Hi Dave,

Yep. When I made the packet trace, I had the dns config bits.

VPP is caching DNS queries

[P] DNS query: id 18
  no-recur recur-des no-trunc non-auth
  2 queries, 0 answers, 0 name-servers, 0 add'l recs
  Queries:
    Name: www.apple.com: type A
    Name: www.apple.com: type AAAA

But LAN (inside network) device is not able to resolve any url
LAN device is at 10.155.6.202

dig @10.155.6.1 www.apple.com

; <<>> DiG 9.10.6 <<>> @10.155.6.1 www.apple.com
; (1 server found)
;; global options: +cmd
;; connection timed out; no servers could be reached

Here is the config I was using:

set int state wan0 up
set int state lan0 up
set int state lan1 up

loopback create
set int l2 bridge loop0 1 bvi
set int ip address loop0 10.155.1.1/24
set int state loop0 up

create sub lan0 1
set int state lan0.1 up
set int l2 bridge lan0.1 1
set int l2 tag-rewrite lan0.1 pop 1
create sub lan1 1
set int state lan1.1 up
set int l2 bridge lan1.1 1
set int l2 tag-rewrite lan1.1 pop 1

create tap id 0 host-ip4-addr 10.155.1.2/24 host-if-name mgmt
set int l2 bridge tap0 1
set int state tap0 up

loopback create
set int l2 bridge loop1 2 bvi
set int ip address loop1 10.155.2.1/24
set int state loop1 up

create sub lan0 2
set int state lan0.2 up
set int l2 bridge lan0.2 2
set int l2 tag-rewrite lan0.2 pop 1
create sub lan1 2
set int state lan1.2 up
set int l2 bridge lan1.2 2
set int l2 tag-rewrite lan1.2 pop 1

create tap id 1 host-ip4-addr 10.155.2.2/24 host-if-name private
set int l2 bridge tap1 2
set int state tap1 up

loopback create
set int l2 bridge loop2 3 bvi
set int ip address loop2 10.155.6.1/24
set int state loop2 up

set int l2 bridge lan0 3
set int l2 bridge lan1 3

create tap id 2 host-ip4-addr 10.155.6.2/24 host-if-name novlan
set int l2 bridge tap2 3
set int state tap2 up

nat44 add interface address wan0
set interface nat44 in loop0 in loop1 in loop2
set interface nat44 out wan0

nat44 add identity mapping external wan0 udp 53053
bin dns_name_server_add_del 8.8.8.8
bin dns_enable_disable


DHCP server settings
OPTION:   6 (  4) DNS server    10.155.6.1
OPTION:   3 (  4) Routers          10.155.6.1

Thanks!

On Thu, Aug 15, 2019 at 5:02 AM Dave Barach (dbarach) <dbar...@cisco.com> wrote:
>
> Four bits of config required:
>
> nat44 add identity mapping external GigabitEthernet3/0/0 udp 53053
> binary-api dns_name_server_add_del 8.8.8.8
> binary-api dns_enable_disable
>
> Inside network DHCP server needs to set option 6 (DNS name server) to the vpp 
> gateway address.
>
> D.
>
> -----Original Message-----
> From: vpp-dev@lists.fd.io <vpp-dev@lists.fd.io> On Behalf Of carlito nueno
> Sent: Wednesday, August 14, 2019 11:46 PM
> To: Carlito Nueno <carlitonu...@gmail.com>
> Cc: vpp-dev@lists.fd.io
> Subject: Re: [vpp-dev] Crash when using dns_name_server
>
> Did a packet trace and I noticed two things:
>
> dns4-request: DNS pkts pending upstream name resolution
> nat44-out2in: no translation
>
>
> Packet 8
>
> 00:28:11:659028: dpdk-input
>   lan1 rx queue 0
>   buffer 0x8aeef: current data 0, length 89, buffer-pool 0, ref-count 1, 
> totlen-nifb 0, trace 0x5
>                   ext-hdr-valid
>                   l4-cksum-computed l4-cksum-correct
>   PKT MBUF: port 2, nb_segs 1, pkt_len 89
>     buf_len 2176, data_len 89, ol_flags 0x180, data_off 128, phys_addr
> 0xe64bbc40
>     packet_type 0x211 l2_len 0 l3_len 0 outer_l2_len 0 outer_l3_len 0
>     rss 0x0 fdir.hi 0x0 fdir.lo 0x0
>     Packet Offload Flags
>       PKT_RX_IP_CKSUM_GOOD (0x0080) IP cksum of RX pkt. is valid
>       PKT_RX_L4_CKSUM_GOOD (0x0100) L4 cksum of RX pkt. is valid
>     Packet Types
>       RTE_PTYPE_L2_ETHER (0x0001) Ethernet packet
>       RTE_PTYPE_L3_IPV4 (0x0010) IPv4 packet without extension headers
>       RTE_PTYPE_L4_UDP (0x0200) UDP packet
>   IP4: a0:36:9f:3b:a2:b2 -> de:ad:00:00:00:05
>   UDP: 10.155.6.203 -> 10.155.6.1
>     tos 0x00, ttl 64, length 75, checksum 0x55ce
>     fragment id 0xc2d2, flags DONT_FRAGMENT
>   UDP: 33177 -> 53
>     length 55, checksum 0x96d9
> 00:28:11:659031: ethernet-input
>   frame: flags 0x3, hw-if-index 3, sw-if-index 3
>   IP4: a0:36:9f:3b:a2:b2 -> de:ad:00:00:00:05
> 00:28:11:659032: l2-input
>   l2-input: sw_if_index 3 dst de:ad:00:00:00:05 src a0:36:9f:3b:a2:b2
> 00:28:11:659033: l2-learn
>   l2-learn: sw_if_index 3 dst de:ad:00:00:00:05 src a0:36:9f:3b:a2:b2 
> bd_index 6
> 00:28:11:659034: l2-fwd
>   l2-fwd:   sw_if_index 3 dst de:ad:00:00:00:05 src a0:36:9f:3b:a2:b2
> bd_index 6 result [0x700000025, 37] static age-not bvi
> 00:28:11:659036: ip4-input
>   UDP: 10.155.6.203 -> 10.155.6.1
>     tos 0x00, ttl 64, length 75, checksum 0x55ce
>     fragment id 0xc2d2, flags DONT_FRAGMENT
>   UDP: 33177 -> 53
>     length 55, checksum 0x96d9
> 00:28:11:659037: nat44-in2out
>   NAT44_IN2OUT_FAST_PATH: sw_if_index 37, next index 3, session -1
> 00:28:11:659037: nat44-in2out-slowpath
>   NAT44_IN2OUT_SLOW_PATH: sw_if_index 37, next index 0, session -1
> 00:28:11:659038: ip4-lookup
>   fib 0 dpo-idx 10 flow hash: 0x00000000
>   UDP: 10.155.6.203 -> 10.155.6.1
>     tos 0x00, ttl 64, length 75, checksum 0x55ce
>     fragment id 0xc2d2, flags DONT_FRAGMENT
>   UDP: 33177 -> 53
>     length 55, checksum 0x96d9
> 00:28:11:659040: ip4-local
>     UDP: 10.155.6.203 -> 10.155.6.1
>       tos 0x00, ttl 64, length 75, checksum 0x55ce
>       fragment id 0xc2d2, flags DONT_FRAGMENT
>     UDP: 33177 -> 53
>       length 55, checksum 0x96d9
> 00:28:11:659041: ip4-local-end-of-arc
>     UDP: 10.155.6.203 -> 10.155.6.1
>       tos 0x00, ttl 64, length 75, checksum 0x55ce
>       fragment id 0xc2d2, flags DONT_FRAGMENT
>     UDP: 33177 -> 53
>       length 55, checksum 0x96d9
> 00:28:11:659041: ip4-udp-lookup
>   UDP: src-port 33177 dst-port 53
> 00:28:11:659042: dns4-request
>   DNS46_REPLY: pool index -1, disposition  6
> 00:28:11:659044: error-drop
>   rx:loop5
> 00:28:11:659044: drop
>   dns4-request: DNS pkts pending upstream name resolution
>
> Packet 9
>
> 00:28:13:589187: dpdk-input
>   wan0 rx queue 0
>   buffer 0x504bc: current data 0, length 113, buffer-pool 0, ref-count 1, 
> totlen-nifb 0, trace 0x8
>                   ext-hdr-valid
>                   l4-cksum-computed l4-cksum-correct
>   PKT MBUF: port 5, nb_segs 1, pkt_len 113
>     buf_len 2176, data_len 113, ol_flags 0x180, data_off 128, phys_addr 
> 0xe5a12f80
>     packet_type 0x211 l2_len 0 l3_len 0 outer_l2_len 0 outer_l3_len 0
>     rss 0x0 fdir.hi 0x0 fdir.lo 0x0
>     Packet Offload Flags
>       PKT_RX_IP_CKSUM_GOOD (0x0080) IP cksum of RX pkt. is valid
>       PKT_RX_L4_CKSUM_GOOD (0x0100) L4 cksum of RX pkt. is valid
>     Packet Types
>       RTE_PTYPE_L2_ETHER (0x0001) Ethernet packet
>       RTE_PTYPE_L3_IPV4 (0x0010) IPv4 packet without extension headers
>       RTE_PTYPE_L4_UDP (0x0200) UDP packet
>   IP4: 4a:1d:70:63:fc:d4 -> 06:35:31:eb:33:22
>   UDP: 8.8.8.8 -> 72.33.156.100
>     tos 0x20, ttl 122, length 99, checksum 0x94c7
>     fragment id 0x9ea9
>   UDP: 53 -> 53053
>     length 79, checksum 0x9c5e
> 00:28:13:589189: ethernet-input
>   frame: flags 0x3, hw-if-index 6, sw-if-index 6
>   IP4: 4a:1d:70:63:fc:d4 -> 06:35:31:eb:33:22
> 00:28:13:589190: ip4-input-no-checksum
>   UDP: 8.8.8.8 -> 72.33.156.100
>     tos 0x20, ttl 122, length 99, checksum 0x94c7
>     fragment id 0x9ea9
>   UDP: 53 -> 53053
>     length 79, checksum 0x9c5e
> 00:28:13:589191: nat44-out2in
>   NAT44_OUT2IN: sw_if_index 6, next index 0, session index -1
> 00:28:13:589192: error-drop
>   rx:wan0
> 00:28:13:589192: drop
>   nat44-out2in: no translation
>
> Packet 10
>
> 00:28:13:590291: dpdk-input
>   wan0 rx queue 0
>   buffer 0x416b6: current data 0, length 236, buffer-pool 0, ref-count 1, 
> totlen-nifb 0, trace 0x9
>                   ext-hdr-valid
>                   l4-cksum-computed l4-cksum-correct
>   PKT MBUF: port 5, nb_segs 1, pkt_len 236
>     buf_len 2176, data_len 236, ol_flags 0x180, data_off 128, phys_addr 
> 0xe565ae00
>     packet_type 0x211 l2_len 0 l3_len 0 outer_l2_len 0 outer_l3_len 0
>     rss 0x0 fdir.hi 0x0 fdir.lo 0x0
>     Packet Offload Flags
>       PKT_RX_IP_CKSUM_GOOD (0x0080) IP cksum of RX pkt. is valid
>       PKT_RX_L4_CKSUM_GOOD (0x0100) L4 cksum of RX pkt. is valid
>     Packet Types
>       RTE_PTYPE_L2_ETHER (0x0001) Ethernet packet
>       RTE_PTYPE_L3_IPV4 (0x0010) IPv4 packet without extension headers
>       RTE_PTYPE_L4_UDP (0x0200) UDP packet
>   IP4: 4a:1d:70:63:fc:d4 -> 06:35:31:eb:33:22
>   UDP: 8.8.8.8 -> 72.33.156.100
>     tos 0x20, ttl 122, length 222, checksum 0x3980
>     fragment id 0xf975
>   UDP: 53 -> 53053
>     length 202, checksum 0x0da9
> 00:28:13:590292: ethernet-input
>   frame: flags 0x3, hw-if-index 6, sw-if-index 6
>   IP4: 4a:1d:70:63:fc:d4 -> 06:35:31:eb:33:22
> 00:28:13:590293: ip4-input-no-checksum
>   UDP: 8.8.8.8 -> 72.33.156.100
>     tos 0x20, ttl 122, length 222, checksum 0x3980
>     fragment id 0xf975
>   UDP: 53 -> 53053
>     length 202, checksum 0x0da9
> 00:28:13:590294: nat44-out2in
>   NAT44_OUT2IN: sw_if_index 6, next index 0, session index -1
> 00:28:13:590294: error-drop
>   rx:wan0
> 00:28:13:590294: drop
>   nat44-out2in: no translation
>
> On Wed, Aug 14, 2019 at 5:26 PM carlito nueno via Lists.Fd.Io 
> <carlitonueno=gmail....@lists.fd.io> wrote:
> >
> > VPP is not crashing anymore. I didn't change anything.
> >
> > VPP is caching DNS queries
> >
> > [P] DNS query: id 18
> >   no-recur recur-des no-trunc non-auth
> >   2 queries, 0 answers, 0 name-servers, 0 add'l recs
> >   Queries:
> >     Name: www.apple.com: type A
> >     Name: www.apple.com: type AAAA
> >
> > But LAN device is not able to resolve any url LAN device is at
> > 10.155.6.202
> >
> > dig @10.155.6.1 www.apple.com
> >
> > ; <<>> DiG 9.10.6 <<>> @10.155.6.1 www.apple.com ; (1 server found) ;;
> > global options: +cmd ;; connection timed out; no servers could be
> > reached
> >
> >
> > On Wed, Aug 14, 2019 at 4:41 PM carlito nueno via Lists.Fd.Io
> > <carlitonueno=gmail....@lists.fd.io> wrote:
> > >
> > > Hi all,
> > >
> > > I am trying to use DNS server and on "ping google.com" VPP is
> > > crashing
> > >
> > > Aug 13 21:31:10 test1-vpp vnet[853]: unknown input `add_del 8.8.8.8
> > > Aug 13 21:31:28 test1-vpp vnet[853]: dns cache: add / del / clear 
> > > required..
> > > Aug 13 21:31:36 test1-vpp vnet[853]:
> > > vl_api_dns_resolve_name_reply_t_handler:2556: ip4 address
> > > 23.75.7.244 Aug 13 21:32:24 test1-vpp vnet[853]: dns cache: add / del / 
> > > clear required..
> > > Aug 13 21:34:43 test1-vpp vnet[853]: resolve_event:247: name server
> > > 8.8.8.8 backfire
> > >
> > > When I try to restart it, it just hangs
> > >
> > > Aug 13 21:35:16 test1-vpp vnet[853]: unix_signal_handler:170:
> > > received signal SIGCONT, PC 0x7f9bf5ff7e20 Aug 13 21:35:16 test1-vpp
> > > vnet[853]: received SIGTERM, exiting...
> > > Aug 13 21:35:16 test1-vpp systemd[1]: Stopping vector packet
> > > processing engine...
> > > Aug 13 21:35:16 test1-vpp vnet[853]: unix_signal_handler:170:
> > > received signal SIGCONT, PC 0x7f9bf5ff7e20
> > >
> > > vpp.conf
> > >
> > > set int state wan0 up
> > > set dhcp client intfc wan0 hostname vpp
> > >
> > > loopback create
> > > set int l2 bridge loop5 6 bvi
> > > set int ip address loop5 10.155.6.1/24 set int state loop5 up
> > >
> > > set int l2 bridge lan0 6
> > > set int state lan0 up
> > >
> > > create tap id 5 host-ip4-addr 10.155.6.2/24 host-if-name lstack
> > > host-ip4-gw 10.155.6.1 set int l2 bridge tap5 6 set int state tap5
> > > up
> > >
> > > nat44 add interface address wan0
> > > set interface nat44 in loop5 in out wan0
> > >
> > > nat44 add identity mapping external wan0 udp 53053 bin
> > > dns_name_server_add_del 8.8.8.8 bin dns_name_server_add_del 8.8.8.4
> > > bin dns_enable_disable
> > >
> > > DHCP server settings
> > > OPTION:   6 (  4) DNS server       10.155.6.1
> > > OPTION:   3 (  4) Routers              10.155.6.1
> > >
> > > Thanks!
> > > -=-=-=-=-=-=-=-=-=-=-=-
> > > Links: You receive all messages sent to this group.
> > >
> > > View/Reply Online (#13739):
> > > https://lists.fd.io/g/vpp-dev/message/13739
> > > Mute This Topic: https://lists.fd.io/mt/32881233/675621
> > > Group Owner: vpp-dev+ow...@lists.fd.io
> > > Unsubscribe: https://lists.fd.io/g/vpp-dev/unsub
> > > [carlitonu...@gmail.com]
> > > -=-=-=-=-=-=-=-=-=-=-=-
> > -=-=-=-=-=-=-=-=-=-=-=-
> > Links: You receive all messages sent to this group.
> >
> > View/Reply Online (#13740):
> > https://lists.fd.io/g/vpp-dev/message/13740
> > Mute This Topic: https://lists.fd.io/mt/32881233/675621
> > Group Owner: vpp-dev+ow...@lists.fd.io
> > Unsubscribe: https://lists.fd.io/g/vpp-dev/unsub
> > [carlitonu...@gmail.com]
> > -=-=-=-=-=-=-=-=-=-=-=-
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.

View/Reply Online (#13748): https://lists.fd.io/g/vpp-dev/message/13748
Mute This Topic: https://lists.fd.io/mt/32881233/21656
Group Owner: vpp-dev+ow...@lists.fd.io
Unsubscribe: https://lists.fd.io/g/vpp-dev/unsub  [arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

Reply via email to