Re: [vpp-dev] How to match a specific packet to the outbound direction of a specified interface #vpp

Sat, 09 May 2020 03:14:08 -0700 

which vpp version are you heading? If you r using 19.05 or less, you can
create ipsec tunnel, and route your packet to ipsec0 interface,

create ipsec tunnel local-ip <x.x.x.x> local-spi 1111 remote-ip <y.y.y.y>
remote-spi 2222
set interface ipsec key ipsec0 local crypto aes-gcm-128
2b7e151628aed2a6abf7158809cf4f3d
set interface ipsec key ipsec0 remote crypto aes-gcm-128
2b7e151628aed2a6abf7158809cf4f3d
set interface state ipsec0 up
set interface unnumbered ipsec0 use <interface_name: src tunnel interface>
ip route add 192.168.200.10/24 via ipsec0

if your are using >= 19.08, best practice, you can create policy based
tunnel.

ipsec policy add spd 1 priority 100 inbound action bypass protocol 50
ipsec policy add spd 1 priority 100 outbound action bypass protocol 50
ipsec policy add spd 1 outbound action bypass local-ip-range
10.168.4.0-10.168.4.255 remote-ip-range 10.168.2.0-10.168.2.255
ipsec sa add 10 spi 3391172682 esp crypto-alg aes-gcm-256 crypto-key
523a88fa4ad8c0325d75c933d9e567c23879ea701355207551bc2cf7d963c3dac8dcdca2
tunnel-src 10.168.2.4 tunnel-dst 10.168.4.11
ipsec sa add 20 spi 3443809241 esp crypto-alg aes-gcm-256 crypto-key
6062e3e9a9d578f58527242e9fbd48aeef7a0f8b4adc4569e7a84cda19c14ae21aa0a2b4
tunnel-src 10.168.4.11 tunnel-dst 10.168.2.4
ipsec policy add spd 1 priority 10  inbound action protect sa 10
local-ip-range 10.168.3.11 - 10.168.3.11 remote-ip-range 10.168.2.4 -
10.168.2.4
ipsec policy add spd 1 priority 10 outbound action protect sa 20
local-ip-range 10.168.3.11 - 10.168.3.11 remote-ip-range 10.168.2.4 -
10.168.2.4



cheers!   enjoy
//MJ



*Regards*,
Mrityunjay Kumar.
Mobile: +91 - 9731528504



On Sat, May 9, 2020 at 12:16 PM <comeon...@outlook.com> wrote:

> Hi VPP hackers,
> My program and vpp communicate through the memif interface.
> I want to make vpp match specific packets(such as ospf packet), and then
> redirect to the outbound direction of the memif interface.
>
> I don't know how to match a specific packet to the outbound direction of a
> specified interface.
>
> Can someone provide an example of configuration.
> Thanks in advance!
> 
>

-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.

View/Reply Online (#16290): https://lists.fd.io/g/vpp-dev/message/16290
Mute This Topic: https://lists.fd.io/mt/74091305/21656
Mute #vpp: https://lists.fd.io/mk?hashtag=vpp&subid=1480452
Group Owner: vpp-dev+ow...@lists.fd.io
Unsubscribe: https://lists.fd.io/g/vpp-dev/unsub  [arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

Reply via email to