Hi Andreas, Not accepting IP[46] packets on any interface type that is not IP[46] enabled is a basic security feature. To IP4 enable an interface you have two option;
1) Assign it an IP address 2) Make it IP unnumbered to another interface that does have an address, e.g. set int ip addr loop0 some-private-addr/32 set int unnumbered gtpu-tunnel-0 use loop0 set int unnumbered gtpu-tunnel-1 use loop0 set int unnumbered gtpu-tunnel-2 use loop0 etc… It doesn’t have to be a loopback, I use that only as an example. To IP6 enable an interface instead of the unnumbered trick one can just do; 1) enable ip6 interface gtpu-tunnel0 hth /neale From: <[email protected]> on behalf of Andreas Schultz <[email protected]> Date: Thursday, 25 January 2018 at 17:34 To: "[email protected]" <[email protected]> Subject: [vpp-dev] Howto implement L3 p2p tunnel interface without assigning IP to the interface? Hi, Short story: The VPP tunnel implementation HOWTO [1] says that a L3 tunnel needs an IP address. How do I implement a P2P tunnel interface without assigning an IP address to it? Long story: I'm implementing a GTP-U User Plane Node that conforms to 3GPP TS 29.244 [2] & [3]. For each Sx Session a VPP tunnel interface is created (a Sx Session can consist of multiple GTP tunnels that all belong to the same UE IP). A reverse route for the UE IP is inserted into the FIB pointing to the session tunnel interface. So far this all works nicely. However when a GTP-U packet arrives, a trace shows that it is decapsulated, handed to ip4-input and the immediatly dropped without any error indication: 00:00:59:474894: ip4-udp-lookup UDP: src-port 2152 dst-port 2152 00:00:59:474902: gtpu4-input GTPU decap from gtpu_session0 teid 1 next 1 error 0 00:00:59:474942: ip4-input ICMP: 10.180.125.105 -> 8.8.8.8 tos 0x00, ttl 63, length 84, checksum 0xa484 fragment id 0xfef7, flags DONT_FRAGMENT ICMP echo_request checksum 0xc7d 00:00:59:475013: ip4-drop ICMP: 10.180.125.105 -> 8.8.8.8 tos 0x00, ttl 63, length 84, checksum 0xa484 fragment id 0xfef7, flags DONT_FRAGMENT ICMP echo_request checksum 0xc7d 00:00:59:475020: error-drop ip4-input: valid ip4 packets I have traced the cause of the drop to vnet_feature_arc_start and from there to vnet_get_config_data. It turns out the IP feature is not configured on the ARC/sw_if_index combination. When I manually add a IP address to the tunnel interface it starts to work. I already looked at the PPPoE and the IPSec plugins, They must be doing something simmilar, but I can't spot the difference. So how do I get the tunnel interface to work without having to add an IP address to it? Or, do I need to handle the input/decap chain differently? My current code is at: https://github.com/RoadRunnr/vpp/tree/feature/gtp-dp/src/plugins/gtpdp Thanks Andreas 1: https://wiki.fd.io/view/VPP/How_to_add_a_tunnel_encapsulation 2: https://github.com/RoadRunnr/vpp/tree/feature/gtp-dp 3: http://www.etsi.org/deliver/etsi_ts/129200_129299/129244/14.01.00_60/ts_129244v140100p.pdf
_______________________________________________ vpp-dev mailing list [email protected] https://lists.fd.io/mailman/listinfo/vpp-dev
