回复: [vpp-dev] Add ip route without next-hop-address
Hi Neale, I found a solution recently, create a virtual interface by VNET_HW_INTERFACE_CLASS (svti_hw_class), and add route like this: vpp# show interface Name IdxState MTU (L3/IP4/IP6/MPLS) Counter Count GigabitEthernet0/a/0 1 up 9000/0/0/0 rx packets 1058 rx bytes 59654 tx packets 7 tx bytes 530 drops 879 ip4 174 ip6 5 GigabitEthernet0/b/0 2 up 9000/0/0/0 rx packets 1053 rx bytes 59304 tx packets 7 tx bytes 530 drops 876 ip4 174 ip6 2 local00 down 0/0/0/0 svti 3 up 0/0/0/0 vpp# ip route add 173.2.0.0/24 via svti Best Rregards Dave 发件人: Neale Ranns (nranns) 发送时间: 2019年8月27日 15:18 收件人: shi dave ; vpp-dev@lists.fd.io 主题: Re: [vpp-dev] Add ip route without next-hop-address Hi Dave, As with all IP routing, you need to configure the route with the nexthop on that interface’s subnet. So : Ip route 173.2.0.0/24 via GigEthx/y/z Rather than Ip route 173.2.0.0/24 via GigEthx/y/z /neale From: shi dave Date: Friday 23 August 2019 at 09:36 To: "Neale Ranns (nranns)" , "vpp-dev@lists.fd.io" Subject: [vpp-dev] Add ip route without next-hop-address Hi Neale, that's my desired flow, the actual flow is 00:04:08:057376: dpdk-input GigabitEthernet0/b/0 rx queue 0 buffer 0xcc2f: current data 0, length 98, free-list 0, clone-count 0, totlen-nifb 0, trace 0x3 ext-hdr-valid l4-cksum-computed l4-cksum-correct PKT MBUF: port 1, nb_segs 1, pkt_len 98 buf_len 2176, data_len 98, ol_flags 0x0, data_off 128, phys_addr 0x55330c40 packet_type 0x0 l2_len 0 l3_len 0 outer_l2_len 0 outer_l3_len 0 rss 0x0 fdir.hi 0x0 fdir.lo 0x0 IP4: 52:54:00:ce:64:f0 -> 52:54:00:e7:2a:c5 ICMP: 173.10.10.10 -> 173.2.0.1 tos 0x00, ttl 64, length 84, checksum 0x5683 fragment id 0xc00e ICMP echo_reply checksum 0x15c2 00:04:08:057383: ethernet-input frame: flags 0x1, hw-if-index 2, sw-if-index 2 IP4: 52:54:00:ce:64:f0 -> 52:54:00:e7:2a:c5 00:04:08:057386: ip4-input ICMP: 173.10.10.10 -> 173.2.0.1 tos 0x00, ttl 64, length 84, checksum 0x5683 fragment id 0xc00e ICMP echo_reply checksum 0x15c2 00:04:08:057397: ip4-lookup fib 0 dpo-idx 0 flow hash: 0x ICMP: 173.10.10.10 -> 173.2.0.1 tos 0x00, ttl 64, length 84, checksum 0x5683 fragment id 0xc00e ICMP echo_reply checksum 0x15c2 00:04:08:057416: ip4-glean ICMP: 173.10.10.10 -> 173.2.0.1 tos 0x00, ttl 64, length 84, checksum 0x5683 fragment id 0xc00e ICMP echo_reply checksum 0x15c2 00:04:08:057645: GigabitEthernet0/a/0-output GigabitEthernet0/a/0 ARP: 52:54:00:90:bc:7e -> ff:ff:ff:ff:ff:ff 00:04:08:057651: error-drop ip4-glean: ARP requests sent from the trace, it need the mac of 173.2.0.1, then the packet could be routed to GigabitEthernet0/a/0. I don't want this ARP request, the 173.2.0.1 is a inner ip, VPP may could not get that ARP response. Best Rregards Dave 发件人: Neale Ranns (nranns) 发送时间: 2019年8月23日 15:18 收件人: shi dave ; vpp-dev@lists.fd.io 主题: Re: 回复: 回复: 回复: [vpp-dev] Add ip route without next-hop-address Hi Dave, That flow would suggest the packet was correctly sent out of GigEth0/a/0 with the destination MAC of 172.16.3.1. was that not the case? Or was that your desired flow not the actual? /neale De : shi dave Date : vendredi 23 août 2019 à 09:11 À : "Neale Ranns (nranns)" , "vpp-dev@lists.fd.io" Objet : 回复: 回复: 回复: [vpp-dev] Add ip route without next-hop-address Hi Neale, sorry, clerical error, the flow is dpdk-input ip4-input (Gigab
Re: [vpp-dev] Add ip route without next-hop-address
Hi Dave, As with all IP routing, you need to configure the route with the nexthop on that interface’s subnet. So : Ip route 173.2.0.0/24 via GigEthx/y/z Rather than Ip route 173.2.0.0/24 via GigEthx/y/z /neale From: shi dave Date: Friday 23 August 2019 at 09:36 To: "Neale Ranns (nranns)" , "vpp-dev@lists.fd.io" Subject: [vpp-dev] Add ip route without next-hop-address Hi Neale, that's my desired flow, the actual flow is 00:04:08:057376: dpdk-input GigabitEthernet0/b/0 rx queue 0 buffer 0xcc2f: current data 0, length 98, free-list 0, clone-count 0, totlen-nifb 0, trace 0x3 ext-hdr-valid l4-cksum-computed l4-cksum-correct PKT MBUF: port 1, nb_segs 1, pkt_len 98 buf_len 2176, data_len 98, ol_flags 0x0, data_off 128, phys_addr 0x55330c40 packet_type 0x0 l2_len 0 l3_len 0 outer_l2_len 0 outer_l3_len 0 rss 0x0 fdir.hi 0x0 fdir.lo 0x0 IP4: 52:54:00:ce:64:f0 -> 52:54:00:e7:2a:c5 ICMP: 173.10.10.10 -> 173.2.0.1 tos 0x00, ttl 64, length 84, checksum 0x5683 fragment id 0xc00e ICMP echo_reply checksum 0x15c2 00:04:08:057383: ethernet-input frame: flags 0x1, hw-if-index 2, sw-if-index 2 IP4: 52:54:00:ce:64:f0 -> 52:54:00:e7:2a:c5 00:04:08:057386: ip4-input ICMP: 173.10.10.10 -> 173.2.0.1 tos 0x00, ttl 64, length 84, checksum 0x5683 fragment id 0xc00e ICMP echo_reply checksum 0x15c2 00:04:08:057397: ip4-lookup fib 0 dpo-idx 0 flow hash: 0x ICMP: 173.10.10.10 -> 173.2.0.1 tos 0x00, ttl 64, length 84, checksum 0x5683 fragment id 0xc00e ICMP echo_reply checksum 0x15c2 00:04:08:057416: ip4-glean ICMP: 173.10.10.10 -> 173.2.0.1 tos 0x00, ttl 64, length 84, checksum 0x5683 fragment id 0xc00e ICMP echo_reply checksum 0x15c2 00:04:08:057645: GigabitEthernet0/a/0-output GigabitEthernet0/a/0 ARP: 52:54:00:90:bc:7e -> ff:ff:ff:ff:ff:ff 00:04:08:057651: error-drop ip4-glean: ARP requests sent from the trace, it need the mac of 173.2.0.1, then the packet could be routed to GigabitEthernet0/a/0. I don't want this ARP request, the 173.2.0.1 is a inner ip, VPP may could not get that ARP response. Best Rregards Dave 发件人: Neale Ranns (nranns) 发送时间: 2019年8月23日 15:18 收件人: shi dave ; vpp-dev@lists.fd.io 主题: Re: 回复: 回复: 回复: [vpp-dev] Add ip route without next-hop-address Hi Dave, That flow would suggest the packet was correctly sent out of GigEth0/a/0 with the destination MAC of 172.16.3.1. was that not the case? Or was that your desired flow not the actual? /neale De : shi dave Date : vendredi 23 août 2019 à 09:11 À : "Neale Ranns (nranns)" , "vpp-dev@lists.fd.io" Objet : 回复: 回复: 回复: [vpp-dev] Add ip route without next-hop-address Hi Neale, sorry, clerical error, the flow is dpdk-input ip4-input (GigabitEthernet0/b/0) ip4-lookup ip4-rewrite (GigabitEthernet0/a/0) ipsec-output-ip4 dpdk-esp-encrypt dpdk-crypto-input ip4-lookup (dst 172.16.3.1) ip4-rewrite (GigabitEthernet0/a/0) ipsec-output-ip4 (by pass) Best Rregards Dave 发件人: vpp-dev@lists.fd.io 代表 shi dave 发送时间: 2019年8月23日 15:03 收件人: Neale Ranns (nranns) ; vpp-dev@lists.fd.io 主题: 回复: 回复: [vpp-dev] Add ip route without next-hop-address Hi Neale, When routing to GigabitEthernet0/a/0, it could run into ipsec-output-ip4, then the packet will be added a ipsec tunnel ip (src 172.16.3.15, dst 172.16.3.1), so the destination MAC is the mac of 172.16.3.1 the flow is like: dpdk-input ip4-input (GigabitEthernet0/b/0) ip4-lookup ip4-rewrite (GigabitEthernet0/b/0) ipsec-output-ip4 dpdk-esp-encrypt dpdk-crypto-input ip4-lookup (dst 172.16.3.1) ip4-rewrite (GigabitEthernet0/b/0) ipsec-output-ip4 (by pass) Best Rregards Dave 发件人: Neale Ranns (nranns) 发送时间: 2019年8月23日 14:53 收件人: shi dave ; vpp-dev@lists.fd.io 主题: Re: 回复: [vpp-dev] Add ip route without next-hop-address Hi Dave, When routing to GigabitEthernet0/a/0 what destination MAC address should the packet have? /neale De : shi dave Date : vendredi 23 août 2019 à 05:01 À : "Neale Ranns (nranns)" , "vpp-dev@lists.fd.io" Objet : 回复: [vpp-dev] Add ip route without next-hop-address Hi Neale, yes, it's a correct behavior for VPP ARP for 173.2.0.1, but in my case, 173.2.0.1 is a inner ip(src 173.10.10.10, dst 173.2.0.1), the outer ip is IPSEC tunnel ip(src 172.16.3.15, dst 172.16.3.1), so that's no sense to get the mac of 173.2.0.1. so is there have any method to route the packet from GigabitEthernet0/b/0 to GigabitEthernet0/a/0, without send any ARP request? Best Rregards Dave 发件人: Neale Ranns (nranns) 发送时间: 2019年8月22日 22:03 收件人: shi dave ; vpp-dev@lists.fd.io 主题: Re: [vpp-dev] Add ip route without next-hop-address Hi Dave, but from the trace, it send a ARP request to ask 173.2.0.1 directly i
[vpp-dev] Add ip route without next-hop-address
Hi Neale, that's my desired flow, the actual flow is 00:04:08:057376: dpdk-input GigabitEthernet0/b/0 rx queue 0 buffer 0xcc2f: current data 0, length 98, free-list 0, clone-count 0, totlen-nifb 0, trace 0x3 ext-hdr-valid l4-cksum-computed l4-cksum-correct PKT MBUF: port 1, nb_segs 1, pkt_len 98 buf_len 2176, data_len 98, ol_flags 0x0, data_off 128, phys_addr 0x55330c40 packet_type 0x0 l2_len 0 l3_len 0 outer_l2_len 0 outer_l3_len 0 rss 0x0 fdir.hi 0x0 fdir.lo 0x0 IP4: 52:54:00:ce:64:f0 -> 52:54:00:e7:2a:c5 ICMP: 173.10.10.10 -> 173.2.0.1 tos 0x00, ttl 64, length 84, checksum 0x5683 fragment id 0xc00e ICMP echo_reply checksum 0x15c2 00:04:08:057383: ethernet-input frame: flags 0x1, hw-if-index 2, sw-if-index 2 IP4: 52:54:00:ce:64:f0 -> 52:54:00:e7:2a:c5 00:04:08:057386: ip4-input ICMP: 173.10.10.10 -> 173.2.0.1 tos 0x00, ttl 64, length 84, checksum 0x5683 fragment id 0xc00e ICMP echo_reply checksum 0x15c2 00:04:08:057397: ip4-lookup fib 0 dpo-idx 0 flow hash: 0x ICMP: 173.10.10.10 -> 173.2.0.1 tos 0x00, ttl 64, length 84, checksum 0x5683 fragment id 0xc00e ICMP echo_reply checksum 0x15c2 00:04:08:057416: ip4-glean ICMP: 173.10.10.10 -> 173.2.0.1 tos 0x00, ttl 64, length 84, checksum 0x5683 fragment id 0xc00e ICMP echo_reply checksum 0x15c2 00:04:08:057645: GigabitEthernet0/a/0-output GigabitEthernet0/a/0 ARP: 52:54:00:90:bc:7e -> ff:ff:ff:ff:ff:ff 00:04:08:057651: error-drop ip4-glean: ARP requests sent from the trace, it need the mac of 173.2.0.1, then the packet could be routed to GigabitEthernet0/a/0. I don't want this ARP request, the 173.2.0.1 is a inner ip, VPP may could not get that ARP response. Best Rregards Dave 发件人: Neale Ranns (nranns) 发送时间: 2019年8月23日 15:18 收件人: shi dave ; vpp-dev@lists.fd.io 主题: Re: 回复: 回复: 回复: [vpp-dev] Add ip route without next-hop-address Hi Dave, That flow would suggest the packet was correctly sent out of GigEth0/a/0 with the destination MAC of 172.16.3.1. was that not the case? Or was that your desired flow not the actual? /neale De : shi dave Date : vendredi 23 août 2019 à 09:11 À : "Neale Ranns (nranns)" , "vpp-dev@lists.fd.io" Objet : 回复: 回复: 回复: [vpp-dev] Add ip route without next-hop-address Hi Neale, sorry, clerical error, the flow is dpdk-input ip4-input (GigabitEthernet0/b/0) ip4-lookup ip4-rewrite (GigabitEthernet0/a/0) ipsec-output-ip4 dpdk-esp-encrypt dpdk-crypto-input ip4-lookup (dst 172.16.3.1) ip4-rewrite (GigabitEthernet0/a/0) ipsec-output-ip4 (by pass) Best Rregards Dave 发件人: vpp-dev@lists.fd.io 代表 shi dave 发送时间: 2019年8月23日 15:03 收件人: Neale Ranns (nranns) ; vpp-dev@lists.fd.io 主题: 回复: 回复: [vpp-dev] Add ip route without next-hop-address Hi Neale, When routing to GigabitEthernet0/a/0, it could run into ipsec-output-ip4, then the packet will be added a ipsec tunnel ip (src 172.16.3.15, dst 172.16.3.1), so the destination MAC is the mac of 172.16.3.1 the flow is like: dpdk-input ip4-input (GigabitEthernet0/b/0) ip4-lookup ip4-rewrite (GigabitEthernet0/b/0) ipsec-output-ip4 dpdk-esp-encrypt dpdk-crypto-input ip4-lookup (dst 172.16.3.1) ip4-rewrite (GigabitEthernet0/b/0) ipsec-output-ip4 (by pass) Best Rregards Dave 发件人: Neale Ranns (nranns) 发送时间: 2019年8月23日 14:53 收件人: shi dave ; vpp-dev@lists.fd.io 主题: Re: 回复: [vpp-dev] Add ip route without next-hop-address Hi Dave, When routing to GigabitEthernet0/a/0 what destination MAC address should the packet have? /neale De : shi dave Date : vendredi 23 août 2019 à 05:01 À : "Neale Ranns (nranns)" , "vpp-dev@lists.fd.io" Objet : 回复: [vpp-dev] Add ip route without next-hop-address Hi Neale, yes, it's a correct behavior for VPP ARP for 173.2.0.1, but in my case, 173.2.0.1 is a inner ip(src 173.10.10.10, dst 173.2.0.1), the outer ip is IPSEC tunnel ip(src 172.16.3.15, dst 172.16.3.1), so that's no sense to get the mac of 173.2.0.1. so is there have any method to route the packet from GigabitEthernet0/b/0 to GigabitEthernet0/a/0, without send any ARP request? Best Rregards Dave 发件人: Neale Ranns (nranns) 发送时间: 2019年8月22日 22:03 收件人: shi dave ; vpp-dev@lists.fd.io 主题: Re: [vpp-dev] Add ip route without next-hop-address Hi Dave, but from the trace, it send a ARP request to ask 173.2.0.1 directly ip4-lookup -> ip4-glean -> GigabitEthernet0/a/0-output -> ip4-glean: ARP requests sent how could I avoid this ARP request, like ? ip4-lookup -> ip4-rewrite (GigabitEthernet0/a/0) -> ipsec-output-ip4 VPP is ARPing for 173.2.0.1. What do you want it to do instead? neale -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#13831): https:/
Re: 回复: 回复: 回复: [vpp-dev] Add ip route without next-hop-address
Hi Dave, That flow would suggest the packet was correctly sent out of GigEth0/a/0 with the destination MAC of 172.16.3.1. was that not the case? Or was that your desired flow not the actual? /neale De : shi dave Date : vendredi 23 août 2019 à 09:11 À : "Neale Ranns (nranns)" , "vpp-dev@lists.fd.io" Objet : 回复: 回复: 回复: [vpp-dev] Add ip route without next-hop-address Hi Neale, sorry, clerical error, the flow is dpdk-input ip4-input (GigabitEthernet0/b/0) ip4-lookup ip4-rewrite (GigabitEthernet0/a/0) ipsec-output-ip4 dpdk-esp-encrypt dpdk-crypto-input ip4-lookup (dst 172.16.3.1) ip4-rewrite (GigabitEthernet0/a/0) ipsec-output-ip4 (by pass) Best Rregards Dave 发件人: vpp-dev@lists.fd.io 代表 shi dave 发送时间: 2019年8月23日 15:03 收件人: Neale Ranns (nranns) ; vpp-dev@lists.fd.io 主题: 回复: 回复: [vpp-dev] Add ip route without next-hop-address Hi Neale, When routing to GigabitEthernet0/a/0, it could run into ipsec-output-ip4, then the packet will be added a ipsec tunnel ip (src 172.16.3.15, dst 172.16.3.1), so the destination MAC is the mac of 172.16.3.1 the flow is like: dpdk-input ip4-input (GigabitEthernet0/b/0) ip4-lookup ip4-rewrite (GigabitEthernet0/b/0) ipsec-output-ip4 dpdk-esp-encrypt dpdk-crypto-input ip4-lookup (dst 172.16.3.1) ip4-rewrite (GigabitEthernet0/b/0) ipsec-output-ip4 (by pass) Best Rregards Dave 发件人: Neale Ranns (nranns) 发送时间: 2019年8月23日 14:53 收件人: shi dave ; vpp-dev@lists.fd.io 主题: Re: 回复: [vpp-dev] Add ip route without next-hop-address Hi Dave, When routing to GigabitEthernet0/a/0 what destination MAC address should the packet have? /neale De : shi dave Date : vendredi 23 août 2019 à 05:01 À : "Neale Ranns (nranns)" , "vpp-dev@lists.fd.io" Objet : 回复: [vpp-dev] Add ip route without next-hop-address Hi Neale, yes, it's a correct behavior for VPP ARP for 173.2.0.1, but in my case, 173.2.0.1 is a inner ip(src 173.10.10.10, dst 173.2.0.1), the outer ip is IPSEC tunnel ip(src 172.16.3.15, dst 172.16.3.1), so that's no sense to get the mac of 173.2.0.1. so is there have any method to route the packet from GigabitEthernet0/b/0 to GigabitEthernet0/a/0, without send any ARP request? Best Rregards Dave 发件人: Neale Ranns (nranns) 发送时间: 2019年8月22日 22:03 收件人: shi dave ; vpp-dev@lists.fd.io 主题: Re: [vpp-dev] Add ip route without next-hop-address Hi Dave, but from the trace, it send a ARP request to ask 173.2.0.1 directly ip4-lookup -> ip4-glean -> GigabitEthernet0/a/0-output -> ip4-glean: ARP requests sent how could I avoid this ARP request, like ? ip4-lookup -> ip4-rewrite (GigabitEthernet0/a/0) -> ipsec-output-ip4 VPP is ARPing for 173.2.0.1. What do you want it to do instead? neale -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#13830): https://lists.fd.io/g/vpp-dev/message/13830 Mute This Topic: https://lists.fd.io/mt/32998559/21656 Group Owner: vpp-dev+ow...@lists.fd.io Unsubscribe: https://lists.fd.io/g/vpp-dev/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
回复: 回复: 回复: [vpp-dev] Add ip route without next-hop-address
Hi Neale, sorry, clerical error, the flow is dpdk-input ip4-input (GigabitEthernet0/b/0) ip4-lookup ip4-rewrite (GigabitEthernet0/a/0) ipsec-output-ip4 dpdk-esp-encrypt dpdk-crypto-input ip4-lookup (dst 172.16.3.1) ip4-rewrite (GigabitEthernet0/a/0) ipsec-output-ip4 (by pass) Best Rregards Dave 发件人: vpp-dev@lists.fd.io 代表 shi dave 发送时间: 2019年8月23日 15:03 收件人: Neale Ranns (nranns) ; vpp-dev@lists.fd.io 主题: 回复: 回复: [vpp-dev] Add ip route without next-hop-address Hi Neale, When routing to GigabitEthernet0/a/0, it could run into ipsec-output-ip4, then the packet will be added a ipsec tunnel ip (src 172.16.3.15, dst 172.16.3.1), so the destination MAC is the mac of 172.16.3.1 the flow is like: dpdk-input ip4-input (GigabitEthernet0/b/0) ip4-lookup ip4-rewrite (GigabitEthernet0/b/0) ipsec-output-ip4 dpdk-esp-encrypt dpdk-crypto-input ip4-lookup (dst 172.16.3.1) ip4-rewrite (GigabitEthernet0/b/0) ipsec-output-ip4 (by pass) Best Rregards Dave 发件人: Neale Ranns (nranns) 发送时间: 2019年8月23日 14:53 收件人: shi dave ; vpp-dev@lists.fd.io 主题: Re: 回复: [vpp-dev] Add ip route without next-hop-address Hi Dave, When routing to GigabitEthernet0/a/0 what destination MAC address should the packet have? /neale De : shi dave Date : vendredi 23 août 2019 à 05:01 À : "Neale Ranns (nranns)" , "vpp-dev@lists.fd.io" Objet : 回复: [vpp-dev] Add ip route without next-hop-address Hi Neale, yes, it's a correct behavior for VPP ARP for 173.2.0.1, but in my case, 173.2.0.1 is a inner ip(src 173.10.10.10, dst 173.2.0.1), the outer ip is IPSEC tunnel ip(src 172.16.3.15, dst 172.16.3.1), so that's no sense to get the mac of 173.2.0.1. so is there have any method to route the packet from GigabitEthernet0/b/0 to GigabitEthernet0/a/0, without send any ARP request? Best Rregards Dave 发件人: Neale Ranns (nranns) 发送时间: 2019年8月22日 22:03 收件人: shi dave ; vpp-dev@lists.fd.io 主题: Re: [vpp-dev] Add ip route without next-hop-address Hi Dave, but from the trace, it send a ARP request to ask 173.2.0.1 directly ip4-lookup -> ip4-glean -> GigabitEthernet0/a/0-output -> ip4-glean: ARP requests sent how could I avoid this ARP request, like ? ip4-lookup -> ip4-rewrite (GigabitEthernet0/a/0) -> ipsec-output-ip4 VPP is ARPing for 173.2.0.1. What do you want it to do instead? neale -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#13829): https://lists.fd.io/g/vpp-dev/message/13829 Mute This Topic: https://lists.fd.io/mt/32998559/21656 Group Owner: vpp-dev+ow...@lists.fd.io Unsubscribe: https://lists.fd.io/g/vpp-dev/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
回复: 回复: [vpp-dev] Add ip route without next-hop-address
Hi Neale, When routing to GigabitEthernet0/a/0, it could run into ipsec-output-ip4, then the packet will be added a ipsec tunnel ip (src 172.16.3.15, dst 172.16.3.1), so the destination MAC is the mac of 172.16.3.1 the flow is like: dpdk-input ip4-input (GigabitEthernet0/b/0) ip4-lookup ip4-rewrite (GigabitEthernet0/b/0) ipsec-output-ip4 dpdk-esp-encrypt dpdk-crypto-input ip4-lookup (dst 172.16.3.1) ip4-rewrite (GigabitEthernet0/b/0) ipsec-output-ip4 (by pass) Best Rregards Dave 发件人: Neale Ranns (nranns) 发送时间: 2019年8月23日 14:53 收件人: shi dave ; vpp-dev@lists.fd.io 主题: Re: 回复: [vpp-dev] Add ip route without next-hop-address Hi Dave, When routing to GigabitEthernet0/a/0 what destination MAC address should the packet have? /neale De : shi dave Date : vendredi 23 août 2019 à 05:01 À : "Neale Ranns (nranns)" , "vpp-dev@lists.fd.io" Objet : 回复: [vpp-dev] Add ip route without next-hop-address Hi Neale, yes, it's a correct behavior for VPP ARP for 173.2.0.1, but in my case, 173.2.0.1 is a inner ip(src 173.10.10.10, dst 173.2.0.1), the outer ip is IPSEC tunnel ip(src 172.16.3.15, dst 172.16.3.1), so that's no sense to get the mac of 173.2.0.1. so is there have any method to route the packet from GigabitEthernet0/b/0 to GigabitEthernet0/a/0, without send any ARP request? Best Rregards Dave 发件人: Neale Ranns (nranns) 发送时间: 2019年8月22日 22:03 收件人: shi dave ; vpp-dev@lists.fd.io 主题: Re: [vpp-dev] Add ip route without next-hop-address Hi Dave, but from the trace, it send a ARP request to ask 173.2.0.1 directly ip4-lookup -> ip4-glean -> GigabitEthernet0/a/0-output -> ip4-glean: ARP requests sent how could I avoid this ARP request, like ? ip4-lookup -> ip4-rewrite (GigabitEthernet0/a/0) -> ipsec-output-ip4 VPP is ARPing for 173.2.0.1. What do you want it to do instead? neale -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#13828): https://lists.fd.io/g/vpp-dev/message/13828 Mute This Topic: https://lists.fd.io/mt/32998519/21656 Group Owner: vpp-dev+ow...@lists.fd.io Unsubscribe: https://lists.fd.io/g/vpp-dev/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
Re: 回复: [vpp-dev] Add ip route without next-hop-address
Hi Dave, When routing to GigabitEthernet0/a/0 what destination MAC address should the packet have? /neale De : shi dave Date : vendredi 23 août 2019 à 05:01 À : "Neale Ranns (nranns)" , "vpp-dev@lists.fd.io" Objet : 回复: [vpp-dev] Add ip route without next-hop-address Hi Neale, yes, it's a correct behavior for VPP ARP for 173.2.0.1, but in my case, 173.2.0.1 is a inner ip(src 173.10.10.10, dst 173.2.0.1), the outer ip is IPSEC tunnel ip(src 172.16.3.15, dst 172.16.3.1), so that's no sense to get the mac of 173.2.0.1. so is there have any method to route the packet from GigabitEthernet0/b/0 to GigabitEthernet0/a/0, without send any ARP request? Best Rregards Dave 发件人: Neale Ranns (nranns) 发送时间: 2019年8月22日 22:03 收件人: shi dave ; vpp-dev@lists.fd.io 主题: Re: [vpp-dev] Add ip route without next-hop-address Hi Dave, but from the trace, it send a ARP request to ask 173.2.0.1 directly ip4-lookup -> ip4-glean -> GigabitEthernet0/a/0-output -> ip4-glean: ARP requests sent how could I avoid this ARP request, like ? ip4-lookup -> ip4-rewrite (GigabitEthernet0/a/0) -> ipsec-output-ip4 VPP is ARPing for 173.2.0.1. What do you want it to do instead? neale -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#13827): https://lists.fd.io/g/vpp-dev/message/13827 Mute This Topic: https://lists.fd.io/mt/32997382/21656 Group Owner: vpp-dev+ow...@lists.fd.io Unsubscribe: https://lists.fd.io/g/vpp-dev/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
回复: [vpp-dev] Add ip route without next-hop-address
Hi Neale, yes, it's a correct behavior for VPP ARP for 173.2.0.1, but in my case, 173.2.0.1 is a inner ip(src 173.10.10.10, dst 173.2.0.1), the outer ip is IPSEC tunnel ip(src 172.16.3.15, dst 172.16.3.1), so that's no sense to get the mac of 173.2.0.1. so is there have any method to route the packet from GigabitEthernet0/b/0 to GigabitEthernet0/a/0, without send any ARP request? Best Rregards Dave 发件人: Neale Ranns (nranns) 发送时间: 2019年8月22日 22:03 收件人: shi dave ; vpp-dev@lists.fd.io 主题: Re: [vpp-dev] Add ip route without next-hop-address Hi Dave, but from the trace, it send a ARP request to ask 173.2.0.1 directly ip4-lookup -> ip4-glean -> GigabitEthernet0/a/0-output -> ip4-glean: ARP requests sent how could I avoid this ARP request, like ? ip4-lookup -> ip4-rewrite (GigabitEthernet0/a/0) -> ipsec-output-ip4 VPP is ARPing for 173.2.0.1. What do you want it to do instead? neale -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#13826): https://lists.fd.io/g/vpp-dev/message/13826 Mute This Topic: https://lists.fd.io/mt/32997382/21656 Group Owner: vpp-dev+ow...@lists.fd.io Unsubscribe: https://lists.fd.io/g/vpp-dev/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
Re: [vpp-dev] Add ip route without next-hop-address
Hi Dave, but from the trace, it send a ARP request to ask 173.2.0.1 directly ip4-lookup -> ip4-glean -> GigabitEthernet0/a/0-output -> ip4-glean: ARP requests sent how could I avoid this ARP request, like ? ip4-lookup -> ip4-rewrite (GigabitEthernet0/a/0) -> ipsec-output-ip4 VPP is ARPing for 173.2.0.1. What do you want it to do instead? neale -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#13813): https://lists.fd.io/g/vpp-dev/message/13813 Mute This Topic: https://lists.fd.io/mt/32989367/21656 Group Owner: vpp-dev+ow...@lists.fd.io Unsubscribe: https://lists.fd.io/g/vpp-dev/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
[vpp-dev] Add ip route without next-hop-address
Hi VPP Experts, I got a route issue(VPP 19.01), need your suggestion, thanks a lot! [cid:e8858049-107c-477f-ba58-05a6b20bdc30] There have a ipsec tunnel between VM1 and VPP : sa 1 spi 3693429 mode tunnel protocol esp tunnel src 172.16.3.1 dst 172.16.3.15 sa 2 spi 3380458875 mode tunnel protocol esp tunnel src 172.16.3.15 dst 172.16.3.1 outbound policies sp 1 priority 1920 action protect protocol any sa 2 local addr range 173.0.0.0 - 173.255.255.255 port range 0 - 65535 remote addr range 173.2.0.1 - 173.2.0.1 port range 0 - 65535 inbound policies sp 1 priority 1680 action protect protocol any sa 1 local addr range 173.0.0.0 - 173.255.255.255 port range 0 - 65535 remote addr range 173.2.0.1 - 173.2.0.1 port range 0 - 65535 send a ping packet : ping 173.2.0.1 -I 173.10.10.10 this packet will be routed to VPP interface GigabitEthernet0/b/0, we want this packet go through ipsec tunnel, so add below route in VPP vpp# ip route add 173.2.0.0/24 via 172.16.3.1 GigabitEthernet0/a/0 then this packet will be routed to GigabitEthernet0/a/0, and go to ipsec output handle node ipsec-output-ip4, encrypt and add ipsec tunnel IP then send out, everything is fine. but I want to add route by below way: vpp# ip route add 173.2.0.0/24 via GigabitEthernet0/a/0 because there may have many ipsec tunnels which connect with VPP from different VMs, each have different IP, like 172.16.4.1, 172.16.5.1, 172.16.6.1,I can't sure which VM will have this ip 173.2.0.1 what I want is the packet could be routed to GigabitEthernet0/a/0, so it could run into ipsec-output-ip4 node, which will find a correct SA tunnel inside, then the packet will be forwarded correctly by the ipsec tunnel IP. but from the trace, it send a ARP request to ask 173.2.0.1 directly ip4-lookup -> ip4-glean -> GigabitEthernet0/a/0-output -> ip4-glean: ARP requests sent how could I avoid this ARP request, like ? ip4-lookup -> ip4-rewrite (GigabitEthernet0/a/0) -> ipsec-output-ip4 Best Regards Dave -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#13811): https://lists.fd.io/g/vpp-dev/message/13811 Mute This Topic: https://lists.fd.io/mt/32989367/21656 Group Owner: vpp-dev+ow...@lists.fd.io Unsubscribe: https://lists.fd.io/g/vpp-dev/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
