Hi Neale,
I found a solution recently, create a virtual interface by
VNET_HW_INTERFACE_CLASS (svti_hw_class), and add route like this:
vpp# show interface
Name Idx State MTU (L3/IP4/IP6/MPLS)
Counter Count
GigabitEthernet0/a/0 1 up 9000/0/0/0 rx packets
1058
rx bytes
59654
tx packets
7
tx bytes
530
drops
879
ip4
174
ip6
5
GigabitEthernet0/b/0 2 up 9000/0/0/0 rx packets
1053
rx bytes
59304
tx packets
7
tx bytes
530
drops
876
ip4
174
ip6
2
local0 0 down 0/0/0/0
svti 3 up 0/0/0/0
vpp# ip route add 173.2.0.0/24 via svti
Best Rregards
Dave
________________________________
发件人: Neale Ranns (nranns) <nra...@cisco.com>
发送时间: 2019年8月27日 15:18
收件人: shi dave <dave....@outlook.com>; vpp-dev@lists.fd.io <vpp-dev@lists.fd.io>
主题: Re: [vpp-dev] Add ip route without next-hop-address
Hi Dave,
As with all IP routing, you need to configure the route with the nexthop on
that interface’s subnet.
So :
Ip route 173.2.0.0/24 via <NH_ON_GIGE> GigEthx/y/z
Rather than
Ip route 173.2.0.0/24 via <TUNNE L_ENDPOINT> GigEthx/y/z
/neale
From: shi dave <dave....@outlook.com>
Date: Friday 23 August 2019 at 09:36
To: "Neale Ranns (nranns)" <nra...@cisco.com>, "vpp-dev@lists.fd.io"
<vpp-dev@lists.fd.io>
Subject: [vpp-dev] Add ip route without next-hop-address
Hi Neale,
that's my desired flow, the actual flow is
00:04:08:057376: dpdk-input
GigabitEthernet0/b/0 rx queue 0
buffer 0xcc2f: current data 0, length 98, free-list 0, clone-count 0,
totlen-nifb 0, trace 0x3
ext-hdr-valid
l4-cksum-computed l4-cksum-correct
PKT MBUF: port 1, nb_segs 1, pkt_len 98
buf_len 2176, data_len 98, ol_flags 0x0, data_off 128, phys_addr 0x55330c40
packet_type 0x0 l2_len 0 l3_len 0 outer_l2_len 0 outer_l3_len 0
rss 0x0 fdir.hi 0x0 fdir.lo 0x0
IP4: 52:54:00:ce:64:f0 -> 52:54:00:e7:2a:c5
ICMP: 173.10.10.10 -> 173.2.0.1
tos 0x00, ttl 64, length 84, checksum 0x5683
fragment id 0xc00e
ICMP echo_reply checksum 0x15c2
00:04:08:057383: ethernet-input
frame: flags 0x1, hw-if-index 2, sw-if-index 2
IP4: 52:54:00:ce:64:f0 -> 52:54:00:e7:2a:c5
00:04:08:057386: ip4-input
ICMP: 173.10.10.10 -> 173.2.0.1
tos 0x00, ttl 64, length 84, checksum 0x5683
fragment id 0xc00e
ICMP echo_reply checksum 0x15c2
00:04:08:057397: ip4-lookup
fib 0 dpo-idx 0 flow hash: 0x00000000
ICMP: 173.10.10.10 -> 173.2.0.1
tos 0x00, ttl 64, length 84, checksum 0x5683
fragment id 0xc00e
ICMP echo_reply checksum 0x15c2
00:04:08:057416: ip4-glean
ICMP: 173.10.10.10 -> 173.2.0.1
tos 0x00, ttl 64, length 84, checksum 0x5683
fragment id 0xc00e
ICMP echo_reply checksum 0x15c2
00:04:08:057645: GigabitEthernet0/a/0-output
GigabitEthernet0/a/0
ARP: 52:54:00:90:bc:7e -> ff:ff:ff:ff:ff:ff
00:04:08:057651: error-drop
ip4-glean: ARP requests sent
from the trace, it need the mac of 173.2.0.1, then the packet could be routed
to GigabitEthernet0/a/0. I don't want this ARP request, the 173.2.0.1 is a
inner ip, VPP may could not get that ARP response.
Best Rregards
Dave
________________________________
发件人: Neale Ranns (nranns) <nra...@cisco.com>
发送时间: 2019年8月23日 15:18
收件人: shi dave <dave....@outlook.com>; vpp-dev@lists.fd.io <vpp-dev@lists.fd.io>
主题: Re: 回复: 回复: 回复: [vpp-dev] Add ip route without next-hop-address
Hi Dave,
That flow would suggest the packet was correctly sent out of GigEth0/a/0 with
the destination MAC of 172.16.3.1. was that not the case? Or was that your
desired flow not the actual?
/neale
De : shi dave <dave....@outlook.com>
Date : vendredi 23 août 2019 à 09:11
À : "Neale Ranns (nranns)" <nra...@cisco.com>, "vpp-dev@lists.fd.io"
<vpp-dev@lists.fd.io>
Objet : 回复: 回复: 回复: [vpp-dev] Add ip route without next-hop-address
Hi Neale,
sorry, clerical error, the flow is
dpdk-input
ip4-input (GigabitEthernet0/b/0)
ip4-lookup
ip4-rewrite (GigabitEthernet0/a/0)
ipsec-output-ip4
dpdk-esp-encrypt
dpdk-crypto-input
ip4-lookup (dst 172.16.3.1)
ip4-rewrite (GigabitEthernet0/a/0)
ipsec-output-ip4 (by pass)
Best Rregards
Dave
________________________________
发件人: vpp-dev@lists.fd.io <vpp-dev@lists.fd.io> 代表 shi dave
<dave....@outlook.com>
发送时间: 2019年8月23日 15:03
收件人: Neale Ranns (nranns) <nra...@cisco.com>; vpp-dev@lists.fd.io
<vpp-dev@lists.fd.io>
主题: 回复: 回复: [vpp-dev] Add ip route without next-hop-address
Hi Neale,
When routing to GigabitEthernet0/a/0, it could run into ipsec-output-ip4, then
the packet will be added a ipsec tunnel ip (src 172.16.3.15, dst 172.16.3.1),
so the destination MAC is the mac of 172.16.3.1
the flow is like:
dpdk-input
ip4-input (GigabitEthernet0/b/0)
ip4-lookup
ip4-rewrite (GigabitEthernet0/b/0)
ipsec-output-ip4
dpdk-esp-encrypt
dpdk-crypto-input
ip4-lookup (dst 172.16.3.1)
ip4-rewrite (GigabitEthernet0/b/0)
ipsec-output-ip4 (by pass)
Best Rregards
Dave
________________________________
发件人: Neale Ranns (nranns) <nra...@cisco.com>
发送时间: 2019年8月23日 14:53
收件人: shi dave <dave....@outlook.com>; vpp-dev@lists.fd.io <vpp-dev@lists.fd.io>
主题: Re: 回复: [vpp-dev] Add ip route without next-hop-address
Hi Dave,
When routing to GigabitEthernet0/a/0 what destination MAC address should the
packet have?
/neale
De : shi dave <dave....@outlook.com>
Date : vendredi 23 août 2019 à 05:01
À : "Neale Ranns (nranns)" <nra...@cisco.com>, "vpp-dev@lists.fd.io"
<vpp-dev@lists.fd.io>
Objet : 回复: [vpp-dev] Add ip route without next-hop-address
Hi Neale,
yes, it's a correct behavior for VPP ARP for 173.2.0.1, but in my case,
173.2.0.1 is a inner ip(src 173.10.10.10, dst 173.2.0.1), the outer ip is IPSEC
tunnel ip(src 172.16.3.15, dst 172.16.3.1), so that's no sense to get the mac
of 173.2.0.1.
so is there have any method to route the packet from GigabitEthernet0/b/0 to
GigabitEthernet0/a/0, without send any ARP request?
Best Rregards
Dave
________________________________
发件人: Neale Ranns (nranns) <nra...@cisco.com>
发送时间: 2019年8月22日 22:03
收件人: shi dave <dave....@outlook.com>; vpp-dev@lists.fd.io <vpp-dev@lists.fd.io>
主题: Re: [vpp-dev] Add ip route without next-hop-address
Hi Dave,
but from the trace, it send a ARP request to ask 173.2.0.1 directly
ip4-lookup -> ip4-glean -> GigabitEthernet0/a/0-output -> ip4-glean: ARP
requests sent
how could I avoid this ARP request, like ?
ip4-lookup -> ip4-rewrite (GigabitEthernet0/a/0) -> ipsec-output-ip4
VPP is ARPing for 173.2.0.1. What do you want it to do instead?
neale
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#13925): https://lists.fd.io/g/vpp-dev/message/13925
Mute This Topic: https://lists.fd.io/mt/34078149/21656
Group Owner: vpp-dev+ow...@lists.fd.io
Unsubscribe: https://lists.fd.io/g/vpp-dev/unsub [arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-
