Hi,
I tried a basic setup on GCP with two virtual machines. Each machine has
two nics in two different networks. One for VPP and one for Linux. The
trouble I'm running into is that it seems on GCP that you can't arping
other nodes in your subnet. On linux the route looks like this:
$ ip route show
default via 10.128.0.1 dev ens4
10.128.0.0/20 via 10.128.0.1 dev ens4
10.128.0.1 dev ens4 scope link
192.168.100.0/24 via 192.168.100.1 dev ens5
192.168.100.1 dev ens5 scope link
The 192.168.100.0/24 subnet is the one I intend for VPP. The way I think
this works on linux at least is that packets to other hosts in the same
network are sent to 192.168.100.1 and the only arp entry lookup is for
192.168.100.1.
I tried to replicate this in VPP with
systemctl stop vpp
ifconfig ens5 down
vpp unix { interactive cli-listen 127.0.0.1:5002 }
set int ip address GigabitEthernet0/5/0 192.168.100.7/24
set int state GigabitEthernet0/5/0 up
ip route 192.168.100.0/24 via 192.168.100.1 GigabitEthernet0/5/0
But when I try to ping from my VM running linux, the packets are received
but they go to ipv4-glean via
192.168.100.0/24
unicast-ip4-chain
[@0]: dpo-load-balance: [proto:ip4 index:9 buckets:1 uRPF:15 to:[0:0]
via:[2:168]]
[0] [@4]: ipv4-glean: [src:192.168.100.0/24] GigabitEthernet0/5/0:
mtu:8996 next:1 flags:[] ffffffffffff4201c0a864070806
And I think this sends an arp request to the source of the pings
(192.168.0.2 in my case) instead of routing the response back through
192.168.100.1. As far as I can tell in GCP you can't perform arp lookups
for other subnet local VMs, you don't get a response. You only get a
response from the router.
So my question is: Is there a combination of route commands and interface
address setup that will route all packets back through the router and only
perform arp lookups against the router?
If I add a more specific route for the other VMs then I get ping responses
back at the ping source (192.168.0.2):
ip route 192.168.100.2/32 via 192.168.100.1 GigabitEthernet0/5/0
I guess I could put in two /23 routes, but I wonder if there is a
better way. If I try a /32 address for the interface then incoming packets
from the router on behalf of the ping source get dropped because I think
they don't match the interface subnet.
regards,
Richard.
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#21430): https://lists.fd.io/g/vpp-dev/message/21430
Mute This Topic: https://lists.fd.io/mt/91275740/21656
Group Owner: vpp-dev+ow...@lists.fd.io
Unsubscribe: https://lists.fd.io/g/vpp-dev/unsub [arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-
