Dear Brayan, You should always add a next-hop to a path when IP routing. Answers comments inline.
/neale De : <vpp-dev@lists.fd.io> au nom de brayan ortega <brayan.ortega6...@gmail.com> Date : mercredi 24 juillet 2019 à 11:25 À : "vpp-dev@lists.fd.io" <vpp-dev@lists.fd.io> Objet : [vpp-dev] abf problem with arp Dear VPP Folks, I'm using vpp v19.08-rc0~698-g1f50bf8fc (master branch) and It seems there is a bug when the abf plugin is enabled and configured in my scenario. abf policy is defined as follows: 1- permit packets 2- route to output interface without gateway definition ( via 0.0.0.0 ) 3- attaching it to input interfaces When the abf policy is defined as described, the connected networks to output interfaces will be unreachable. I checked the trace of packets and saw the following. First, an icmp packet is received on input interface. Then arp packet is sent and arp reply is received. But in next icmp packet again this scenario happens while we have an entry for destination ip in arp table. however, arp reply is dropped and "arp-disabled: ARP Disabled on this interface" log is seen in trace output. My vppctl trace output is available here: https://paste.ubuntu.com/p/pB2sh3GxrD/ The following is the ping result from my client: Client 1: ping 30.30.30.2 ( 30.30.30.30 is my router ip address) isn't established. My topology and vpp configuration are attached to this email. If it is needed to set a gateway for abf, Yes. then we can not reach to connected network devices. So I had to set my abf gateway to 0.0.0.0 for connected networks when there is an abf policy for networks which are not connected directly. Are you saying that the ACL you are using in the ABF policy also matches connected devices and so the ABF policy is also used to forward to attached devices? This won’t work for ABF, since ABF runs before the normal IP lookup. So either don’t include connected subnets in the ACL definition, or add a higher priority policy for each of the connected devices with a nexthop of that connected device. The reason this: Ip route 2.0.0.0/8 via 0.0.0.0 Eth0 Kinda (because a router connected to eth0 must have proxy ARP configured for 2/8) works for IP routing, Is that the first packet to say 2.0.0.1 generates an ARP request and the proxying router replies. The ARP response creates an ARP entry for 2.0.0.1 and a FIB entry 2.0.0.01/32 via the proxying router. The next packet through does an LPM and hits the /32, so is forwarded successfully. There’s no such LPM for ABF, so all packets generate ARP requests. Hth, /neale
-=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#13562): https://lists.fd.io/g/vpp-dev/message/13562 Mute This Topic: https://lists.fd.io/mt/32582274/21656 Group Owner: vpp-dev+ow...@lists.fd.io Unsubscribe: https://lists.fd.io/g/vpp-dev/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
