Re: [vpp-dev] Help with two interfaces accessing outside network
Carlito, Some more detail would be helpful. Are you using VPP purely as a host, or are VPP acting as a router with other nodes behind it? For the VPP as a host case, I'd prefer to use a scoped/zoned address approach. E.g. ping 8.8.8.8@wan0 Source address selection should then pick a source address from within the appropriate zone. This means you'd still do normal destination based forwarding instead of PBR/SADR. For the routed case: Does each ISP route the same address block for you (a)? Different global address blocks (b), or do you get a single IP address and expect to do NAT? For case (a) normal destination based forwarding works. Although you want to combine it with some sort of SLA function. For case (b) you need PBR or SADR (https://tools.ietf.org/html/draft-ietf-rtgwg-dst-src-routing-07) For case (c) you need a NAT function that support multiple outside interfaces. Best regards, Ole > On 13 Aug 2019, at 22:55, carlito nueno wrote: > > Hi all, > > I am trying to setup two WAN interfaces where each of them can access > to the outside world at the same time. > > So far I have: > > set int state wan0 up > set int state wan1 up > > set int ip address wan0 172.78.10.155/29 > set dhcp client intfc wan1 hostname test-wans > > ip route add 0.0.0.0/0 via 172.78.10.158 wan0 > > vpp# ping 8.8.8.8 source wan0 > vpp# ping 8.8.8.8 source wan1 > > I am unable to ping via wan1 > > Any advice? > > Thanks! > -=-=-=-=-=-=-=-=-=-=-=- > Links: You receive all messages sent to this group. > > View/Reply Online (#13726): https://lists.fd.io/g/vpp-dev/message/13726 > Mute This Topic: https://lists.fd.io/mt/32857184/675193 > Group Owner: vpp-dev+ow...@lists.fd.io > Unsubscribe: https://lists.fd.io/g/vpp-dev/unsub [otr...@employees.org] > -=-=-=-=-=-=-=-=-=-=-=- -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#13784): https://lists.fd.io/g/vpp-dev/message/13784 Mute This Topic: https://lists.fd.io/mt/32857184/21656 Group Owner: vpp-dev+ow...@lists.fd.io Unsubscribe: https://lists.fd.io/g/vpp-dev/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
Re: [vpp-dev] Help with two interfaces accessing outside network
Hi Carlito, You almost certainly want them in the same table. As I said, if you do this: ping 8.8.8.8 source wan1 then the ping packet will be constructed with a source address from wan1, but it will still follow your routing config for transmission. This means that if you have: ip route add 0.0.0.0/0 via 172.78.10.158 wan0 then the packet will be sent on wan0 but with wan1's source, the upstream could/should reject this due to a uRPF check. You might lobby the community, or perhaps add yourself, a 'send via interface,nexthop' option to ping. Regarding redundancy, if you configure ECMP; ip route add 0.0.0.0/0 via 172.78.10.158 wan0 ip route add 0.0.0.0/0 via wan1. /// or perhaps your DHHCP server gives you this then the FIB will react to the state of the links. When one is down only the other will be used. You can also configure BFD if you peer supports it and FIB can use this for link state monitoring. /neale -Message d'origine- De : au nom de carlito nueno Date : vendredi 16 août 2019 à 00:20 À : "bbal...@juniper.net" Cc : "vpp-dev@lists.fd.io" Objet : Re: [vpp-dev] Help with two interfaces accessing outside network Hi Balaji, As far as I know, VPP doesn't have link monitoring to switch routes. But as you said, I added a cron job to check link status and switch routes on failure. I added each interface route to a particular FIB table. This way I am able to use ping 8.8.8.8 source wan0 or wan1. Is this the correct way? Thanks! On Thu, Aug 15, 2019 at 2:46 PM Balaji B via Lists.Fd.Io wrote: > > Not sure there is a way to do this without a routing protocol. > > Don't think there is link monitoring or path monitoring to switch the default route to backup route. > > Maybe you can have a cron job that check the link status and next hop connectivity and switch the route when there is a failure. > > Good luck. -=-=-=-=-=-=-=-=-=-=-=- > Links: You receive all messages sent to this group. > > View/Reply Online (#13755): https://lists.fd.io/g/vpp-dev/message/13755 > Mute This Topic: https://lists.fd.io/mt/32857184/675621 > Group Owner: vpp-dev+ow...@lists.fd.io > Unsubscribe: https://lists.fd.io/g/vpp-dev/unsub [carlitonu...@gmail.com] > -=-=-=-=-=-=-=-=-=-=-=- -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#13762): https://lists.fd.io/g/vpp-dev/message/13762 Mute This Topic: https://lists.fd.io/mt/32857184/21656 Group Owner: vpp-dev+ow...@lists.fd.io Unsubscribe: https://lists.fd.io/g/vpp-dev/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
Re: [vpp-dev] Help with two interfaces accessing outside network
Hi Balaji, As far as I know, VPP doesn't have link monitoring to switch routes. But as you said, I added a cron job to check link status and switch routes on failure. I added each interface route to a particular FIB table. This way I am able to use ping 8.8.8.8 source wan0 or wan1. Is this the correct way? Thanks! On Thu, Aug 15, 2019 at 2:46 PM Balaji B via Lists.Fd.Io wrote: > > Not sure there is a way to do this without a routing protocol. > > Don't think there is link monitoring or path monitoring to switch the default > route to backup route. > > Maybe you can have a cron job that check the link status and next hop > connectivity and switch the route when there is a failure. > > Good luck. -=-=-=-=-=-=-=-=-=-=-=- > Links: You receive all messages sent to this group. > > View/Reply Online (#13755): https://lists.fd.io/g/vpp-dev/message/13755 > Mute This Topic: https://lists.fd.io/mt/32857184/675621 > Group Owner: vpp-dev+ow...@lists.fd.io > Unsubscribe: https://lists.fd.io/g/vpp-dev/unsub [carlitonu...@gmail.com] > -=-=-=-=-=-=-=-=-=-=-=- -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#13756): https://lists.fd.io/g/vpp-dev/message/13756 Mute This Topic: https://lists.fd.io/mt/32857184/21656 Group Owner: vpp-dev+ow...@lists.fd.io Unsubscribe: https://lists.fd.io/g/vpp-dev/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
Re: [vpp-dev] Help with two interfaces accessing outside network
Not sure there is a way to do this without a routing protocol. Don't think there is link monitoring or path monitoring to switch the default route to backup route. Maybe you can have a cron job that check the link status and next hop connectivity and switch the route when there is a failure. Good luck. -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#13755): https://lists.fd.io/g/vpp-dev/message/13755 Mute This Topic: https://lists.fd.io/mt/32857184/21656 Group Owner: vpp-dev+ow...@lists.fd.io Unsubscribe: https://lists.fd.io/g/vpp-dev/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
Re: [vpp-dev] Help with two interfaces accessing outside network
Sorry for not being clear. Each of the interfaces is connected to a different network (ISP). The scenario is of dual WAN. One ISP is providing static address and other is providing DHCP. wan1 is receiving DHCP. If I ONLY have: ip route add 0.0.0.0/0 via 172.78.10.158 wan0 then I am able to ping from wan0 If I ONLY have: ip route add 0.0.0.0/0 via wan1 then I am able to ping from wan1 ping works from one interface or the other but not both. So, I am using this to setup dual WAN scenario where if one ISP is down, I can move the outbound connections via wan1 and vise versa. Thanks! On Wed, Aug 14, 2019 at 7:28 AM Balaji B via Lists.Fd.Io wrote: > > I am assuming wan1 is also connected to same network as wan0, is that > correct? Curious, what is your use case for wanting to have two interface > connected to same network? > > Also, check to see if you got an address from DHCP and try to ping the next > hop first. -=-=-=-=-=-=-=-=-=-=-=- > Links: You receive all messages sent to this group. > > View/Reply Online (#13734): https://lists.fd.io/g/vpp-dev/message/13734 > Mute This Topic: https://lists.fd.io/mt/32857184/675621 > Group Owner: vpp-dev+ow...@lists.fd.io > Unsubscribe: https://lists.fd.io/g/vpp-dev/unsub [carlitonu...@gmail.com] > -=-=-=-=-=-=-=-=-=-=-=- -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#13738): https://lists.fd.io/g/vpp-dev/message/13738 Mute This Topic: https://lists.fd.io/mt/32857184/21656 Group Owner: vpp-dev+ow...@lists.fd.io Unsubscribe: https://lists.fd.io/g/vpp-dev/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
Re: [vpp-dev] Help with two interfaces accessing outside network
I am assuming wan1 is also connected to same network as wan0, is that correct? Curious, what is your use case for wanting to have two interface connected to same network? Also, check to see if you got an address from DHCP and try to ping the next hop first. -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#13734): https://lists.fd.io/g/vpp-dev/message/13734 Mute This Topic: https://lists.fd.io/mt/32857184/21656 Group Owner: vpp-dev+ow...@lists.fd.io Unsubscribe: https://lists.fd.io/g/vpp-dev/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
Re: [vpp-dev] Help with two interfaces accessing outside network
Your VPP configs look fine. I can only guess at general network issues. My first guess would be that the DHCP process did not complete, yet. For my second guess, this: vpp# ping 8.8.8.8 source wan1 means take the source address from wan1, but this: ip route add 0.0.0.0/0 via 172.78.10.158 wan0 still routes the packet via wan0. Maybe the upstream peer does uRPF. /neale -Message d'origine- De : au nom de carlito nueno Date : mardi 13 août 2019 à 22:55 À : "vpp-dev@lists.fd.io" Objet : [vpp-dev] Help with two interfaces accessing outside network Hi all, I am trying to setup two WAN interfaces where each of them can access to the outside world at the same time. So far I have: set int state wan0 up set int state wan1 up set int ip address wan0 172.78.10.155/29 set dhcp client intfc wan1 hostname test-wans ip route add 0.0.0.0/0 via 172.78.10.158 wan0 vpp# ping 8.8.8.8 source wan0 vpp# ping 8.8.8.8 source wan1 I am unable to ping via wan1 Any advice? Thanks! -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#13731): https://lists.fd.io/g/vpp-dev/message/13731 Mute This Topic: https://lists.fd.io/mt/32857184/21656 Group Owner: vpp-dev+ow...@lists.fd.io Unsubscribe: https://lists.fd.io/g/vpp-dev/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
[vpp-dev] Help with two interfaces accessing outside network
Hi all, I am trying to setup two WAN interfaces where each of them can access to the outside world at the same time. So far I have: set int state wan0 up set int state wan1 up set int ip address wan0 172.78.10.155/29 set dhcp client intfc wan1 hostname test-wans ip route add 0.0.0.0/0 via 172.78.10.158 wan0 vpp# ping 8.8.8.8 source wan0 vpp# ping 8.8.8.8 source wan1 I am unable to ping via wan1 Any advice? Thanks! -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#13726): https://lists.fd.io/g/vpp-dev/message/13726 Mute This Topic: https://lists.fd.io/mt/32857184/21656 Group Owner: vpp-dev+ow...@lists.fd.io Unsubscribe: https://lists.fd.io/g/vpp-dev/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
