VPP is complaining that a tunnel for vni 42 does not exist, when clearly it
does.
I would have thought my simple set up below, would allow packets to find their
way through the tunnel to 192.168.1.3.
I am definitely doing something wrong.
Ray K
Packet 2
00:00:19:676348: af-packet-input
af_packet: hw_if_index 1 next-index 3
tpacket2_hdr:
status 0x20000001 len 84 snaplen 84 mac 66 net 80
sec 0x58418737 nsec 0x37c99699 vlan 0
00:00:19:679815: ethernet-input
IP4: 00:17:3e:37:19:89 -> 02:fe:16:35:df:49
00:00:19:679851: ip4-input
UDP: 172.16.1.2 -> 172.16.1.3
tos 0x00, ttl 64, length 70, checksum 0x2081
fragment id 0x0001
UDP: 1337 -> 4789
length 50, checksum 0xd6ca
00:00:19:679886: ip4-lookup
fib 0 dpo-idx 5 flow hash: 0x00000000
UDP: 172.16.1.2 -> 172.16.1.3
tos 0x00, ttl 64, length 70, checksum 0x2081
fragment id 0x0001
UDP: 1337 -> 4789
length 50, checksum 0xd6ca
00:00:19:679938: ip4-local
UDP: 172.16.1.2 -> 172.16.1.3
tos 0x00, ttl 64, length 70, checksum 0x2081
fragment id 0x0001
UDP: 1337 -> 4789
length 50, checksum 0xd6ca
00:00:19:679975: ip4-udp-lookup
UDP: src-port 1337 dst-port 4789
00:00:19:679996: vxlan4-input
VXLAN decap error - tunnel for vni 42 does not exist
00:00:19:680008: error-drop
vxlan4-input: packets with bad flags field in vxlan header
DBGvpp# show vxlan tunnel
[0] src 172.16.1.3 dst 172.16.1.2 vni 42 encap_fib_index 1 sw_if_index 3
fib_entry_index 20
----------------- setup -------------------------
create host-interface name veth_link1
set interface ip address host-veth_link1 172.16.1.3/24
set interface state host-veth_link1 up
create loopback interface
set interface ip table loop0 7
set interface ip address loop0 192.168.1.3/24
create vxlan tunnel src 172.16.1.3 dst 172.16.1.2 vni 42 encap-vrf-id 7
decap-next l2
set interface state vxlan_tunnel0 up
set interface state loop0 up
trace add af-packet-input 50
-----------------------------------------------
>-----Original Message-----
>From: Neale Ranns (nranns) [mailto:nra...@cisco.com]
>Sent: Thursday, December 1, 2016 7:11 PM
>To: Kinsella, Ray <ray.kinse...@intel.com>; John Lo (loj) <l...@cisco.com>;
>Keith
>Burns (krb) <k...@cisco.com>; Dave Barach (dbarach) <dbar...@cisco.com>
>Cc: vpp-dev@lists.fd.io
>Subject: Re: [vpp-dev] vxlan setup guidance
>
>
>Hi Ray,
>
>An observation inline...
>
>
>
>On 01/12/2016, 18:23, "vpp-dev-boun...@lists.fd.io on behalf of Kinsella, Ray"
><vpp-dev-boun...@lists.fd.io on behalf of ray.kinse...@intel.com> wrote:
>
>>Guys,
>>
>>I am struggling with VXLan setup with VPP.
>>On Linux it's no problem ...
>>
>>Container 1
>> sudo ip addr add 172.16.1.2/24 dev veth_link1
>> sudo ip link set dev veth_link1 up
>> sudo ip link add vxlan0 type vxlan id 42 remote 172.16.1.3 dev
>> veth_link1
>> sudo ip addr add 192.168.1.2 dev vxlan0
>> sudo ip link set dev vxlan0 up
>>
>>Container 2
>> sudo ip addr add 172.16.1.3/24 dev veth_link1
>> sudo ip link set dev veth_link1 up
>> sudo ip link add vxlan0 type vxlan id 42 remote 172.16.1.2 dev
>> veth_link1
>> sudo ip addr add 192.168.1.3 dev vxlan0
>> sudo ip link set dev vxlan0 up
>>
>>Container 1 and 2 are connected on the host with a VPP l2 bridge.
>>All works fine I can ping from between 172.16.1.2 and 172.16.1.3, 192.168.1.2
>and 192.168.1.3.
>>
>>However when I reconfigure Container 2 to use VPP, as follows.
>>(delete vxlan0, ip assignments to Linux before I start).
>>
>> create host-interface name veth_link1
>> set interface ip address host-veth_link1 172.16.1.3/24
>> set interface state host-veth_link1 up
>>
>>At this point, I can ping between 172.16.1.2 and 172.16.1.3.
>>Still all works fine ... I then create the vxlan tunnel and then bridge
>>
>> create vxlan tunnel src 172.16.1.3 dst 172.16.1.2 vni 42
>> set interface l2 bridge host-veth_link1 100
>
>Here you added the underlay link into the VxLAN overlay bridge-domain, so the
>underlay IP traffic is bridged. Remove this and I expect it will work.
>
>
>/neale
>
>
>> set interface l2 bridge vxlan_tunnel0 100
>>
>>However when after I create the vxlan tunnel and add it to the a bridge.
>>Pings in 172.16.1.0/24 stop and I get the following
>>
>>vagrant@ctwo:~$ sudo tcpdump -i veth_link1 -n
>>tcpdump: WARNING: veth_link1: no IPv4 address assigned
>>tcpdump: verbose output suppressed, use -v or -vv for full protocol
>>decode listening on veth_link1, link-type EN10MB (Ethernet), capture
>>size 65535 bytes
>>18:14:31.942718 ARP, Request who-has 172.16.1.3 tell 172.16.1.2, length
>>28
>>18:14:31.943169 IP 172.16.1.3.28173 > 172.16.1.2.4789: VXLAN, flags [I]
>>(0x08), vni 42 ARP, Request who-has 172.16.1.3 tell 172.16.1.2, length
>>28
>>18:14:32.940710 ARP, Request who-has 172.16.1.3 tell 172.16.1.2, length
>>28
>>18:14:32.941011 IP 172.16.1.3.28173 > 172.16.1.2.4789: VXLAN, flags [I]
>>(0x08), vni 42 ARP, Request who-has 172.16.1.3 tell 172.16.1.2, length
>>28
>>
>>Container 2's ICMP requests for who has 172.16.1.2, are getting encapsulated
>as VXLAN.
>>So Container 1 never responds as owning 172.16.1.2.
>>
>>172.16.1.2 and 172.16.1.3 should be my VTEPs.
>>I should be able to ping back and forth between them without encapsulation.
>>
>>Suspect I am making a simple mistake in my setup, can someone provide
>guidance.
>>
>>Ray K
>>
>>
>>_______________________________________________
>>vpp-dev mailing list
>>vpp-dev@lists.fd.io
>>https://lists.fd.io/mailman/listinfo/vpp-dev
_______________________________________________
vpp-dev mailing list
vpp-dev@lists.fd.io
https://lists.fd.io/mailman/listinfo/vpp-dev
