Re: [vpp-dev] Need help on IPSEC tunnel

Thu, 15 Jul 2021 04:40:54 -0700 

Hi Nikhil,

Reaching the ip4-not-enabled node means your tunnel is not ip4 enabled. Give it 
an IP address or make it unnumbered to an interface that has an address.

/neale

From: vpp-dev@lists.fd.io <vpp-dev@lists.fd.io> on behalf of nikhil subhedar 
via lists.fd.io <subhedarnikhil=gmail....@lists.fd.io>
Date: Tuesday, 13 July 2021 at 18:53
To: vpp-dev@lists.fd.io <vpp-dev@lists.fd.io>
Subject: [vpp-dev] Need help on IPSEC tunnel
Greetings of the day...
I am facing a problem in ip-node lookup.  Here is the sequence.

1) decrypting the  esp packet at esp4-decrypt-tun.
2) packet is reaching to ip4-input-no-checksum which is nothing but the 
ip4-lookup .
3)From ip4-input-no-checksum ideally it should  reach to ip-4lookup/ip4-lookup.

But in my case from  ip4-input-no-checksum it is going to ip4-not-enabled

Can you please help me in this regard?

Thanks in advance.
Nikhil

Here is the trace.
  IPSEC_ESP: 20.20.147.217 -> 20.20.147.220
    tos 0x00, ttl 64, length 120, checksum 0xea76 dscp CS0 ecn NON_ECN
    fragment id 0x0000, flags DONT_FRAGMENT
00:03:11:387399: ip4-local
    IPSEC_ESP: 20.20.147.217 -> 20.20.147.220
      tos 0x00, ttl 64, length 120, checksum 0xea76 dscp CS0 ecn NON_ECN
      fragment id 0x0000, flags DONT_FRAGMENT
00:03:11:387402: ipsec4-tun-input
  IPSec: remote:20.20.147.217 spi:12347 (0x0000303b) seq 1 sa 1
00:03:11:387413: esp4-decrypt-tun
  esp: crypto aes-cbc-256 integrity sha1-96 pkt-seq 1 sa-seq 1 sa-seq-hi 0
00:03:11:387471: ip4-input-no-checksum
  TCP: 10.10.10.10 -> 30.30.30.30
    tos 0x00, ttl 64, length 60, checksum 0x4eb7 dscp CS0 ecn NON_ECN
    fragment id 0x9bb5, flags DONT_FRAGMENT
  TCP: 3268 -> 1234
    seq. 0xe5076078 ack 0x00000000
    flags 0x02 SYN, tcp header: 40 bytes
    window 64240, checksum 0xca58
00:03:11:387473: ip4-not-enabled
    TCP: 10.10.10.10 -> 30.30.30.30
      tos 0x00, ttl 64, length 60, checksum 0x4eb7 dscp CS0 ecn NON_ECN
      fragment id 0x9bb5, flags DONT_FRAGMENT
    TCP: 3268 -> 1234
      seq. 0xe5076078 ack 0x00000000
      flags 0x02 SYN, tcp header: 40 bytes
      window 64240, checksum 0xca58
00:03:11:387479: error-drop
  rx:ipip0
00:03:11:387481: drop
  ip4-local: unknown ip protocol



--
Regards,
Nikhil

-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#19782): https://lists.fd.io/g/vpp-dev/message/19782
Mute This Topic: https://lists.fd.io/mt/84182906/21656
Group Owner: vpp-dev+ow...@lists.fd.io
Unsubscribe: https://lists.fd.io/g/vpp-dev/unsub [arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

Reply via email to