gt;
> Best regards,
> Ole
>
> > On 12 Sep 2022, at 08:38, Vijay Kumar wrote:
> >
> >
> > Hi,
> >
> > Based on exploring the files/folder in the source code that I
> downloaded, it is very much clear that there is no support for dynamic
> routing in
Hi,
Based on exploring the files/folder in the source code that I downloaded,
it is very much clear that there is no support for dynamic routing in VPP
right now.
I believe right now, the only option to route traffic from VPP is by adding
the static routes.
Is there any plan to support BGP or OS
Hi experts,
Has anyone seen this below crash back-trace happening during the TX?
Cras was seen in this function rte_ipv6_phdr_cksum
The QA was trying to run a call model with about 200 UEs trying to connect
to VPP and the crash was seen. This doesn't always happen.
Any pointers on this is highly
Thanks Neale.
Looks like next node index 28 is invalid.
Regards
On Wed, 27 Jul 2022, 10:18 Neale Ranns, wrote:
>
>
>
>
> *From: *vpp-dev@lists.fd.io on behalf of Vijay
> Kumar via lists.fd.io
> *Date: *Wednesday, 27 July 2022 at 11:27
> *To: *vpp-dev
> *S
either 1) can’t be propagated over shared
> memory message queue to app, because mq is congested or is 2) rejected by a
> builtin app
>
> Regards,
> Florin
>
> On Jul 26, 2022, at 7:13 PM, Vijay Kumar wrote:
>
> Hi experts,
>
> We are seeing the below counters being pe
Hi experts,
We are seeing the below counters being pegged. The scenario is the UEs are
trying to establish TCP with VPP.
It would be highly appreciated if anyone could tell us why we see the msg
queue full counter shown below?
1 tcp4-rcv-process Events not sent for lac
Hi experts,
I am seeing this callstack where the enque next crashes due to sig abort.
Pls let me know possible reasons for this call stack. I highly appreciate
any response related to this bt.
Program terminated with signal SIGABRT, Aborted.
#0 __pthread_kill_implementation (threadid=,
signo=si
test it anymore. I would suggest you start with
> a UT in VPP and go from there. Maybe extend the algos in MyParameters in
> test/test_ipsec_esp.py
>
>
>
> /neale
>
>
>
> *From: *vpp-dev@lists.fd.io on behalf of Vijay
> Kumar via lists.fd.io
> *Date: *Thursday,
with IPSEC SA. Basically our application receives the SA
and calls the ipsec_sa_add_and_lock() API to install the SA.
2) We have tested AES128, ASE256, 3DES and they were working fine. The code
to receive keys from IKE stack and program the vnet/ipsec is the same.
Regards,
Vijay Kumar N.
-=-=
vpp-21.06.0-5~gfad0b64b3_dirty.x86_64/src/vppinfra/longjmp.S:123
> #13 0x7f54837fdc80 in ?? ()
> #14 0x7f584847b1e9 in eal_thread_loop.cold () from
> /usr/lib/vpp_plugins/dpdk_plugin.so
> #15 0x in ?? ()
>
>
>
>
> Regards,
> Vijay Kumar N
>
>
>
>
gjmp.S:123
#13 0x7f54837fdc80 in ?? ()
#14 0x7f584847b1e9 in eal_thread_loop.cold () from
/usr/lib/vpp_plugins/dpdk_plugin.so
#15 0x in ?? ()
Regards,
Vijay Kumar N
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#213
that. This really looks like your
> ike implementation failed to program the right SA from time to time: once
> it failed, it remains wrong until the next re-negotiation fixes it.
> Did you check the SAs are correctly programmed when you see integrity
> failures?
>
> Best
> ben
>
Hi Neale/Benoit,
Let me know if a similar problem was reported in vnet/ipsec.
I am not having any clue on this.
Your help is much appreciated.
Regards.
On Fri, 1 Apr 2022, 17:39 Vijay Kumar via lists.fd.io, wrote:
> Hi Neale/Benoit,
>
> In my product, we don't use the ikev2
Hi Neale/Benoit,
In my product, we don't use the ikev2 plugin of vpp. We use another
vendor's IKE stack (we just disabled the ikev2 vpp plugin register) which
will do the signalling and install keys to the vpp ipsec (our application
uses the ipsec_sa_add_and_lock() API to program the keys.
We are
t; Florin
>
> On Mar 20, 2022, at 4:27 AM, Vijay Kumar wrote:
>
> Hi Florin,
>
> Thanks for the wonderful suggestion.
>
> Upon adding the below option the tcp_listen works fine. The syn-ack is
> being sent from vpp to peer and the TCP handshake is completing
> successful
;
> Regards,
> Florin
>
> On Mar 16, 2022, at 11:15 AM, Vijay Kumar wrote:
>
> Hi Florin,
>
> My application code has not changed b/w 20.05 and 21.06. The below is the
> code snippet of my application that binds the TCP listen IP/Port
> The option that you mentioned
set APP_OPTIONS_ADD_SEGMENT_SIZE in the
> attach options passed to vnet_application_attach. Some vpp versions ago we
> switched to using the first fifo segment as connects segment and all
> listeners allocate their first segments based on size provided with this
> option. If not provided
error
3346 ethernet-inputunknown
vlanerror
On Wed, Mar 16, 2022 at 1:31 PM Vijay Kumar wrote:
> Hi Florin,
>
> Thanks for the clarification about the TCP changes b/w the 2 releases
>
> I will use your patch, hopefully I wil
Hi Vijay,
>
> On Mar 15, 2022, at 9:58 PM, Vijay Kumar wrote:
>
> Hi florin,
>
> Thanks a lot for helping me out. I will try your patch and update you with
> the result.
>
>
> Thanks!
>
>
>
> A general observation
> ==
> In my se
it seems
> the listen node is not reporting anything but syns received. Here’s a patch
> that might help [1]. It might not cherry-pick cleanly on 21.06.
>
> Regards,
> Florin
>
> [1] https://gerrit.fd.io/r/c/vpp/+/35654
>
> On Mar 15, 2022, at 7:54 PM, Vijay Kumar wrote:
ackets were directly sent to output. More recently we’ve started
> dispatching syn-acks through the session layer in order to minimize size of
> tx bursts per dispatch.
>
> Regards,
> Florin
>
> On Mar 15, 2022, at 6:08 PM, Vijay Kumar wrote:
>
> Hi Florin,
>
> Thank
Regards,
> Florin
>
> On Mar 15, 2022, at 3:50 AM, Vijay Kumar wrote:
>
> The is the output of show trace and show interface
>
>
> Packet 36
>
> 00:03:26:875694: dpdk-input
> VirtualFuncEthernet0/7/0 rx queue 0
> buf
ip4
1036
memif128/06 up 0/65535/0/0
memif192/07 up 0/65535/0/0
memif210/015 up 0/65535/0/0
memif210/116 up 0/65535/0/0
vpp
Hi experts,
I recently integrated vpp stack 21.06 and am running my NAS TCP protocol
test cases. The pcap dispatch trace that I captured shows the TCP SYN
packets are coming to tcp-input() and then to tcp-listen() but from here
pkts are dropped instead of going to tcp-output() graph nodes for sen
Thank you for the useful information Benoit...
On Wed, Feb 2, 2022 at 7:20 PM Benoit Ganne (bganne)
wrote:
> > Apart from enabling SPD on an interface, anything else needs to be
> > configured to be able to use ipsec4_output_feature?
>
> Not sure what you mean here, but obviously you'll need t
interface eg. with cli ' set
> interface ipsec spd ' or API ipsec_interface_add_del_spd.
>
> ben
>
> > -Original Message-
> > From: vpp-dev@lists.fd.io On Behalf Of Vijay Kumar
> > Sent: mercredi 2 février 2022 11:20
> > To: vpp-dev
&g
is feature where we can use the ipsec4_output_node to
do policy matching?
Regards,
Vijay Kumar N
On Thu, Jan 27, 2022 at 11:20 PM Vijay Kumar wrote:
> Hi all,
>
> I am using fdio vpp stack 20.05 and am using the vnet/ipsec that is
> programmed by non-vpp IKEv2 stack. I observe that i
Hi all,
I am using fdio vpp stack 20.05 and am using the vnet/ipsec that is
programmed by non-vpp IKEv2 stack. I observe that in the data-path always
"esp4-decrypt-tun" is hit for inbound packets while "esp-encrypt-tun" is
hit for all outbound packets.
I think these two graph nodes are hit becaus
n case, making it slower.
> Changing CLIB_CACHE_LINE_BYTES is a very bad idea as it will change the
> layout of many internal data structures, wasting memory and hurting
> prefetch.
>
> Best
> ben
>
> > -Original Message-
> > From: vpp-dev@lists.fd.io On Behalf Of
Hi experts,
I am facing a compilation issue due to the STATIC assert defined
on cacheline1 field in the ipsec_sa_t.
I tried to add 2 new fields above the (ALIGN_MARK macro mentioned) for my
product specific use-case but I am unable to add because of this static
ASSERT
/* data accessed by datapla
Hi experts,
We are seeing a crash on our setup, below is the call stack. We have not
seen this call stack earlier.
The crash is seen when the packet is enqueued to thread.
Does anyone know why we are hitting the ipsec_handoff() flow though we
have only one worker in the cluster?
vpp# show thre
Hi Neale,
Thank you for the valuable information.
I shall use the spd header file as reference.
Regards.
On Wed, Aug 11, 2021 at 5:51 PM Neale Ranns wrote:
> Hi Vijay,
>
>
>
> Use the APIs in ipsec_spd.h
>
>
>
> /neale
>
>
>
> *From: *Vijay Kumar
&g
supports route-based VPNs (where a tunnel
> interface is created) and not policy based (where the SPD is used).
>
>
>
> /neale
>
>
>
>
>
> *From: *vpp-dev@lists.fd.io on behalf of Vijay
> Kumar via lists.fd.io
> *Date: *Wednesday, 11 August 2021 at 13:
Hi Neale,
I was looking at* ipsec_sa_add_and_lock*() function which is called by
ikev2 to install IPSEC SA but I was NOT able to find anywhere the IKEv2
negotiated traffic selectors: IP addr range (start, stop) and port range
(start, stop) being programmed to the vnet/ipsec. In such a case, how do
is caused
decryption failure or Integrity check failure when SS sent IPSEC pkts.
*NOTE*: -
Whenever the keys generated did not have a '0' byte, there was no issue. It
used to work fine in such cases.
On Mon, Aug 2, 2021 at 5:34 PM Neale Ranns wrote:
>
>
>
>
> *From: *Vija
gt;
>
> No I don’t see random failures. Do they occur during a rekeying event?
>
>
>
> /neale
>
>
>
> *From: *vpp-dev@lists.fd.io on behalf of Vijay
> Kumar via lists.fd.io
> *Date: *Monday, 2 August 2021 at 08:43
> *To: *vpp-dev
> *Subject: *Re: [vpp-dev]
Hi Neale,
Do you have any suggestions for this problem.
Did you face this random issue anytime?
On Sat, Jul 31, 2021 at 7:05 PM Vijay Kumar via lists.fd.io wrote:
> Hi Neale,
>
> I am testing data traffic b/w Strongswan and VPP but sometimes data
> traffic is dropped in *esp4
Hi Neale,
I am testing data traffic b/w Strongswan and VPP but sometimes data traffic
is dropped in *esp4-decrypt-tun *graph node. Sometimes it is dropped with
"Integrity failure" while sometimes it is "Unsupported payload"
But if I delete the tunnel and re-establish IPSec SA, then it works fine.
, then you achieve inner packet fragmentation.
>
>
>
> /neale
>
>
>
> *From: *vpp-dev@lists.fd.io on behalf of Vijay
> Kumar via lists.fd.io
> *Date: *Friday, 16 July 2021 at 12:00
> *To: *vpp-dev
> *Subject: *[vpp-dev] Does VPP IPSec support inner fragementation
>
&g
Hi,
Does VPP IPSec support fragmentation of the traffic. I mean if VPP finds
that the size of the inner IP datagram with or without adding ESP headers
is going to be greater than the size of MTU then does VPP fragment packet?
Regards
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent
flag to do this.
>
>
>
> /neale
>
>
>
>
>
> *From: *Vijay Kumar
> *Date: *Wednesday, 16 June 2021 at 16:28
> *To: *Neale Ranns
> *Cc: *vpp-dev
> *Subject: *Re: [vpp-dev] Regarding DPO object
>
> Hi Neale,
>
>
>
> The ABF is ACL based matching and f
t; The FIB will only match against a destination prefix. If you want to use
> DPOs with more complex matching, try the ABF plugin.
>
>
>
> /neale
>
>
>
>
>
> *From: *vpp-dev@lists.fd.io on behalf of Vijay
> Kumar via lists.fd.io
> *Date: *Wednesday, 16 June 20
Hi experts,
I am creating a DPO object (for protocol IP4) and am tying an UE prefix for
this DPO and adding the corresponding entry to the FIB table.
I have a graph node to which I need to post all IP packets matching a range
of source IPs.
Does the DPO work only for packets destined to a certai
Thanks a lot Florin..
On Thu, 10 Jun 2021, 19:51 Florin Coras, wrote:
> Hi Vijay,
>
> Yes. It can reply to but won’t originate keepalives.
>
> Regards,
> Florin
>
> On Jun 9, 2021, at 11:04 PM, Vijay Kumar wrote:
>
> Hi Florin,
>
> Thanks for the informa
t; a tcp connection tracker and some heuristic to detect keepalives or a
> transparent tcp proxy.
>
> Regards,
> Florin
>
> On Jun 9, 2021, at 5:14 AM, Vijay Kumar wrote:
>
> Hi experts,
>
> Is there any way in which one can control TCP KA sending in VPP?
>
Hi Neale,
Does VPP ensure pkts belonging to the same IPSec SA always execute in the
same worker?
Regards.
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#19542): https://lists.fd.io/g/vpp-dev/message/19542
Mute This Topic: https://lists.fd.io/mt/8
Hi experts,
Is there any way in which one can control TCP KA sending in VPP?
On Sat, Jun 5, 2021 at 10:48 PM Vijay Kumar via lists.fd.io wrote:
> Hi,
>
> Is there any way we can control TCP graph node KA sending?
>
> My GW device is running VPP and connects with mobile p
Hi,
Is there any way we can control TCP graph node KA sending?
My GW device is running VPP and connects with mobile phones. I have a
requirement like my GW VPP must not send TCP KA if there is already traffic
flowing with the peers (mobile phones). This is to prevent mobile phone
batteries gettin
Thank you much Neale.
Your inputs really helped.
On Tue, May 25, 2021, 23:57 Neale Ranns wrote:
>
>
> Hi Vijay,
>
>
>
> It is called from ipX-midchain.
>
>
>
> /neale
>
>
>
> *From: *Vijay Kumar
> *Date: *Tuesday, 25 May 2021 at 17:08
>
gt; deals with the extra headers you want.
>
>
>
> /neale
>
>
>
>
>
> *From: *vpp-dev@lists.fd.io on behalf of Vijay
> Kumar via lists.fd.io
> *Date: *Tuesday, 25 May 2021 at 14:07
> *To: *vpp-dev
> *Subject: *[vpp-dev] Regarding vnet/gre
>
> Hi,
&
Hi,
I have a requirement to add extension fields (like QFI, RQI) into the GRE
packet header leaving the VPP.
Upon analyzing the packet trace, I found that gre4_input graph node is
called whenever GRE packets enter VPP but for outgoing packets, the GRE
header is added by the tunnel's mid-chain adj
Ok, thanks Neale.
Is there any plan to develop the IPSec redundancy in future?
On Fri, May 21, 2021 at 5:01 PM Neale Ranns wrote:
> Hi Vijay,
>
>
>
> It does not.
>
>
>
> /neale
>
>
>
> *From: *vpp-dev@lists.fd.io on behalf of Vijay
> Kumar via lists
Hi,
Does the latest IPSec code support HA.
I am interested to know if ESP sequence number backing to the peer VPP is
implemented?
Regards,
Vijay
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#19419): https://lists.fd.io/g/vpp-dev/message/19419
M
gt; > From: vpp-dev@lists.fd.io On Behalf Of Vijay Kumar
> > Sent: vendredi 7 mai 2021 10:24
> > To: vpp-dev
> > Subject: Re: [vpp-dev] My plugin is not getting IKE packets on port 4500
> >
> > Hi experts,
> >
> > Gentle reminder.
> > Has someone f
Hi experts,
Gentle reminder.
Has someone faced this issue before
On Thu, May 6, 2021 at 6:04 PM Vijay Kumar via lists.fd.io wrote:
> Hi team,
>
> I have implemented a new isakmp plugin that will register with udp for
> port 500 and 4500 IKE pkts as shown below (In my cluster,
Hi team,
I have implemented a new isakmp plugin that will register with udp for port
500 and 4500 IKE pkts as shown below (In my cluster, we don't use the
default ikev2 plugin of VPP. The IKEv2 plugin is disabled as we are using
3rd party IKE stack)
The peer of VPP is Strongswan client.
My plugi
only mGRE on default FIB
and also mGRE-over-IPSec on default FIB. I had taken the patch (teib_add
related fix)given by you but still the traffic was failing. I wil check
this further today.
Regards,
Vijay
On Fri, Mar 26, 2021 at 7:15 PM Vijay Kumar wrote:
> Hi Neale,
>
> My SA is in tu
.fd.io/view/VPP/IPSec#Protection_Model
>
>
>
> /neale
>
>
>
> *From: *Vijay Kumar
> *Date: *Friday, 26 March 2021 at 02:13
> *To: *Neale Ranns
> *Cc: *vpp-dev
> *Subject: *Re: [vpp-dev] GRE-over-IPSec fails
>
> Hi Neale,
>
>
>
> Is this issue due
2021, 19:41 Vijay Kumar, wrote:
> Hi Neale,
>
> I was able to make a good progress for the GRE-over-IPSec use case. But
> stumbled at the last step.
> I have explained the problem faced (an extra IP header added by VPP,
> overall 4 IP headers in the pkt) and other deta
‘sh ipsec protect’ to see
> which tunnel that is associated with. You can also see the lookup table
> with ‘sh ipsec protect-hash’.
>
>
>
> If you remove (or admin down) the ipip tunnel, does it work?
>
>
>
> /neale
>
>
>
>
>
> *From: *Vijay Kumar
>
> ICMP echo_request checksum 0xd748
>
> 00:32:55:147969: ip4-rewrite
>
> tx_sw_if_index 5 dpo-idx 7 : ipv4 via 10.10.2.1 host-vpp2out: mtu:9000
> next:6 a6d09d34bf3602fe6c5a64340800 flow hash: 0x
>
> :
> a6d09d34bf3602fe6c5a6434080045546cdc40003e01b8b70a0a0101
(ipip0 and gre0) for the
peer, do I need to take care of something specially? As far as I know, I
haven't missed any config.
Regards,
Vijay Kumar N
On Mon, Mar 22, 2021 at 11:31 PM Vijay Kumar via lists.fd.io wrote:
> Hi,
>
> I am trying a test case where-in I have an GRE P2MP (m
t's happening.
> And you can try `dpkg -r vpp-ext-deps ; make install-ext-deps ; make
> rebuild` to get a clean build
>
> Cheers
> -Nathan
>
>
>
> Le lun. 22 mars 2021 à 11:09, Vijay Kumar a
> écrit :
>
>> Hi Chetan,
>>
>> I added the PCI addre
Hi,
I am trying a test case where-in I have an GRE P2MP (mGRE) tunnel on the
VPP. The GRE peer is a strongswan VM that hosts both the GRE tunnel and
IPSec SA. When I started ping traffic from SS, the traffic is dropped at
esp4-decrypt-tun graph node due to integrity check failure.
Has any one tes
ess of your nic again using ethtool -i
>
> Please share what else is coming on the console.
>
> Thanks,
> Chetan
>
> On Mon, Mar 22, 2021 at 1:58 PM Vijay Kumar wrote:
>
>> Hi,
>>
>> I was running VPP on my VM without any issues. But recently due to a lab
>
Hi,
I was running VPP on my VM without any issues. But recently due to a lab
maintenance, the VM was powered off. But now I am not able to bring it up.
Getting the error "unknown input dpdk dev :0b:00.0"
-- I have ensured the ethernet interface is set to DOWN so that VPP takes
control of it.
12 ip4-icmp-input unknown type
21 ip4-icmp-input echo replies sent
2 ethernet-input unknown vlan
vpp#
vpp#
On Sat, Mar 20, 2021 at 1:28 AM Vijay Kumar via lists.fd.io wrote:
> Hi Neale,
>
&g
patch). This patch would ensure teib gets added
properly.
I am building the change. I will update after testing.
Thank you for the support.
Regards,
Vijay Kumar N
On Sat, Mar 20, 2021 at 1:14 AM Neale Ranns wrote:
> Hi Vijay,
>
>
>
> I was able to re-produce your issue.
in the overlay via these GRE
> peers
>
>ip route add 4.4.4.4/32 via 2.1.1.4 gre1
>
> and you must specify the next hop, like on an ethernet.
>
> /neale
>
>
>
>
>
> *From: *vpp-dev@lists.fd.io on behalf of 叶东岗 via
> lists.fd.io
> *Date: *Wednesday, 17
o
> please give me exact steps to reproduce.
>
>
>
> Thanks,
>
> neale
>
>
>
> *From: *vpp-dev@lists.fd.io on behalf of Vijay
> Kumar via lists.fd.io
> *Date: *Monday, 15 March 2021 at 09:39
> *To: *vpp-dev
> *Subject: *Re: [vpp-dev] Regarding crash in AR
Adding the VPP mGRE config FYI
===
create gre tunnel src 20.20.99.99 outer-table-id 1 multipoint
set interface state gre0 up
set interface ip addr gre0 2.2.2.2/32
create teib gre0 peer 2.2.2.1 nh 7.7.7.7 nh-table-id 1
On Mon, Mar 15, 2021 at 2:06 PM Vijay Kumar wrote:
> Hi,
>
&g
-20.05.1-2~g190cc47ed_dirty.x86_64/src/vlib/main.c:1460
Regards,
Vijay Kumar N
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#18915): https://lists.fd.io/g/vpp-dev/message/18915
Mute This Topic: https://lists.fd.io/mt/81344488/21656
Group Owner: vpp-dev+ow...@l
stion not the answer.
>
>
>
> Your tunnel looks fine. Its source address matches a VPP interface, and
> packets are destined to it. However, packets don’t classify to the tunnel,
> because they arrive proto=ESP not proto=IP, which implies the sender has
> configured transport mode
nel are incorrect. The VPP IKE plugin would have set these
> addresses correctly for you based on the IKE session end point.
>
>
>
> /neale
>
>
>
>
>
> *From: *vpp-dev@lists.fd.io on behalf of Vijay
> Kumar via lists.fd.io
> *Date: *Monday, 8 March 2021 at 08
1383: ip4-punt
IPSEC_ESP: 20.20.99.215 -> 20.20.99.99
tos 0x00, ttl 64, length 152, checksum 0xbe54 dscp CS0 ecn NON_ECN
fragment id 0x8c7d, flags DONT_FRAGMENT
00:08:29:451384: error-punt
rx:VirtualFuncEthernet0/7/0.1556
00:08:29:451386: punt
* ip4-local: unknown ip protocol*
On Mon, Mar
sent back to SS. In the POC, the route entry of the
destination was fine. It was not dpo-drop.
Please suggest if there is any way to debug the traffic drops as "Unknown
ip protocol" for incoming ESP traffic and traffic drops as "blackholed
packets" for outgoing traffic
Any help is hig
Hi Neale,
Thanks for the quick answers
On Mon, Feb 22, 2021 at 9:50 PM Neale Ranns wrote:
>
>
>
>
> *From: *Vijay Kumar
> *Date: *Monday, 22 February 2021 at 16:50
> *To: *Neale Ranns
> *Cc: *vpp-dev
> *Subject: *Re: [vpp-dev] Why does ipsec plugin create ipip
Hi Neale,
Please find my comments inline.
On Mon, Feb 22, 2021 at 8:41 PM Neale Ranns wrote:
>
>
> Hi Vijsy,
>
>
>
> *From: *vpp-dev@lists.fd.io on behalf of Vijay
> Kumar via lists.fd.io
> *Date: *Monday, 22 February 2021 at 12:59
> *To: *vpp-dev
> *S
SAs?
I think it is better to alter the code to prevent creation of this logical
interface and allow IPSec plugin to just do encryption and allow the next
node "IP4-lookup" to do the routing (via phy interface)
Regards,
Vijay Kumar N
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages
tingstarted/developers/punt.html
>
> Best
> ben
>
> > -Original Message-
> > From: vpp-dev@lists.fd.io On Behalf Of Vijay Kumar
> > Sent: vendredi 12 février 2021 09:35
> > To: vpp-dev
> > Subject: [vpp-dev] Dropped packets when trying to send pac
Hi,
>From my application, I received a protocol pkt (IKE) to my graph node via
memif. This plugin is now supposed to send this pkt out towards the
strongswan peer. In the graph node, I had the next node to IP4-lookup.
I observed that the pkt doesnt go out. It is dropped in "error-drop" graph
nod
quot;""
On Sun, Jan 10, 2021 at 3:39 AM Florin Coras wrote:
> Hi Vijay,
>
> Probably the env variable VCL_CFG lower is the problem, it should be
> VCL_CONFIG. Could you try changing the name and check if that fixes the
> issue?
>
> Regards,
> Florin
>
> On Ja
env variables also.
export VCL_CFG=/etc/vpp/vcl.conf
export LDP_PRELOAD=/usr/lib64/libvcl_ldpreload.so
I have attached these two files (vcl.conf and startup.conf) for your
reference.
Pls let me know if we are missing something or is something wrong
Regards,
Vijay Kumar N
On Sat, Jan 9, 2021 at 1
Hi,
"
vppcom_connect_to_vpp:492: vcl<98:0>: ERROR app (ldp-98-app) connect failed!
vppcom_app_create:1200: vcl<98:0>: ERROR couldn't connect to VPP!
"
Is anyone aware of this error???
I am using VCL. This is integrated as a client in my new plugin of VPP
process while the VCL is integrated in a
Hi,
"
vppcom_connect_to_vpp:492: vcl<98:0>: ERROR app (ldp-98-app) connect failed!
vppcom_app_create:1200: vcl<98:0>: ERROR couldn't connect to VPP!
"
Is anyone aware of this error???
I am using VCL. This is integrated as a client in my new plugin of VPP
process while the VCL is integrated in
provided.
> The wiki was actually incorrect. The command is:
>
> create teib peer nh [nh-table-id ]
>
> (Which I just updated)
>
>
>
> On Fri, Dec 25, 2020 at 11:19 AM Vijay Kumar
> wrote:
>
>> Hi Paul,
>>
>> Thanks for the response.
>>
t;
> [0] https://wiki.fd.io/view/VPP/IPSec
>
> On Thu, Dec 24, 2020 at 1:59 PM Vijay Kumar wrote:
>
>> Hi Paul,
>>
>> If you know about the below two questions that I asked in my last reply,
>> could you plz answer?
>>
>>
>> Regards.
>>
&g
Hi Paul,
If you know about the below two questions that I asked in my last reply,
could you plz answer?
Regards.
On Thu, 24 Dec 2020, 00:02 Vijay Kumar via lists.fd.io, wrote:
> Hi Paul,
>
> Question 1
> By physical addresses you mean the routable public IPs that form the
>
)--N3IWF
On Wed, Dec 23, 2020 at 10:12 AM Paul Vinciguerra <
pvi...@vinciconsulting.com> wrote:
> Hi Vijay,
>
> How are you planning to map the tunnel addresses to the physical addresses?
>
> On Tue, Dec 22, 2020 at 9:04 PM Vijay Kumar wrote:
>
>> Hi Paul,
&g
_gre.py#L998
>
>
> On Tue, Dec 22, 2020 at 12:47 PM Vijay Kumar
> wrote:
>
>> Hi,
>>
>> Can someone help me understand if multipoint GRE (one gre interface that
>> can communicate with multiple peers) is supported in the fd.ip GRE plugin?
>>
>> If
Hi,
Can someone help me understand if multipoint GRE (one gre interface that
can communicate with multiple peers) is supported in the fd.ip GRE plugin?
If yes, could you please share with me an example config for multi-point
GRE. In the fd.io wiki pages, I am only seeing *p2mp *configuration (poi
Hi,
I have set up IPSEC SA b/w the Strongswan (initiator) and VPP (responder).
Traffic flows fine but when I explicitly enabled ESN on Strongswan the
IPSEC SA is established fine but traffic fails. I mean the ESP packets are
going out from SS to the VPP but traffic is dropped at VPP.
I had sent 1
Hi Neale,
I had not added a proper reverse route (from VPP to SS). After adding the
route, traffic started working fine. Also, the crash was not seen any more
after testing multiple times with reset SA and sending data traffic.
On Mon, Nov 9, 2020 at 3:49 PM Neale Ranns (nranns)
wrote:
>
>
>
93 matches
Mail list logo
