This section describes two topologies for testing the architecture.
Single DSC Topology
Figure 1 shows a single Distributed Services Card (DSC) topology used for testing the architecture. The VXLAN packets are sent from workload-1 (WL-1), which creates an initiator flow (iflow) for the inner IP and a responder flow (rflow) for the reverse path from workload-2 (WL-2). An unencapsulated IP packet is returned so that the existing rflow is hit and the packet is forwarded or dropped based on policy and route evaluation.
Dual DSC Topology
Figure 2 shows a dual DSC topology. Two DSCs are connected back-to-back using port Eth 1/2. The other uplink ports of DSC1 and DSC2 (Eth1/1) are connected to Ixia traffic generator ports 1 and 2, respectively. The SDN Policy Offload reference P4 program runs on both DSCs.
DSC-1 is based on a permitted security policy and route and route LPM lookup routes IP traffic from port-1 to DSC-2 via port Eth1/2.
DSC-2 is based on a permitted security policy and LPM route evaluation forwards the IP packet to Ixia port-2. For performance analysis, traffic should be started and run symmetrically from Ixia port-1 and port-2 for testing bi-directional throughput.