Hi Pac, Try removing from your configuration following two lines:
set interface nat44 in loop0 in loop1 set interface nat44 out wan1 Now try to ping from linux & vpp. From linux ping vpp wan interface 10.200.1.7 and from vpp linux host 10.200.1.1 (don’t forget to specify the source interface, this should be your wan interface in vpp). # ping <ip-addr> source <interface> Best regards, Filip From: [email protected] <[email protected]> On Behalf Of Pac Ette Sent: Wednesday, September 16, 2020 6:14 PM To: Dave Barach (dbarach) <[email protected]> Cc: [email protected] Subject: Re: [vpp-dev] ping not able to receive replies on vpp interface Hi Dave, I had a suspicion that my configs might be wrong. But, why would packets go through the NAT plugin when I am pinging from vppctl and directly on the wan1 port - I was thinking these packets don't need to be NAT-ed. Here are my configs and testing results. ## Configs cat vpp.conf set interface state wan1 up set interface state lan3 up set interface state lan2 up set interface state lan0 up set dhcp client intfc wan1 hostname test-ccB loopback create set interface l2 bridge loop0 1 bvi set interface ip address loop0 10.90.0.1/16<http://10.90.0.1/16> set interface state loop0 up create tap id 0 host-ip4-addr 10.90.0.2/16<http://10.90.0.2/16> host-if-name lstack1 set interface l2 bridge tap0 1 set interface state tap0 up loopback create set interface l2 bridge loop1 2 bvi set interface ip address loop1 10.100.0.1/16<http://10.100.0.1/16> set interface state loop1 up set interface l2 bridge lan0 2 set interface l2 bridge lan2 2 set interface l2 bridge lan3 2 create tap id 1 host-ip4-addr 10.100.0.2/16<http://10.100.0.2/16> host-if-name lstack2 set interface l2 bridge tap1 2 set interface state tap1 up nat44 add interface address wan1 set interface nat44 in loop0 in loop1 set interface nat44 out wan1 ---------------------------------------------------------- vpp# sh nat44 addresses NAT44 pool addresses: 10.200.1.7 tenant VRF independent 0 busy other ports 18 busy udp ports 0 busy tcp ports 0 busy icmp ports NAT44 twice-nat pool addresses: vpp# sh nat44 interfaces NAT44 interfaces: loop0 in loop1 in wan1 out vpp# sh dhcp client [0] wan1 state DHCP_BOUND installed 1 addr 10.200.1.7/24<http://10.200.1.7/24> gw 10.200.1.1 server 10.200.1.1 dns 8.8.8.8 linux stack $ ip route default via 10.90.0.1 dev lstack1 10.90.0.0/16<http://10.90.0.0/16> dev lstack1 proto kernel scope link src 10.90.0.2 10.100.0.0/16<http://10.100.0.0/16> dev lstack2 proto kernel scope link src 10.100.0.2 ---------------------------------------------------------- ## Testing pings via linux stack works but pings via vppctl do not. ping via vppctl: vpp# ping 10.200.1.1 Statistics: 5 sent, 0 received, 100% packet loss ping via linux stack: $ ping 10.200.1.1 PING 10.200.1.1 (10.200.1.1) 56(84) bytes of data. 64 bytes from 10.200.1.1<http://10.200.1.1>: icmp_seq=1 ttl=63 time=1.01 ms 64 bytes from 10.200.1.1<http://10.200.1.1>: icmp_seq=2 ttl=63 time=0.321 ms --- 10.200.1.1 ping statistics --- 2 packets transmitted, 2 received, 0% packet loss, time 1001ms rtt min/avg/max/mdev = 0.321/0.670/1.019/0.349 ms Thanks! On Wed, Sep 16, 2020 at 4:32 AM Dave Barach (dbarach) <[email protected]<mailto:[email protected]>> wrote: The dispatch pcap trace shows that “nat44-ed-out2in-slowpath” drops the reply. Since the request never visits the nat plugin, there is no translation set up to process the reply. Please check your configuration. Dave From: [email protected]<mailto:[email protected]> <[email protected]<mailto:[email protected]>> On Behalf Of Pac Ette Sent: Tuesday, September 15, 2020 11:40 PM To: [email protected]<mailto:[email protected]> Subject: [vpp-dev] ping not able to receive replies on vpp interface Hi folks, vpp is unable to ping on an interface: vpp# ping 10.200.1.1 source wan1 Statistics: 5 sent, 0 received, 100% packet loss current setup: vpp 20.05 linux machine (A) <----> vpp machine (B) 10.200.1.1 <----> 10.200.1.7 [cid:[email protected]] So the server at 10.200.1.1 is replying but vpp is showing 100% packet loss. I am also attaching a vpp dispatch pcap file. Thanks for the help!
-=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#17425): https://lists.fd.io/g/vpp-dev/message/17425 Mute This Topic: https://lists.fd.io/mt/76880903/21656 Group Owner: [email protected] Unsubscribe: https://lists.fd.io/g/vpp-dev/unsub [[email protected]] -=-=-=-=-=-=-=-=-=-=-=-
