Ole Troan <otr...@employees.org> schrieb am Do., 25. Jan. 2018 um 22:07 Uhr:
> > Not accepting IP[46] packets on any interface type that is not IP[46] > enabled is a basic security feature. To IP4 enable an interface you have > two option; > > 1) Assign it an IP address > > 2) Make it IP unnumbered to another interface that does have an > address, e.g. > > set int ip addr loop0 some-private-addr/32 > > set int unnumbered gtpu-tunnel-0 use loop0 > > set int unnumbered gtpu-tunnel-1 use loop0 > > set int unnumbered gtpu-tunnel-2 use loop0 > > etc… > > It doesn’t have to be a loopback, I use that only as an example. > > > > To IP6 enable an interface instead of the unnumbered trick one can just > do; > > 1) enable ip6 interface gtpu-tunnel0 > > Although all IPv6 interfaces by definition have an IPv6 address (the IPv6 > link-local) I do wonder if we shouldn't allow for IP processing to be > enabled for both IP4 and IP6 independently of having an address configured. > (Of course that would imply that some protocols wouldn't work.) > ip4_sw_interface_enable_disable() and/or ip6_sw_interface_enable_disable() did the trick. It works now without having to use the unnumbered option or having to assign a IPv4 address. I didn't check IPv6, though. Thanks for the help, Andreas Cheers, > Ole >
_______________________________________________ vpp-dev mailing list vpp-dev@lists.fd.io https://lists.fd.io/mailman/listinfo/vpp-dev
