Hi Filip, sorry, amendment to my last email:
Your suggestion worked. But ping from linux stack (tap interface) is not working because there is no NAT in/out anymore. I am using VPP with NAT. Is it not possible for ping to work with NAT? I noticed something. If I add back: set interface nat44 in loop0 in loop1 set interface nat44 out wan1 In addition to vpp-to-server not working, I am also unable to ping from linux server to vpp box. $ ping 10.200.1.7 PING 10.200.1.7 (10.200.1.7) from 10.200.1.1 eth2: 56(84) bytes of data. --- 10.200.1.7 ping statistics --- 80 packets transmitted, 0 received, 100% packet loss, time 80882ms Thanks! On Wed, Sep 16, 2020 at 1:10 PM Pac Ette via lists.fd.io <pktnoise= [email protected]> wrote: > Hi Filip, > > Your suggestion worked. But I am using VPP with NAT. Is it not possible > for ping to work with NAT? > > I noticed something. When NAT is set, in addition to vpp to server not > working, I am also unable to ping from linux server to vpp box. > > If I add back: > set interface nat44 in loop0 in loop1 > set interface nat44 out wan1 > > linux (10.200.1.1) --> to --> wan1 (vpp) does not work either. > > Thanks! > > > On Wed, Sep 16, 2020 at 12:35 PM Filip Varga -X (fivarga - PANTHEON TECH > SRO at Cisco) <[email protected]> wrote: > >> Hi Pac, >> >> >> >> Try removing from your configuration following two lines: >> >> >> >> set interface nat44 in loop0 in loop1 >> set interface nat44 out wan1 >> >> >> >> Now try to ping from linux & vpp. From linux ping vpp wan interface >> 10.200.1.7 and from vpp linux host 10.200.1.1 (don’t forget to specify the >> source interface, this should be your wan interface in vpp). >> >> >> >> # ping <ip-addr> source <interface> >> >> >> >> Best regards, >> >> Filip >> >> >> >> *From:* [email protected] <[email protected]> *On Behalf Of *Pac Ette >> *Sent:* Wednesday, September 16, 2020 6:14 PM >> *To:* Dave Barach (dbarach) <[email protected]> >> *Cc:* [email protected] >> *Subject:* Re: [vpp-dev] ping not able to receive replies on vpp >> interface >> >> >> >> Hi Dave, >> >> >> >> I had a suspicion that my configs might be wrong. But, why would packets >> go through the NAT plugin when I am pinging from vppctl and directly on the >> wan1 port - I was thinking these packets don't need to be NAT-ed. Here are >> my configs and testing results. >> >> >> >> ## Configs >> cat vpp.conf >> set interface state wan1 up >> set interface state lan3 up >> set interface state lan2 up >> set interface state lan0 up >> >> set dhcp client intfc wan1 hostname test-ccB >> >> loopback create >> set interface l2 bridge loop0 1 bvi >> set interface ip address loop0 10.90.0.1/16 >> set interface state loop0 up >> >> create tap id 0 host-ip4-addr 10.90.0.2/16 host-if-name lstack1 >> set interface l2 bridge tap0 1 >> set interface state tap0 up >> >> loopback create >> set interface l2 bridge loop1 2 bvi >> set interface ip address loop1 10.100.0.1/16 >> set interface state loop1 up >> >> set interface l2 bridge lan0 2 >> set interface l2 bridge lan2 2 >> set interface l2 bridge lan3 2 >> >> create tap id 1 host-ip4-addr 10.100.0.2/16 host-if-name lstack2 >> set interface l2 bridge tap1 2 >> set interface state tap1 up >> >> nat44 add interface address wan1 >> set interface nat44 in loop0 in loop1 >> set interface nat44 out wan1 >> ---------------------------------------------------------- >> vpp# sh nat44 addresses >> NAT44 pool addresses: >> 10.200.1.7 >> tenant VRF independent >> 0 busy other ports >> 18 busy udp ports >> 0 busy tcp ports >> 0 busy icmp ports >> NAT44 twice-nat pool addresses: >> >> vpp# sh nat44 interfaces >> NAT44 interfaces: >> loop0 in >> loop1 in >> wan1 out >> >> vpp# sh dhcp client >> [0] wan1 state DHCP_BOUND installed 1 addr 10.200.1.7/24 gw 10.200.1.1 >> server 10.200.1.1 dns 8.8.8.8 >> >> linux stack >> $ ip route >> default via 10.90.0.1 dev lstack1 >> 10.90.0.0/16 dev lstack1 proto kernel scope link src 10.90.0.2 >> 10.100.0.0/16 dev lstack2 proto kernel scope link src 10.100.0.2 >> ---------------------------------------------------------- >> ## Testing >> >> pings via linux stack works but pings via vppctl do not. >> >> ping via vppctl: >> vpp# ping 10.200.1.1 >> Statistics: 5 sent, 0 received, 100% packet loss >> >> ping via linux stack: >> $ ping 10.200.1.1 >> PING 10.200.1.1 (10.200.1.1) 56(84) bytes of data. >> 64 bytes from 10.200.1.1: icmp_seq=1 ttl=63 time=1.01 ms >> 64 bytes from 10.200.1.1: icmp_seq=2 ttl=63 time=0.321 ms >> --- 10.200.1.1 ping statistics --- >> 2 packets transmitted, 2 received, 0% packet loss, time 1001ms >> rtt min/avg/max/mdev = 0.321/0.670/1.019/0.349 ms >> >> >> >> Thanks! >> >> >> >> On Wed, Sep 16, 2020 at 4:32 AM Dave Barach (dbarach) <[email protected]> >> wrote: >> >> The dispatch pcap trace shows that “nat44-ed-out2in-slowpath” drops the >> reply. Since the *request* never visits the nat plugin, there is no >> translation set up to process the reply. >> >> >> >> Please check your configuration. >> >> >> >> Dave >> >> >> >> *From:* [email protected] <[email protected]> *On Behalf Of *Pac Ette >> *Sent:* Tuesday, September 15, 2020 11:40 PM >> *To:* [email protected] >> *Subject:* [vpp-dev] ping not able to receive replies on vpp interface >> >> >> >> Hi folks, >> >> >> >> vpp is unable to ping on an interface: >> >> vpp# ping 10.200.1.1 source wan1 >> Statistics: 5 sent, 0 received, 100% packet loss >> >> >> >> current setup: >> >> vpp 20.05 >> >> >> >> linux machine (A) <----> vpp machine (B) >> >> 10.200.1.1 <----> 10.200.1.7 >> >> >> >> >> >> So the server at 10.200.1.1 is replying but vpp is showing 100% packet >> loss. >> >> >> >> I am also attaching a vpp dispatch pcap file. >> >> >> >> Thanks for the help! >> >> >> >> > > >
-=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#17428): https://lists.fd.io/g/vpp-dev/message/17428 Mute This Topic: https://lists.fd.io/mt/76880903/21656 Group Owner: [email protected] Unsubscribe: https://lists.fd.io/g/vpp-dev/unsub [[email protected]] -=-=-=-=-=-=-=-=-=-=-=-
