Hi Andre, Generally speaking policy based routing can be achieved with ABF [0] or IP session redirect [1]. I'm not sure to understand the topology but don't you have to configure policy based routing in Linux too? >From what I understand, VPP forwards packets toward the management just fine >but the problem is on the return traffic? If Linux also have all the routes, >Linux will likely not answer back through VPP? You can check if you receive traffic back from Linux and what is happening by doing a packet trace with 'vppctl clear trace && vppctl trace add virtio-input 100 && sleep 5 && vppctl show trace'. Otherwise, an actual schema could help better understand what you are trying to achieve.
best ben [0] https://git.fd.io/vpp/tree/src/plugins/abf/FEATURE.yaml [1] https://git.fd.io/vpp/tree/src/plugins/ip_session_redirect/ip_session_redirect_doc.rst ________________________________________ From: vpp-dev@lists.fd.io <vpp-dev@lists.fd.io> on behalf of Andre Nathan via lists.fd.io <andre=digirati.com...@lists.fd.io> Sent: Wednesday, August 27, 2025 1:21 To: vpp-dev@lists.fd.io Subject: [vpp-dev] Source-based routing Hello I'm in the process of reconfiguring a Linux router, by adding a VPP interface to it. The BGP session established over this interface uses non-routable IPs, so my link provider gives me an administration IP address so that I can access it remotely from outside my network. In Linux, this used to be a dummy interface, with source-based routing to ensure packets from the administration IP will always go out via the interface connected to this provider: ip route add default $peer_ip table mgmt ip rule add from $admin_ip lookup mgmt I'm trying to reproduce this configuration in VPP. I've managed to get the loopback address working: create loopback interface instance 0 lcp create loop0 host-if management set interface state loop0 up set interface ip address loop0 $admin_ip/32 With this and an ssh daemon running in the VPP namespace, I can get it to work with a default route, i.e. ip netns exec ip route add default via $peer_ip dev $uplink_interface However when the BGP sessions in the router are established, other routes will take precedence, so I'd like to reproduce the source-based routing I had in linux. I've tried to add a new VRF: vppctl ip table add 10 vppctl set interface ip table loop0 10 vppctl ip route add 0.0.0.0/0 table 10 via $peer_ip $uplink_interface vppctl ip route add $admin_ip/32 via ip4-lookup-in-table 10 With this configuration I can see SYN packets arriving at the management interface, but no replies seem to be sent. I've also tried the SVS plugin: svs enable ip4 table-id 1 loop0 svs table add ip4 table-id 1 svs route add table-id 1 $admin_ip/32 src-table-id 10 and a few attempts using acl and abf, but nothing worked. Does anyone have a working example of source-based routing to share? Thanks, Andre
-=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#26295): https://lists.fd.io/g/vpp-dev/message/26295 Mute This Topic: https://lists.fd.io/mt/114909302/21656 Group Owner: vpp-dev+ow...@lists.fd.io Unsubscribe: https://lists.fd.io/g/vpp-dev/leave/14379924/21656/631435203/xyzzy [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
