Hi,
I have an IPSec tunnel over a pair of veth interfaces that seems to work fine
with pings but doesnt work when sending traffic, the traffic comes from the
physical NIC into VPP to be sent over IPSec.
This is the output for # show errors
4071630 esp4-encrypt-tun ESP pkts received
error
When I put a trace, I see the packets being dropped and the error counter
increasing
Packet 7
02:01:20:705376: af-packet-input
af_packet: hw_if_index 2 next-index 4
tpacket2_hdr:
status 0x2001 len 118 snaplen 118 mac 66 net 80
sec 0x619cf4c0 nsec 0x19a129d7 vlan 0 vlan_tpid 0
02:01:20:705381: ethernet-input
IP4: 02:fe:52:e8:ea:da -> 02:fe:55:f3:2d:af
02:01:20:705384: ip4-input
UDP: 192.168.50.2 -> 192.168.50.1
tos 0x00, ttl 254, length 104, checksum 0xd730 dscp CS0 ecn NON_ECN
fragment id 0x
UDP: 500 -> 500
length 84, checksum 0x
02:01:20:705388: ip4-lookup
fib 0 dpo-idx 8 flow hash: 0x
UDP: 192.168.50.2 -> 192.168.50.1
tos 0x00, ttl 254, length 104, checksum 0xd730 dscp CS0 ecn NON_ECN
fragment id 0x
UDP: 500 -> 500
length 84, checksum 0x
02:01:20:705389: ip4-local
UDP: 192.168.50.2 -> 192.168.50.1
tos 0x00, ttl 254, length 104, checksum 0xd730 dscp CS0 ecn NON_ECN
fragment id 0x
UDP: 500 -> 500
length 84, checksum 0x
02:01:20:705392: ip4-udp-lookup
UDP: src-port 500 dst-port 500
02:01:20:705393: ikev2-ip4
ikev2: sw_if_index 2, next index 1
02:01:20:705402: error-drop
rx:host-veth0
02:01:20:705403: drop
ip4-udp-lookup: No error
Any idea?
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#20532): https://lists.fd.io/g/vpp-dev/message/20532
Mute This Topic: https://lists.fd.io/mt/87258890/21656
Group Owner: vpp-dev+ow...@lists.fd.io
Unsubscribe: https://lists.fd.io/g/vpp-dev/unsub [arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-
