Plugin Overview

KV Scheduler plugin

More in: KVScheduler plugin

The KV Scheduler is the first step in any VPP or Linux related data processing. It validates the existence of the configuration item dependencies, handles local caching and performs retries if possible or allowed by the underlying plugin. The KV Scheduler does not operate with data directly (i.e. does not call any VPP binary API); it only determines what operations are needed to achieve the desired result.

VPP plugins

vpp-gent core VPP plugins (e.g. plugins which are always required when working with VPP). Plugin list:

  • GoVPP Multiplexer
  • Interface plugin
  • L2 plugin
  • L3 plugin
  • Access Control List (ACL)
  • ACL-based forwarding (ABF)
  • IPSec plugin
  • NAT plugin
  • Punt plugin
  • STN plugin
  • Telemetry plugin

GoVPPMux Plugin

More in: GoVPPMux plugin

The GoVPP mux plugin is the vpp-agent’s wrapper around the GoVPP and provides access to the VPP. Every plugin can interact with the VPP using the GoVPP mux. It provides an independent communication channel to the VPP instance. The communication is done via shared memory segment prefix, and the plugin also supports custom prefixes to connect to the correct VPP instance in multi-VPP environment.

Interface plugin

More in: Interface plugin

Create various types of interfaces (e.g. DPDK, MEMIF, TAP …) in VPP. It can also configure base fields (IP address, MAC address, etc.) as well as more advanced features such as unnumbered interfaces or RX-mode.

L2 plugin

More in: l2-plugin

Setup link-layer configuration items such as bridge domains, forwarding tables (FIBs) and VPP cross connects. Dependent on interface plugin.

L3 plugin

More in: l3-plugin

Configure ARP entries (including proxy ARP), VPP routes and the IP scan neighbor feature. The L3 plugin is dependent on the interface plugin.

ACL plugin

More in: ACL plugin

Handles VPP access control lists. If rules defined in the access list are met by the incoming traffic, the configured action is applied to the packets.

ACL-based forwarding (ABF) plugin

Implementation of the ACL-based forwarding feature. Performs policy-based routing (PBR) where forwarding is done based on ACL matches rather than destination address prefix.

IPSec plugin

More in: IPSec plugin

Allows one to configure security policy databases (SPD) and security associations (SA) in VPP. It also handles relationships between the SPD and SA or between SPD and an assigned interface. IPSec tunnel interfaces are not part of the IPSec plugin. Their configuration is handled by the VPP interface plugin).

NAT plugin

More in: NAT-plugin[nat-plugins]

Network address translation, or NAT is a method for translating one IP address into another by modifying (rewriting) packet headers. The vpp-agent NAT plugin is a control plane plugin for the VPP NAT dataplane implementation of NAT44. Can also DNAT44 (with load balancing useful in K8s network clusters. The NAT plugin is dependent on the interface plugin.

Punt plugin

More in: punt-plugin

Provides access to the VPP punt feature, where incoming VPP traffic matching a set pre-defined rules is ‘punted’ or redirected to the host stack or socket.


More in: telemetry plugin

Collects telemetry statistics from VPP for export to external monitoring and management tools.

STN plugin

Implementation of the control plane for the VPP STN (Steal the NIC) feature

Linux plugins

This section describes the vpp-agent’s Linux plugins used to configure the host OS. These plugins can be used as they are, or together with VPP plugins.

  • Linux interface plugin
  • Linux L3 plugin
  • IP-tables plugin
  • Namespace plugin

Linux Interface plugin

More in: Linux Interface plugin

Processes Linux interfaces related to the adjacent VPP configuration (VEth, TAPv2). Virtual Ethernet interfaces can be created by the vpp-agent.

Linux L3 plugin

More in: Linux L3 plugin

Configure Linux routes and ARPs.

IPtables plugin

More in: Linux iptables plugin

Implementation of the Linux IPtables feature.

Namespace plugin

More in: Namespace plugin

Helper plugin tied in with the Linux interface/l3 plugins. It manages namespaces in terms of Linux (named namespace) or as a microservice in container-based environment.

Connection plugins

vpp-agent connection plugins enable external data read or write without the use of a data store.

  • REST plugin
  • GRPC plugin

REST plugin

More in: REST plugin

REST API support including security.

GRPC plugin

More in: GRPC plugin

Provides base GRPC support for the vpp-agent for handling GRPC requests.

Database plugins

This section describes the vpp-agent database plugins.

  • Datasync abstraction plugin
  • Data Broker plugin
  • etcd
  • Redis
  • Consul
  • Bolt
  • Cassandra
  • FileDB

Datasync plugin

More in: Datasync plugin

defines the interfaces for the abstraction of data synchronization between app plugins and different backend data sources.

Data Broker plugin

More in: Data Broker plugin

data broker abstraction.


More in: etcd plugin

Provides access to an etcd key-value data store.


More in: Redis plugin

Provides access to an Redis key-value data store.


More in: Consul plugin

Provides access to a consul key-value data store.


More in: Bolt plugin

Provides access to a Bolt key-value data store.


More in: Cassandra

Provides access to a Cassandra MYSQL data store.


More in: FileDB plugin

Uses the OS file system as a key-value data store.

Infra plugins

Discusses the Ligato infra plugins.

  • Configurator
  • Orchestrator
  • Status Check
  • Index Map plugin
  • Log Manager
  • Messaging/Kafka
  • Process Manager
  • Service Label plugin


Configurator plugin.


In a scenario where a single vpp-agent instance receives configuration data from multiple sources (KV data store, GRPC, etc), the orchestrator plugin synchronizes retrieved data and resolve conflicts from individual sources. Data-processing plugins then see the data as coming from a single source.

Status Check

More in: Status Check plugin

Monitors the status of a Ligato infra app by collecting and aggregating partial status of vpp-agent plugins.

Index Map plugin

More in: Index Map plugin

Provides an enhanced mapping structure.

Log Manager

More in: Log Manager plugin

View and modify log levels of loggers using a REST API.


More in: Messaging/Kafka plugin

Provides single purpose clients for publishing synchronous/asynchronous messages and for consuming selected topics.

Process Manager

More in: Process Manager plugin

Set of methods to create a process instance to manage and monitor plugins.

Service Label plugin

More in: Service Label plugin

Other plugins can use this to obtain the microservice label, more specifically the string used to identify a particular VPP instance.