate. Currently only ingress sampling is supported by the plugin. There is an additional setting that needs to be flipped under the "system sflow" that will tell it to poll the VPP plugin and has a PR active under the vyos-1x repo.

vyos@vyos# show vpp sflow 
 interface eth0
 interface eth1
 sample-rate 5588

How to test

Checklist:

• I have read the CONTRIBUTING document
• I have linked this PR to one or more Phabricator Task(s)
• My commit headlines contain a valid Task id
• My change requires a change to the documentation
• I have updated the documentation accordingly

[sever-sever]

I do not see any config dependencies that probably should be https://github.com/vyos/vyos-vpp/blob/current/data/config-mode-dependencies/vyos-vpp.json
Rebase please and check this case:

1. Configure VPP (commit)
2. Configure sFlow (commit)
3. Configure another feature (NAT/Tunnel/acl) commit
4. Re-check if you still have working sFlow (most likely will not work without calling config dependencies)

[github-actions]

All contributors have signed the CLA ✍️ ✅
_{Posted by the CLA Assistant Lite bot.}

[ServerForge]

Adding another config afterwards did break it. It should be resolved now. Tested with the following.

Starting config:

 settings {
     interface eth0 {
         driver dpdk
     }
     interface eth1 {
         driver dpdk
     }
 }
 sflow {
     interface eth0
     interface eth1
     sample-rate 5588
 }

Additions:

[vpp]
+ nat {
+     cgnat {
+         interface {
+             inside "eth0"
+             outside "eth1"
+         }
+         rule 1 {
+             inside-prefix "192.168.1.0/24"
+             outside-prefix "192.168.2.0/24"
+         }
+     }
+ }

[evgsentrium]

recheck

[sever-sever]

The actual node for the system sflow is vpp, not enable_vpp

set system sflow interface 'eth1'
set system sflow server 127.0.0.1
set system sflow vpp

[sever-sever]

Fixed in the commit db307de

[sever-sever]

Remove extra unexpected whitespaces

[sever-sever]

@ServerForge do you know if subinterfaces are also allowed for this plugin?
For example

set interfaces ethernet eth1 address '192.0.2.1/30'
set interfaces ethernet eth1 description 'LAN'
set interfaces ethernet eth1 vif 11 address '10.0.11.1/30'
set interfaces ethernet eth1 vif 12 address '10.0.12.1/30'
set interfaces ethernet eth1 vif 13 address '10.0.13.1/30'
set interfaces ethernet eth1 vif 14 address '10.0.14.1/30'
set interfaces ethernet eth1 vif 15 address '10.0.15.1/30'
set interfaces ethernet eth1 vif 16 address '10.0.16.1/30'
set interfaces ethernet eth1 vif 17 address '10.0.17.1/30'
set interfaces ethernet eth1 vif 18 address '10.0.18.1/30'
set interfaces ethernet eth1 vif 19 address '10.0.19.1/30'
set interfaces ethernet eth1 vif 20 address '10.0.20.1/30'
set interfaces ethernet eth1 vif 21 address '10.0.21.1/30'
set interfaces ethernet eth1 vif 22 address '10.0.22.1/30'
set interfaces ethernet eth1 vif 23 address '10.0.23.1/30'
set interfaces ethernet eth1 vif 24 address '10.0.24.1/30'
set interfaces ethernet eth1 vif 25 address '10.0.25.1/30'
set interfaces ethernet eth1 vif 26 address '10.0.26.1/30'
set system option kernel cpu disable-nmi-watchdog
set system option kernel cpu isolate-cpus '1,2,4-5'
set system option kernel cpu nohz-full '1,2,4-5'
set system option kernel cpu rcu-no-cbs '1,2,4-5'
set system option kernel disable-hpet
set system option kernel disable-mce
set system option kernel disable-mitigations
set system option kernel disable-softlockup
set system option kernel memory default-hugepage-size '2M'
set system option kernel memory disable-numa-balancing
set system option kernel memory hugepage-size 1G hugepage-count '2'
set system option kernel memory hugepage-size 2M hugepage-count '1650'
set system sflow interface 'eth1'
set system sflow server 127.0.0.1
set system sflow vpp

set vpp settings host-resources max-map-count '65535'
set vpp settings interface eth1 dpdk-options promisc
set vpp settings interface eth1 driver 'dpdk'
set vpp settings memory main-heap-page-size '2M'
set vpp settings memory main-heap-size '3G'
set vpp settings statseg size '128M'
set vpp settings unix poll-sleep-usec '222'


vyos@r14# set vpp sflow interface eth1.11
[edit]
vyos@r14# commit
[ vpp sflow ]
eth1.11 must be a VPP interface for sFlow monitoring
[[vpp sflow]] failed
Commit failed
[edit]
vyos@r14# 

[Copilot]

Pull Request Overview

Adds sFlow monitoring capabilities to VyOS VPP data-plane configuration by implementing configuration mode CLI and enabling the sFlow plugin. The feature allows configuring VPP interfaces for sFlow sampling with configurable sample rates.

• Implements configuration mode handler for VPP sFlow settings including interface selection and sample rate configuration
• Updates VPP startup template to enable the sFlow plugin by default
• Adds configuration dependencies and interface definitions to integrate sFlow into the VyOS configuration system

Reviewed Changes

Copilot reviewed 5 out of 5 changed files in this pull request and generated 3 comments.

Show a summary per file

File	Description
src/conf_mode/vpp_sflow.py	New configuration mode script implementing sFlow validation, configuration parsing, and VPP API integration
src/conf_mode/vpp.py	Adds sFlow dependency tracking to main VPP configuration handler
interface-definitions/vpp.xml.in	Defines CLI interface for sFlow configuration with interface and sample-rate options
data/templates/vpp/startup.conf.j2	Enables sFlow plugin in VPP startup configuration
data/config-mode-dependencies/vyos-vpp.json	Adds sFlow to VPP configuration dependencies

[sever-sever]

Basic feature works
Added some fixes and the smoketest

vyos@r14:~$ /usr/libexec/vyos/tests/smoke/cli/test_vpp.py
test_01_vpp_basic (__main__.TestVPP.test_01_vpp_basic) ... ok
test_02_vpp_vxlan (__main__.TestVPP.test_02_vpp_vxlan) ... ok
test_03_vpp_gre (__main__.TestVPP.test_03_vpp_gre) ... ok
test_04_vpp_geneve (__main__.TestVPP.test_04_vpp_geneve) ... skipped 'Skipping this test geneve index always is 0'
test_05_vpp_loopback (__main__.TestVPP.test_05_vpp_loopback) ... ok
test_06_vpp_bonding (__main__.TestVPP.test_06_vpp_bonding) ... skipped 'Skipping temporary bonding, sometimes get recursion T7117'
test_07_vpp_bridge (__main__.TestVPP.test_07_vpp_bridge) ... ok
test_08_vpp_ipip (__main__.TestVPP.test_08_vpp_ipip) ... ok
test_09_vpp_xconnect (__main__.TestVPP.test_09_vpp_xconnect) ... ok
test_10_vpp_driver_options (__main__.TestVPP.test_10_vpp_driver_options) ... ok
test_11_vpp_cpu_settings (__main__.TestVPP.test_11_vpp_cpu_settings) ... ok
test_12_vpp_cpu_corelist_workers (__main__.TestVPP.test_12_vpp_cpu_corelist_workers) ... ok
test_13_1_buffer_page_size (__main__.TestVPP.test_13_1_buffer_page_size) ... ok
test_13_2_statseg_page_size (__main__.TestVPP.test_13_2_statseg_page_size) ... ok
test_13_3_mem_page_size (__main__.TestVPP.test_13_3_mem_page_size) ... ok
test_14_mem_default_hugepage (__main__.TestVPP.test_14_mem_default_hugepage) ... ok
test_15_vpp_ipsec_xfrm_nl (__main__.TestVPP.test_15_vpp_ipsec_xfrm_nl) ... ok
test_16_vpp_cgnat (__main__.TestVPP.test_16_vpp_cgnat) ... ok
test_17_vpp_nat (__main__.TestVPP.test_17_vpp_nat) ... ok
test_18_vpp_sflow (__main__.TestVPP.test_18_vpp_sflow) ... ok

----------------------------------------------------------------------
Ran 20 tests in 367.223s

OK (skipped=2)
vyos@r14:~$ 

We'll extend and improve it later

[sever-sever]

1. Adding new interfaces to sFlow does not work:

vyos@r14# run show conf com | match "vpp|sflow"
set system sflow interface 'eth1'
set system sflow interface 'eth2'
set system sflow server 127.0.0.1
set system sflow vpp
set vpp settings interface eth1 driver 'dpdk'
set vpp settings interface eth2 driver 'dpdk'
set vpp settings unix poll-sleep-usec '50'
set vpp sflow interface 'eth1'
[edit]
vyos@r14# 
[edit]
vyos@r14# 
[edit]
vyos@r14# sudo vppctl show sflow
sflow sampling-rate 10000
sflow sampling-direction ingress
sflow polling-interval 20
sflow header-bytes 128
sflow enable eth1
Status
  interfaces enabled: 1
  packet samples sent: 0
  packet samples dropped: 0
  counter samples sent: 2
  counter samples dropped: 0
[edit]
vyos@r14# 
[edit]
vyos@r14# set vpp sflow interface eth2
[edit]
vyos@r14# commit
[ vpp sflow ]
Traceback (most recent call last):
  File "/usr/libexec/vyos/services/vyos-configd", line 156, in run_script
    script.apply(c)
  File "/usr/libexec/vyos/conf_mode/vpp_sflow.py", line 133, in apply
    # Enable sFlow on specified interfaces
        ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/usr/lib/python3/dist-packages/vyos/vpp/control_vpp.py", line 81, in check_retval_wrapper
    raise VPPValueError(f'VPP API call failed: {return_value.retval}')
vpp_papi.vpp_papi.VPPValueError: VPP API call failed: -1

[[vpp sflow]] failed
Commit failed
[edit]
vyos@r14# 

2. Deleting sflow from VPP does nothing

vyos@r14# delete vpp sflow 
[edit]
vyos@r14# commit
[ vpp sflow ]
{'effective': {'interface': ['eth1']},
 'system_sflow': {'interface': ['eth1', 'eth2'],
                  'server': {'127.0.0.1': {}},
                  'vpp': {}},
 'vpp_ifaces': ['eth1', 'eth2']}

[edit]
vyos@r14# sudo vppctl show sflow
sflow sampling-rate 10000
sflow sampling-direction ingress
sflow polling-interval 20
sflow header-bytes 128
sflow enable eth1
sflow enable eth2
Status
  interfaces enabled: 2
  packet samples sent: 0
  packet samples dropped: 0
  counter samples sent: 29
  counter samples dropped: 0
[edit]
vyos@r14# 

3. The config_changed is defined but not used anywhere...

[dmbaturin]

@ServerForge Thanks for the effort! The PR is now merged and we'll apply our suggestions ourselves.