Important bits of the config:
set interfaces ethernet eth2 vif 1000 address '172.16.0.251/24' set vpp settings interface eth2 driver 'dpdk' set vpp settings interface eth2 rx-mode 'polling' set vpp acl ip tag-name drop-all rule 1000 action 'deny' set vpp acl ip interface eth2.1000 input acl-tag 100 tag-name 'drop-all'
Linux-CP created a VPP VLAN interface:
david@vyos# run show vpp interfaces
Kernel Dataplane Type IP Address MAC MTU State
--------- ------------ ------ ----------------- ----------------- ----- -------
eth2 dpdk 10:70:fd:1a:c6:01 1500 up
eth2.1000 dpdk 172.16.0.251/24 00:00:00:00:00:00 1500 up
local0 local 00:00:00:00:00:00 0 down
eth2 tap4096 virtio 02:fe:9a:22:a9:96 9000 up
eth2.1000 tap4096.1000 virtio 00:00:00:00:00:00 0 up
david@vyos# sudo vppctl show interface eth2.1000
Name Idx State MTU (L3/IP4/IP6/MPLS) Counter Count
eth2.1000 3 up 1500/0/0/0 rx packets 3035
rx bytes 182100
tx packets 10
tx bytes 1136
ip4 3035But applying ACL fails because VyOS isn't aware of the VPP VLAN interface Linux-CP created:
david@vyos# commit [ vpp acl ] eth2.1000 must be a VPP interface for ACL interface [[vpp acl]] failed Commit failed