[vpp-dev] #lb vpp lb does not works with my configuration
Hi, I am trying to test vpp load balance for my scenario. I create two pairs of veth on host linux, and connect vpp and two Nginx containers by them. A physical NIC is used by VPP as eth0 , and I create a loopback interface (loop0), finally I add the two host-interfaces and the loopback interface in the same bridge domain. the network toplogic is just like this picture. I can ping vpp eth0 within container. I hope the traffic from external can reach the nginx containers. Then I would like to enable the vpp load balance feature, the configuration is like this: set interface state eth0 up set interface mtu 1500 eth0 set interface ip address eth0 10.161.30.5/24 ip route add 0.0.0.0/0 via 10.161.30.1 create host-interface name vpp1host create host-interface name vpp2host set interface state host-vpp1host up set interface state host-vpp2host up create loopback interface set interface state loop0 up set interface mtu 1500 host-vpp1host set interface mtu 1500 host-vpp2host set interface mtu 1500 loop0 create bridge-domain 1 set interface l2 bridge host-vpp1host 1 set interface l2 bridge host-vpp2host 1 set interface l2 bridge loop0 1 bvi set interface ip address loop0 2.2.2.1/24 lb conf ip4-src-address 2.2.2.1 lb vip 10.161.30.5/32 protocol tcp port 80 encap nat4 type clusterip target_port 80 lb as 10.161.30.5/32 protocol tcp port 80 2.2.2.10 2.2.2.20 lb set interface nat4 in loop0 (after I add this configuration, the loop0 interface can not reach container). DBGvpp# show lb vips verbose ip4-nat4 [1] 10.161.30.5/32 new_size:1024 protocol:6 port:80 type:clusterip port:20480 target_port:80 counters: packet from existing sessions: 0 first session packet: 0 untracked packet: 0 no server configured: 0 #as:2 2.2.2.20 512 buckets 0 flows dpo:18 used 2.2.2.10 512 buckets 0 flows dpo:17 used --- By the way,I also tried nat44 static mapping, and it works. nat44 add address 10.161.30.5 set interface nat44 in loop0 out eth0 nat44 add load-balancing static mapping protocol tcp external 10.161.30.5:80 local 2.2.2.10:80 probability 50 local 2.2.2.20:80 probability 50 So , can any one check where is the problem? -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#15835): https://lists.fd.io/g/vpp-dev/message/15835 Mute This Topic: https://lists.fd.io/mt/72464203/21656 Mute #lb: https://lists.fd.io/mk?hashtag=lb&subid=1480452 Group Owner: vpp-dev+ow...@lists.fd.io Unsubscribe: https://lists.fd.io/g/vpp-dev/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
[vpp-dev] How to forward specific traffic to Linux kernel when using IPV6 address on VPP physical port?
Dear VPP experts, If we configure an IPV6 address on the physical port managed by VPP, some traffic to this IPV6 address should be handled by VPP, but some specified traffic (use port + protocol type to identify, like ssh) need to be forwarded to Linux kernel, I can use veth or tun/tap to connect VPP and Linux kernel. For IPV4 scenario, I can use nat44. But how shall I do for IPV6 scenario. I considered NAT64, but seems it need some prefix to identify whether process the traffic or just forward to ipv4 domain, so it will be another different IPV6 address., this is not as expected. Please kindly give some advice, thanks. Jerry -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#17306): https://lists.fd.io/g/vpp-dev/message/17306 Mute This Topic: https://lists.fd.io/mt/76548587/21656 Group Owner: vpp-dev+ow...@lists.fd.io Unsubscribe: https://lists.fd.io/g/vpp-dev/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
Re: [vpp-dev] How to forward specific traffic to Linux kernel when using IPV6 address on VPP physical port?
By the way, The application on Linux also can start a tcp connection or send packet out first through veth and VPP, hope this scenario can also be satisfied. At 2020-09-01 10:06:35, "Jinlei Li" wrote: Dear VPP experts, If we configure an IPV6 address on the physical port managed by VPP, some traffic to this IPV6 address should be handled by VPP, but some specified traffic (use port + protocol type to identify, like ssh) need to be forwarded to Linux kernel, I can use veth or tun/tap to connect VPP and Linux kernel. For IPV4 scenario, I can use nat44. But how shall I do for IPV6 scenario. I considered NAT64, but seems it need some prefix to identify whether process the traffic or just forward to ipv4 domain, so it will be another different IPV6 address., this is not as expected. Please kindly give some advice, thanks. Jerry -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#17307): https://lists.fd.io/g/vpp-dev/message/17307 Mute This Topic: https://lists.fd.io/mt/76548587/21656 Group Owner: vpp-dev+ow...@lists.fd.io Unsubscribe: https://lists.fd.io/g/vpp-dev/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
[vpp-dev] The gratuitous ARP issue
Hi guys, During my test environment, I have two physical interfaces in the same broadcast domain, and they are configured with IPs of different subnet. I tried to ping 10.161.26.23 first, and I can see its’s mac address by “show ip neighbor” But if 10.161.26.23 send a gratuitous ARP broadcast, the other interface can also see this item(like the following picture). I think this is not expected, and I tried same scenario on linux, this arp item will not be seen on another interface. I find This problem occurs on both v20.01 and v20.05. Can any one help to check this issue? Regards Jinlei -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#17459): https://lists.fd.io/g/vpp-dev/message/17459 Mute This Topic: https://lists.fd.io/mt/76951004/21656 Group Owner: vpp-dev+ow...@lists.fd.io Unsubscribe: https://lists.fd.io/g/vpp-dev/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
[vpp-dev] Qeustion about qos mark
Hi guys, I am testing the Qos mark feature recently, my useage is like this: When I use vpp to send a udp packet by a vlan sub-interface, I want to mark dscp and vlan pri at the same time. So I create a qos egress map like this and qos mark the output interface. qos egress map id 0 [ip][0]=30 qos egress map id 0 [vlan][0]=5 qos egress map id 0 [ip][1]=32 qos egress map id 0 [vlan][1]=6 qos mark vlan GigabitEthernet6/0/2.30 id 0 I tried to mark the packet like this (993-995) I add some log and capture the output packet, I can only see IP dscp is marked as expected and Vlan pri is not . I checked the qos_mark_inline function, and it only use the input_source to get the qos bits, so it will always get qos value for IP dscp, as I can only mark the qos.source as IP or VLAN, can not mark it as both of them. So should I use output_source to get qos0 ? I tried to modified the code with output_source, and it works as expected. Regards Jinlei -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#17488): https://lists.fd.io/g/vpp-dev/message/17488 Mute This Topic: https://lists.fd.io/mt/77025751/21656 Group Owner: vpp-dev+ow...@lists.fd.io Unsubscribe: https://lists.fd.io/g/vpp-dev/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
Re: [vpp-dev] The gratuitous ARP issue
Hi neale, I think you should first add the ip neigbor entry to pg2 first, and then send garp to pg1 with mac of pg2 remote host. Otherwise I think the enty will not be generated by garp it self. Regards Jinlei At 2020-09-23 19:28:36, "Neale Ranns via lists.fd.io" wrote: Hi Jinlei, I created this UT case: https://gerrit.fd.io/r/c/vpp/+/29035 which IIUC re-creates your setup. But, as I would expect, the GARPs are dropped because the IP subnet is not on link. Please verify if it matches your setup. /neale From: Jerry Li Date: Tuesday 22 September 2020 at 04:02 To: "Neale Ranns (nranns)" Cc: "vpp-dev@lists.fd.io" Subject: Re:Re: [vpp-dev] The gratuitous ARP issue Hi neale, Thanks for your reply. Attached the pcaps file for my test. I tried to set the Opcode of arp packet as request(1) or reply(2), both the same occurs on vpp. Regards Jinlei. At 2020-09-21 22:39:46, "Neale Ranns via lists.fd.io" wrote: Hi Jinlei, Could you please send me a pcap capture of the grat-arp that VPP receives. Then I can duplicate the case in the UT. Thanks, neale From: on behalf of Jinlei Li Date: Saturday 19 September 2020 at 11:56 To: "vpp-dev@lists.fd.io" Subject: [vpp-dev] The gratuitous ARP issue Hi guys, During my test environment, I have two physical interfaces in the same broadcast domain, and they are configured with IPs of different subnet. I tried to ping 10.161.26.23 first, and I can see its’s mac address by “show ip neighbor” But if 10.161.26.23 send a gratuitous ARP broadcast, the other interface can also see this item(like the following picture). I think this is not expected, and I tried same scenario on linux, this arp item will not be seen on another interface. I find This problem occurs on both v20.01 and v20.05. Can any one help to check this issue? Regards Jinlei -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#17493): https://lists.fd.io/g/vpp-dev/message/17493 Mute This Topic: https://lists.fd.io/mt/76951004/21656 Group Owner: vpp-dev+ow...@lists.fd.io Unsubscribe: https://lists.fd.io/g/vpp-dev/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
Re: [vpp-dev] The gratuitous ARP issue
Hi neale, I just verified and I think it is fixed, thanks alot! Regards Jinlei At 2020-09-24 23:01:14, "Neale Ranns via lists.fd.io" wrote: Hi Jinlei, Thank you for the info. I have updated the UT to reflect this and the problem was seen. I have fixed the issue and updated the patch. /neale From: Jerry Li Date: Wednesday 23 September 2020 at 17:42 To: "Neale Ranns (nranns)" Cc: "vpp-dev@lists.fd.io" Subject: Re:Re: [vpp-dev] The gratuitous ARP issue Hi neale, I think you should first add the ip neigbor entry to pg2 first, and then send garp to pg1 with mac of pg2 remote host. Otherwise I think the enty will not be generated by garp it self. Regards Jinlei At 2020-09-23 19:28:36, "Neale Ranns via lists.fd.io" wrote: Hi Jinlei, I created this UT case: https://gerrit.fd.io/r/c/vpp/+/29035 which IIUC re-creates your setup. But, as I would expect, the GARPs are dropped because the IP subnet is not on link. Please verify if it matches your setup. /neale From: Jerry Li Date: Tuesday 22 September 2020 at 04:02 To: "Neale Ranns (nranns)" Cc: "vpp-dev@lists.fd.io" Subject: Re:Re: [vpp-dev] The gratuitous ARP issue Hi neale, Thanks for your reply. Attached the pcaps file for my test. I tried to set the Opcode of arp packet as request(1) or reply(2), both the same occurs on vpp. Regards Jinlei. At 2020-09-21 22:39:46, "Neale Ranns via lists.fd.io" wrote: Hi Jinlei, Could you please send me a pcap capture of the grat-arp that VPP receives. Then I can duplicate the case in the UT. Thanks, neale From: on behalf of Jinlei Li Date: Saturday 19 September 2020 at 11:56 To: "vpp-dev@lists.fd.io" Subject: [vpp-dev] The gratuitous ARP issue Hi guys, During my test environment, I have two physical interfaces in the same broadcast domain, and they are configured with IPs of different subnet. I tried to ping 10.161.26.23 first, and I can see its’s mac address by “show ip neighbor” But if 10.161.26.23 send a gratuitous ARP broadcast, the other interface can also see this item(like the following picture). I think this is not expected, and I tried same scenario on linux, this arp item will not be seen on another interface. I find This problem occurs on both v20.01 and v20.05. Can any one help to check this issue? Regards Jinlei -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#17513): https://lists.fd.io/g/vpp-dev/message/17513 Mute This Topic: https://lists.fd.io/mt/76951004/21656 Group Owner: vpp-dev+ow...@lists.fd.io Unsubscribe: https://lists.fd.io/g/vpp-dev/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
[vpp-dev] VPP synchronize the ip address from physical interface to tun interface (vnet), but did not synchronize the route.
Hi guys, I modified the startup.conf and enabled the tuntap interface. After vpp (vpp20.01) startup, it will create a tun interface named “vnet” in host linux. If I add an ip address to the physical interface, the same ip address will be added to vnet. But if I add an route entry, it will not. So the question is : Why vpp not synchronize route to host linux? DBGvpp# set interface state TenGigabitEthernet7/0/0 up DBGvpp# set interface ip address TenGigabitEthernet7/0/0 10.161.26.9/24 DBGvpp# ip route add 10.161.55.0/24 via 10.161.26.1 DBGvpp# show interface addr TenGigabitEthernet7/0/0 (up): L3 10.161.26.9/24 local0 (dn): tuntap-0 (up): DBGvpp# show fib entry FIB Entries: 0@0.0.0.0/0 unicast-ip4-chain [@0]: dpo-load-balance: [proto:ip4 index:1 buckets:1 uRPF:0 to:[0:0]] [0] [@0]: dpo-drop ip4 1@0.0.0.0/32 unicast-ip4-chain [@0]: dpo-load-balance: [proto:ip4 index:2 buckets:1 uRPF:1 to:[0:0]] [0] [@0]: dpo-drop ip4 2@240.0.0.0/4 unicast-ip4-chain [@0]: dpo-load-balance: [proto:ip4 index:3 buckets:1 uRPF:2 to:[0:0]] [0] [@0]: dpo-drop ip4 3@224.0.0.0/4 unicast-ip4-chain [@0]: dpo-load-balance: [proto:ip4 index:4 buckets:1 uRPF:3 to:[0:0]] [0] [@0]: dpo-drop ip4 4@255.255.255.255/32 unicast-ip4-chain [@0]: dpo-load-balance: [proto:ip4 index:5 buckets:1 uRPF:4 to:[0:0]] [0] [@0]: dpo-drop ip4 5@::/0 unicast-ip6-chain [@0]: dpo-load-balance: [proto:ip6 index:6 buckets:1 uRPF:5 to:[0:0]] [0] [@0]: dpo-drop ip6 6@fe80::/10 unicast-ip6-chain [@0]: dpo-load-balance: [proto:ip6 index:7 buckets:1 uRPF:6 to:[0:0]] [0] [@14]: ip6-link-local 7@10.161.26.0/24 unicast-ip4-chain [@0]: dpo-load-balance: [proto:ip4 index:9 buckets:1 uRPF:8 to:[0:0]] [0] [@4]: ipv4-glean: TenGigabitEthernet7/0/0: mtu:9000 00a0c9000806 8@10.161.26.0/32 unicast-ip4-chain [@0]: dpo-load-balance: [proto:ip4 index:10 buckets:1 uRPF:9 to:[0:0]] [0] [@0]: dpo-drop ip4 9@10.161.26.255/32 unicast-ip4-chain [@0]: dpo-load-balance: [proto:ip4 index:11 buckets:1 uRPF:11 to:[0:0]] [0] [@0]: dpo-drop ip4 10@10.161.26.9/32 unicast-ip4-chain [@0]: dpo-load-balance: [proto:ip4 index:12 buckets:1 uRPF:13 to:[0:0]] [0] [@2]: dpo-receive: 10.161.26.9 on TenGigabitEthernet7/0/0 11@10.161.55.0/24 unicast-ip4-chain [@0]: dpo-load-balance: [proto:ip4 index:14 buckets:1 uRPF:14 to:[0:0]] [0] [@12]: dpo-load-balance: [proto:ip4 index:13 buckets:1 uRPF:12 to:[0:0]] [0] [@3]: arp-ipv4: via 10.161.26.1 TenGigabitEthernet7/0/0 12@10.161.26.1/32 unicast-ip4-chain [@0]: dpo-load-balance: [proto:ip4 index:13 buckets:1 uRPF:12 to:[0:0]] [0] [@3]: arp-ipv4: via 10.161.26.1 TenGigabitEthernet7/0/0 [root@localhost ~]# ip route default via 192.169.46.1 dev eth0 10.161.26.0/24 dev vnet proto kernel scope link src 10.161.26.9 169.254.0.0/16 dev eth0 scope link metric 1011 169.254.0.0/16 dev eth3 scope link metric 1012 169.254.0.0/16 dev eth6 scope link metric 1013 169.254.0.0/16 dev eth4 scope link metric 1015 169.254.0.0/16 dev eth2 scope link metric 1016 169.254.0.0/16 dev eth5 scope link metric 1017 192.168.122.0/24 dev virbr0 proto kernel scope link src 192.168.122.1 192.169.46.0/24 dev eth0 proto kernel scope link src 192.169.46.244 [root@localhost ~]# ip addr 1: lo: mtu 65536 qdisc noqueue state UNKNOWN qlen 1 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 inet 127.0.0.1/8 scope host lo valid_lft forever preferred_lft forever inet6 ::1/128 scope host valid_lft forever preferred_lft forever 9: virbr0: mtu 1500 qdisc noqueue state DOWN qlen 1000 link/ether 52:54:00:0d:71:d9 brd ff:ff:ff:ff:ff:ff inet 192.168.122.1/24 brd 192.168.122.255 scope global virbr0 valid_lft forever preferred_lft forever 10: virbr0-nic: mtu 1500 qdisc pfifo_fast master virbr0 st ate DOWN qlen 1000 link/ether 52:54:00:0d:71:d9 brd ff:ff:ff:ff:ff:ff 11: eth0: mtu 1500 qdisc mq state UP qlen 1000 link/ether 00:a0:c9:20:00:06 brd ff:ff:ff:ff:ff:ff inet 192.169.46.244/24 brd 192.169.46.255 scope global eth0 valid_lft forever preferred_lft forever inet6 fe80::2a0:c9ff:fe20:6/64 scope link valid_lft forever preferred_lft forever 12: eth3: mtu 1500 qdisc mq state UP qlen 1000 link/ether 00:a0:c9:06:11:13 brd ff:ff:ff:ff:ff:ff inet6 fe80::2a0:c9ff:fe06:1113/64 scope link valid_lft forever preferred_lft forever 13: eth6: mtu 1500 qdisc mq state DOWN qlen
Re: [vpp-dev] VPP synchronize the ip address from physical interface to tun interface (vnet), but did not synchronize the route.
Hi Ben,
Thanks for your reply. I agree with you, I will configure both host and vpp use
my agent.
But I am still alittle confused. As if you check the function
"tuntap_ip4_add_del_interface_address()" in tuntap.c. This function will be
called by ip4_add_del_interface_address_internal() in ip4_forward.c. So the ip
adress added to vpp physical interface will also be added to host interface.
So I'd like to know the reason about this? Can you please explain more?
Thanks
Jinlei
At 2021-01-04 16:32:58, "Benoit Ganne (bganne)" wrote:
>Hi,
>
>> I modified the startup.conf and enabled the tuntap interface.
>> After vpp (vpp20.01) startup, it will create a tun interface named "vnet"
>> in host linux. If I add an ip address to the physical interface, the same
>> ip address will be added to vnet. But if I add an route entry, it will
>> not. So the question is : Why vpp not synchronize route to host linux?
>
>VPP does not synchronize Linux and VPP config.
>If you use VPP native TAP driver ('create tap ...') you can specify the
>'host-ip4-addr ' to set an IP address on Linux side but it is
>merely for convenience, and it is only done at init time. Any configuration
>change in VPP will not be propagated to Linux and vice-versa.
>The usual way is for your agent to configure both VPP and Linux.
>
>Best
>ben
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#18461): https://lists.fd.io/g/vpp-dev/message/18461
Mute This Topic: https://lists.fd.io/mt/79415753/21656
Group Owner: vpp-dev+ow...@lists.fd.io
Unsubscribe: https://lists.fd.io/g/vpp-dev/unsub [arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-
