Hi, What’s the conclusion here? What I glean from this long thread is that dot1q based IP subinterfaces do not work with virtio - true? If so, what’s the fix? VPP-507 is asking for setting MAC on IP sub-interface, but that’s a separate item, as it’s not mandatory for IP routing operation.
-Maciek On 10 Mar 2017, at 10:38, Matej Klotton -X (mklotton - PANTHEON TECHNOLOGIES at Cisco) <mklot...@cisco.com<mailto:mklot...@cisco.com>> wrote: Hi John, So I add a sub-interface to a BD 0, the vlan frame is received, but it is also received and processed frames with not local MAC address. vpp# show interface address GigabitEthernet0/4/0 (up): GigabitEthernet0/4/0.10 (up): GigabitEthernet0/4/0.1 (dn): l2 bridge bd_id 0 shg 0 GigabitEthernet0/5/0 (up): 192.168.1.1/24 GigabitEthernet0/6/0 (dn): GigabitEthernet0/7/0 (dn): local0 (dn): I added neighbor entry to arp table and sent packet sendp(iface='ens6', x=Ether(src='02:00:00:00:00:02', dst='02:00:00:00:00:01')/IP(src='10.0.0.1', dst='192.168.1.2')) 00:25:12:769772: dpdk-input GigabitEthernet0/4/0 rx queue 0 buffer 0x4ddc: current data 0, length 34, free-list 0, totlen-nifb 0, trace 0x1 PKT MBUF: port 0, nb_segs 1, pkt_len 34 buf_len 2176, data_len 34, ol_flags 0x0, data_off 128, phys_addr 0x54133600 packet_type 0x0 IP4: 02:00:00:00:00:02 -> 02:00:00:00:00:01 IP6_HOP_BY_HOP_OPTIONS: 10.0.0.1 -> 192.168.1.2 tos 0x00, ttl 64, length 20, checksum 0xaf3e fragment id 0x0001 00:25:12:769783: ethernet-input IP4: 02:00:00:00:00:02 -> 02:00:00:00:00:01 00:25:12:769790: ip4-input IP6_HOP_BY_HOP_OPTIONS: 10.0.0.1 -> 192.168.1.2 tos 0x00, ttl 64, length 20, checksum 0xaf3e fragment id 0x0001 00:25:12:769792: ip4-lookup fib 0 dpo-idx 2 flow hash: 0x00000000 IP6_HOP_BY_HOP_OPTIONS: 10.0.0.1 -> 192.168.1.2 tos 0x00, ttl 64, length 20, checksum 0xaf3e fragment id 0x0001 00:25:12:769798: ip4-rewrite tx_sw_if_index 2 dpo-idx 2 : ipv4 via 192.168.1.2 GigabitEthernet0/5/0: IP4: fa:16:3e:16:91:49 -> 02:11:22:33:44:02 flow hash: 0x00000000 IP4: fa:16:3e:16:91:49 -> 02:11:22:33:44:02 IP6_HOP_BY_HOP_OPTIONS: 10.0.0.1 -> 192.168.1.2 tos 0x00, ttl 63, length 20, checksum 0xb03e fragment id 0x0001 00:25:12:769800: GigabitEthernet0/5/0-output GigabitEthernet0/5/0 IP4: fa:16:3e:16:91:49 -> 02:11:22:33:44:02 IP6_HOP_BY_HOP_OPTIONS: 10.0.0.1 -> 192.168.1.2 tos 0x00, ttl 63, length 20, checksum 0xb03e fragment id 0x0001 00:25:12:769804: GigabitEthernet0/5/0-tx GigabitEthernet0/5/0 tx queue 0 buffer 0x4ddc: current data 0, length 34, free-list 0, totlen-nifb 0, trace 0x1 IP4: fa:16:3e:16:91:49 -> 02:11:22:33:44:02 IP6_HOP_BY_HOP_OPTIONS: 10.0.0.1 -> 192.168.1.2 tos 0x00, ttl 63, length 20, checksum 0xb03e fragment id 0x0001 The L3 interface without an IP address processes and forwards packets. Isn’t it a security issue? I was unable to set a MAC address to sub-if. On http://dpdk.org/doc/guides/nics/virtio.html#features-and-limitations-of-virtio-pmd It says Features of mac/vlan filter are supported, so shouldn’t be driver configured in create_vlan_subif command? Or could we set vlan filter off/on in startup.conf similarly as with vlan-offload? Thanks, Matej.
_______________________________________________ vpp-dev mailing list vpp-dev@lists.fd.io https://lists.fd.io/mailman/listinfo/vpp-dev
