Hi Need to establish communication between loopback1 and loopback2. There is no host ( host-ethx ) interface between them. Pure loopback communication.
create loopback interface instance 1 set interface ip address loop1 11.11.11.1/28 set interface state loop1 up create loopback interface instance 2 set interface ip address loop2 22.22.22.1/28 set interface state loop2 up ping 22.22.22.1 source loop1 1 0.000000 11.11.11.1 ? 22.22.22.1 ICMP 2327 Echo (ping) request id=0xc46f, seq=1/256, ttl=255 2 0.000059 11.11.11.1 ? 22.22.22.1 ICMP 2326 Echo (ping) request id=0xc46f, seq=1/256, ttl=255 3 0.000074 11.11.11.1 ? 22.22.22.1 ICMP 2324 Echo (ping) request id=0xc46f, seq=1/256, ttl=255 4 0.000090 11.11.11.1 ? 22.22.22.1 ICMP 2326 Echo (ping) request id=0xc46f, seq=1/256, ttl=255 5 0.000104 11.11.11.1 ? 22.22.22.1 ICMP 2320 Echo (ping) request id=0xc46f, seq=1/256, ttl=255 6 1.003085 11.11.11.1 ? 22.22.22.1 ICMP 2327 Echo (ping) request id=0xc46f, seq=2/512, ttl=255 7 1.003114 11.11.11.1 ? 22.22.22.1 ICMP 2326 Echo (ping) request id=0xc46f, seq=2/512, ttl=255 8 1.003145 11.11.11.1 ? 22.22.22.1 ICMP 2324 Echo (ping) request id=0xc46f, seq=2/512, ttl=255 9 1.003157 11.11.11.1 ? 22.22.22.1 ICMP 2326 Echo (ping) request id=0xc46f, seq=2/512, ttl=255 10 1.003167 11.11.11.1 ? 22.22.22.1 ICMP 2320 Echo (ping) request id=0xc46f, seq=2/512, ttl=255 11 2.007094 11.11.11.1 ? 22.22.22.1 ICMP 2327 Echo (ping) request id=0xc46f, seq=3/768, ttl=255 12 2.007132 11.11.11.1 ? 22.22.22.1 ICMP 2326 Echo (ping) request id=0xc46f, seq=3/768, ttl=255 13 2.007142 11.11.11.1 ? 22.22.22.1 ICMP 2324 Echo (ping) request id=0xc46f, seq=3/768, ttl=255 14 2.007154 11.11.11.1 ? 22.22.22.1 ICMP 2326 Echo (ping) request id=0xc46f, seq=3/768, ttl=255 15 2.007164 11.11.11.1 ? 22.22.22.1 ICMP 2320 Echo (ping) request id=0xc46f, seq=3/768, ttl=255 16 3.000007 11.11.11.1 ? 22.22.22.1 ICMP 2327 Echo (ping) request id=0xc46f, seq=4/1024, ttl=255 VPPCTL# show ip fib ipv4-VRF:0, fib_index:0, flow hash:[src dst sport dport proto ] epoch:0 flags:none locks:[default-route:1, nat-hi:2, ] 0.0.0.0/0 unicast-ip4-chain [@0]: dpo-load-balance: [proto:ip4 index:1 buckets:1 uRPF:0 to:[0:0]] [0] [@0]: dpo-drop ip4 0.0.0.0/32 unicast-ip4-chain [@0]: dpo-load-balance: [proto:ip4 index:2 buckets:1 uRPF:1 to:[0:0]] [0] [@0]: dpo-drop ip4 11.11.11.0/32 unicast-ip4-chain [@0]: dpo-load-balance: [proto:ip4 index:10 buckets:1 uRPF:11 to:[0:0]] [0] [@0]: dpo-drop ip4 11.11.11.0/28 unicast-ip4-chain [@0]: dpo-load-balance: [proto:ip4 index:9 buckets:1 uRPF:14 to:[0:0]] [0] [@4]: ipv4-glean: loop1: mtu:9000 next:1 ffffffffffffdead000000010806 11.11.11.1/32 unicast-ip4-chain [@0]: dpo-load-balance: [proto:ip4 index:12 buckets:1 uRPF:15 to:[0:0]] [0] [@2]: dpo-receive: 11.11.11.1 on loop1 11.11.11.15/32 unicast-ip4-chain [@0]: dpo-load-balance: [proto:ip4 index:11 buckets:1 uRPF:13 to:[0:0]] [0] [@0]: dpo-drop ip4 22.22.22.0/32 unicast-ip4-chain [@0]: dpo-load-balance: [proto:ip4 index:14 buckets:1 uRPF:17 to:[0:0]] [0] [@0]: dpo-drop ip4 22.22.22.0/28 unicast-ip4-chain [@0]: dpo-load-balance: [proto:ip4 index:13 buckets:1 uRPF:20 to:[5:480]] [0] [@4]: ipv4-glean: loop2: mtu:9000 next:2 ffffffffffffdead000000020806 22.22.22.1/32 unicast-ip4-chain [@0]: dpo-load-balance: [proto:ip4 index:16 buckets:1 uRPF:21 to:[15:1440]] [0] [@2]: dpo-receive: 22.22.22.1 on loop2 22.22.22.15/32 unicast-ip4-chain [@0]: dpo-load-balance: [proto:ip4 index:15 buckets:1 uRPF:19 to:[0:0]] [0] [@0]: dpo-drop ip4 224.0.0.0/4 unicast-ip4-chain [@0]: dpo-load-balance: [proto:ip4 index:4 buckets:1 uRPF:3 to:[0:0]] [0] [@0]: dpo-drop ip4 240.0.0.0/4 unicast-ip4-chain [@0]: dpo-load-balance: [proto:ip4 index:3 buckets:1 uRPF:2 to:[0:0]] [0] [@0]: dpo-drop ip4 255.255.255.255/32 unicast-ip4-chain [@0]: dpo-load-balance: [proto:ip4 index:5 buckets:1 uRPF:4 to:[0:0]] [0] [@0]: dpo-drop ip4 Facing issue with IP source address validation in src/vnet/ip/ip4_forward.c which drops the packet as spoof. *error0 = ((*error0 == IP4_ERROR_UNKNOWN_PROTOCOL && dpo0->dpoi_type == DPO_RECEIVE) ? IP4_ERROR_SPOOFED_LOCAL_PACKETS : *error0); *error0 = ((*error0 == IP4_ERROR_UNKNOWN_PROTOCOL && !fib_urpf_check_size (lb0->lb_urpf) && ip0->dst_address.as_u32 != 0xFFFFFFFF) ? IP4_ERROR_SRC_LOOKUP_MISS : *error0); I tried loose source validation, table, route entry, etc always hitting spoof. In case if i remove the validation, communication is working. Can we route the data without modifying the code and bypass the validation with proper configuration ? If so, please share it. Thanks, Sri
-=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#21408): https://lists.fd.io/g/vpp-dev/message/21408 Mute This Topic: https://lists.fd.io/mt/91074078/21656 Group Owner: vpp-dev+ow...@lists.fd.io Unsubscribe: https://lists.fd.io/g/vpp-dev/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-