From: hem...@mnkcg.com <hem...@mnkcg.com> Date: Monday, 19 April 2021 at 16:03 To: Neale Ranns <ne...@graphiant.com>, vpp-dev@lists.fd.io <vpp-dev@lists.fd.io> Subject: RE: [vpp-dev] dst mac-address look up?
From: Neale Ranns <ne...@graphiant.com> Sent: Monday, April 19, 2021 3:34 AM To: hem...@mnkcg.com; vpp-dev@lists.fd.io Subject: Re: [vpp-dev] dst mac-address look up? From: hem...@mnkcg.com<mailto:hem...@mnkcg.com> <hem...@mnkcg.com<mailto:hem...@mnkcg.com>> Date: Sunday, 18 April 2021 at 19:25 To: Neale Ranns <ne...@graphiant.com<mailto:ne...@graphiant.com>>, vpp-dev@lists.fd.io<mailto:vpp-dev@lists.fd.io> <vpp-dev@lists.fd.io<mailto:vpp-dev@lists.fd.io>> Subject: RE: [vpp-dev] dst mac-address look up? [If the adjacency is incomplete, then there is no ip_neghbor. It’s the ip_neighbor that provides the dst mac that completes the adjacency. Think of the adjacency as the cache in the data-plane of all the data that the control-plane provides to forward a packet to a given neighbour (src,dst mac, vlan tags and ether-type). You can’t forward to that neighbour until we have the dst mac, so one of the reasons we have incomplete adjacencies is so that when packets need to be forwarded to a neighbour whose dst mac is not yet known we generate rate-limited ARP/ND requests. So I would advise that the result of your 6-tuple lookup is the adjacency, then you can send the packets to ip4-arp-inline, if it’s incomplete, or ip4-rewrite if it is complete. Using the ipX node, rather than interface-output, means you get ttl decrement plus checksum update, fragmentation and features (ACL, NAT etc). Uou might find the example of the ABF plugin useful as an example of building lookup tables that resolve through adjacencies (or any other fib like path).] The adjacency is incomplete for the egress interface, i.e., interface rewrite string is not setup yet. However, the ARP cache does have a complete adjacency and this is why the arp cache is looked up and ipn-> pn_fib_entry_index is correct. then something is broken. If there is an ARP entry then the adj should be complete. Can you show me: Sh ip neighbor Sh adj Out point out which neighbor it is. /neale There are reasons the plugin is using interface output and computes checksum and ttl decrement. If the VPP node ends up using ACL and NAT, I agree, interface-output should change to ipX node. I do have to use interface-output for certain uses cases. It would be good to add changes to VPP I have proposed in latest gerrit review. https://gerrit.fd.io/r/c/vpp/+/32023 Thanks, Hemant
-=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#19250): https://lists.fd.io/g/vpp-dev/message/19250 Mute This Topic: https://lists.fd.io/mt/82127329/21656 Group Owner: vpp-dev+ow...@lists.fd.io Unsubscribe: https://lists.fd.io/g/vpp-dev/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
