Re: [vpp-dev] ping not able to receive replies on vpp interface

[Filip Varga via lists.fd.io]

Hi Pack,

I am currently working on larger patch. If you need the fix as soon as possible 
feel free to contribute and add me as reviewer in gerrit. I will be able to 
look into it on the end of the weekend.

Best regards,
Filip

From: Pac Ette <pktno...@gmail.com>
Sent: Wednesday, September 23, 2020 7:47 PM
To: Pac Ette <pktno...@gmail.com>
Cc: Filip Varga -X (fivarga - PANTHEON TECH SRO at Cisco) <fiva...@cisco.com>; 
Dave Barach (dbarach) <dbar...@cisco.com>; vpp-dev@lists.fd.io
Subject: Re: [vpp-dev] ping not able to receive replies on vpp interface

Hi Filip,

Sorry to bother you.

If you have any update on this please let me know. I can perform any test you 
need.

Thanks!

On Thu, Sep 17, 2020 at 10:05 AM Pac Ette via lists.fd.io<http://lists.fd.io> 
<pktnoise=gmail....@lists.fd.io<mailto:gmail....@lists.fd.io>> wrote:
Hi Filip,

Sounds good.

Thanks!

On Thu, Sep 17, 2020 at 1:27 AM Filip Varga -X (fivarga - PANTHEON TECH SRO at 
Cisco) <fiva...@cisco.com<mailto:fiva...@cisco.com>> wrote:
Hi Pac,

Yes the idea is that you should be able to ping NAT outside interface from the 
adjacent side of the connection. This was previously working. I will create a 
ticket for the issue and look in to it shortly.

If you have any other issues with NAT please let me know.

Best regards,
Filip

From: Pac Ette <pktno...@gmail.com<mailto:pktno...@gmail.com>>
Sent: Wednesday, September 16, 2020 10:16 PM
To: pktno...@gmail.com<mailto:pktno...@gmail.com>
Cc: Filip Varga -X (fivarga - PANTHEON TECH SRO at Cisco) 
<fiva...@cisco.com<mailto:fiva...@cisco.com>>; Dave Barach (dbarach) 
<dbar...@cisco.com<mailto:dbar...@cisco.com>>; 
vpp-dev@lists.fd.io<mailto:vpp-dev@lists.fd.io>
Subject: Re: [vpp-dev] ping not able to receive replies on vpp interface
Importance: High

Hi Filip,

sorry, amendment to my last email:

Your suggestion worked. But ping from linux stack (tap interface) is not 
working because there is no NAT in/out anymore.

I am using VPP with NAT. Is it not possible for ping to work with NAT?

I noticed something. If I add back:

set interface nat44 in loop0 in loop1
set interface nat44 out wan1

In addition to vpp-to-server not working, I am also unable to ping from linux 
server to vpp box.

$ ping 10.200.1.7
PING 10.200.1.7 (10.200.1.7) from 10.200.1.1 eth2: 56(84) bytes of data.
--- 10.200.1.7 ping statistics ---
80 packets transmitted, 0 received, 100% packet loss, time 80882ms

Thanks!

On Wed, Sep 16, 2020 at 1:10 PM Pac Ette via lists.fd.io<http://lists.fd.io> 
<pktnoise=gmail....@lists.fd.io<mailto:gmail....@lists.fd.io>> wrote:
Hi Filip,

Your suggestion worked. But I am using VPP with NAT. Is it not possible for 
ping to work with NAT?

I noticed something. When NAT is set, in addition to vpp to server not working, 
I am also unable to ping from linux server to vpp box.

If I add back:
set interface nat44 in loop0 in loop1
set interface nat44 out wan1

linux (10.200.1.1) --> to --> wan1 (vpp) does not work either.

Thanks!


On Wed, Sep 16, 2020 at 12:35 PM Filip Varga -X (fivarga - PANTHEON TECH SRO at 
Cisco) <fiva...@cisco.com<mailto:fiva...@cisco.com>> wrote:
Hi Pac,

Try removing from your configuration following two lines:

set interface nat44 in loop0 in loop1
set interface nat44 out wan1

Now try to ping from linux & vpp. From linux ping vpp wan interface 10.200.1.7 
and from vpp linux host 10.200.1.1 (don’t forget to specify the source 
interface, this should be your wan interface in vpp).

# ping <ip-addr> source <interface>

Best regards,
Filip

From: vpp-dev@lists.fd.io<mailto:vpp-dev@lists.fd.io> 
<vpp-dev@lists.fd.io<mailto:vpp-dev@lists.fd.io>> On Behalf Of Pac Ette
Sent: Wednesday, September 16, 2020 6:14 PM
To: Dave Barach (dbarach) <dbar...@cisco.com<mailto:dbar...@cisco.com>>
Cc: vpp-dev@lists.fd.io<mailto:vpp-dev@lists.fd.io>
Subject: Re: [vpp-dev] ping not able to receive replies on vpp interface

Hi Dave,

I had a suspicion that my configs might be wrong. But, why would packets go 
through the NAT plugin when I am pinging from vppctl and directly on the wan1 
port - I was thinking these packets don't need to be NAT-ed. Here are my 
configs and testing results.

## Configs
cat vpp.conf
set interface state wan1 up
set interface state lan3 up
set interface state lan2 up
set interface state lan0 up

set dhcp client intfc wan1 hostname test-ccB

loopback create
set interface l2 bridge loop0 1 bvi
set interface ip address loop0 10.90.0.1/16<http://10.90.0.1/16>
set interface state loop0 up

create tap id 0 host-ip4-addr 10.90.0.2/16<http://10.90.0.2/16> host-if-name 
lstack1
set interface l2 bridge tap0 1
set interface state tap0 up

loopback create
set interface l2 bridge loop1 2 bvi
set interface ip address loop1 10.100.0.1/16<http://10.100.0.1/16>
set interface state loop1 up

set interface l2 bridge lan0 2
set interface l2 bridge lan2 2
set interface l2 bridge lan3 2

create tap id 1 host-ip4-addr 10.100.0.2/16<http://10.100.0.2/16> host-if-name 
lstack2
set interface l2 bridge tap1 2
set interface state tap1 up

nat44 add interface address wan1
set interface nat44 in loop0 in loop1
set interface nat44 out wan1
----------------------------------------------------------
vpp# sh nat44 addresses
NAT44 pool addresses:
10.200.1.7
  tenant VRF independent
  0 busy other ports
  18 busy udp ports
  0 busy tcp ports
  0 busy icmp ports
NAT44 twice-nat pool addresses:

vpp# sh nat44 interfaces
NAT44 interfaces:
 loop0 in
 loop1 in
 wan1 out

vpp# sh dhcp client
[0] wan1 state DHCP_BOUND installed 1 addr 10.200.1.7/24<http://10.200.1.7/24> 
gw 10.200.1.1 server 10.200.1.1 dns 8.8.8.8

linux stack
$ ip route
default via 10.90.0.1 dev  lstack1
10.90.0.0/16<http://10.90.0.0/16> dev lstack1 proto kernel scope link src 
10.90.0.2
10.100.0.0/16<http://10.100.0.0/16> dev lstack2 proto kernel scope link src 
10.100.0.2
----------------------------------------------------------
## Testing

pings via linux stack works but pings via vppctl do not.

ping via vppctl:
vpp# ping 10.200.1.1
Statistics: 5 sent, 0 received, 100% packet loss

ping via linux stack:
$ ping 10.200.1.1
PING 10.200.1.1 (10.200.1.1) 56(84) bytes of data.
64 bytes from 10.200.1.1<http://10.200.1.1>: icmp_seq=1 ttl=63 time=1.01 ms
64 bytes from 10.200.1.1<http://10.200.1.1>: icmp_seq=2 ttl=63 time=0.321 ms
--- 10.200.1.1 ping statistics ---
2 packets transmitted, 2 received, 0% packet loss, time 1001ms
rtt min/avg/max/mdev = 0.321/0.670/1.019/0.349 ms

Thanks!

On Wed, Sep 16, 2020 at 4:32 AM Dave Barach (dbarach) 
<dbar...@cisco.com<mailto:dbar...@cisco.com>> wrote:
The dispatch pcap trace shows that “nat44-ed-out2in-slowpath” drops the reply. 
Since the request never visits the nat plugin, there is no translation set up 
to process the reply.

Please check your configuration.

Dave

From: vpp-dev@lists.fd.io<mailto:vpp-dev@lists.fd.io> 
<vpp-dev@lists.fd.io<mailto:vpp-dev@lists.fd.io>> On Behalf Of Pac Ette
Sent: Tuesday, September 15, 2020 11:40 PM
To: vpp-dev@lists.fd.io<mailto:vpp-dev@lists.fd.io>
Subject: [vpp-dev] ping not able to receive replies on vpp interface

Hi folks,

vpp is unable to ping on an interface:
vpp# ping 10.200.1.1 source wan1
Statistics: 5 sent, 0 received, 100% packet loss

current setup:
vpp 20.05

linux machine (A) <----> vpp machine (B)
      10.200.1.1      <----> 10.200.1.7

[cid:image001.png@01D69258.7B52F560]

So the server at 10.200.1.1 is replying but vpp is showing 100% packet loss.

I am also attaching a vpp dispatch pcap file.

Thanks for the help!





-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#17496): https://lists.fd.io/g/vpp-dev/message/17496
Mute This Topic: https://lists.fd.io/mt/76880903/21656
Group Owner: vpp-dev+ow...@lists.fd.io
Unsubscribe: https://lists.fd.io/g/vpp-dev/unsub [arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-