Another solution is to redirect the traffic from punt node to your feature node. Here you can match on packets of interest and send them to interfere output node.
Thanks, Rajith On Sat 9 May, 2020, 3:43 PM Mrityunjay Kumar, <kumarn...@gmail.com> wrote: > which vpp version are you heading? If you r using 19.05 or less, you can > create ipsec tunnel, and route your packet to ipsec0 interface, > > create ipsec tunnel local-ip <x.x.x.x> local-spi 1111 remote-ip <y.y.y.y> > remote-spi 2222 > set interface ipsec key ipsec0 local crypto aes-gcm-128 > 2b7e151628aed2a6abf7158809cf4f3d > set interface ipsec key ipsec0 remote crypto aes-gcm-128 > 2b7e151628aed2a6abf7158809cf4f3d > set interface state ipsec0 up > set interface unnumbered ipsec0 use <interface_name: src tunnel interface> > ip route add 192.168.200.10/24 via ipsec0 > > if your are using >= 19.08, best practice, you can create policy based > tunnel. > > ipsec policy add spd 1 priority 100 inbound action bypass protocol 50 > ipsec policy add spd 1 priority 100 outbound action bypass protocol 50 > ipsec policy add spd 1 outbound action bypass local-ip-range > 10.168.4.0-10.168.4.255 remote-ip-range 10.168.2.0-10.168.2.255 > ipsec sa add 10 spi 3391172682 esp crypto-alg aes-gcm-256 crypto-key > 523a88fa4ad8c0325d75c933d9e567c23879ea701355207551bc2cf7d963c3dac8dcdca2 > tunnel-src 10.168.2.4 tunnel-dst 10.168.4.11 > ipsec sa add 20 spi 3443809241 esp crypto-alg aes-gcm-256 crypto-key > 6062e3e9a9d578f58527242e9fbd48aeef7a0f8b4adc4569e7a84cda19c14ae21aa0a2b4 > tunnel-src 10.168.4.11 tunnel-dst 10.168.2.4 > ipsec policy add spd 1 priority 10 inbound action protect sa 10 > local-ip-range 10.168.3.11 - 10.168.3.11 remote-ip-range 10.168.2.4 - > 10.168.2.4 > ipsec policy add spd 1 priority 10 outbound action protect sa 20 > local-ip-range 10.168.3.11 - 10.168.3.11 remote-ip-range 10.168.2.4 - > 10.168.2.4 > > > > cheers! enjoy > //MJ > > > > *Regards*, > Mrityunjay Kumar. > Mobile: +91 - 9731528504 > > > > On Sat, May 9, 2020 at 12:16 PM <comeon...@outlook.com> wrote: > >> Hi VPP hackers, >> My program and vpp communicate through the memif interface. >> I want to make vpp match specific packets(such as ospf packet), and then >> redirect to the outbound direction of the memif interface. >> >> I don't know how to match a specific packet to the outbound direction of >> a specified interface. >> >> Can someone provide an example of configuration. >> Thanks in advance! >> >> >
-=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#16294): https://lists.fd.io/g/vpp-dev/message/16294 Mute This Topic: https://lists.fd.io/mt/74091305/21656 Mute #vpp: https://lists.fd.io/mk?hashtag=vpp&subid=1480452 Group Owner: vpp-dev+ow...@lists.fd.io Unsubscribe: https://lists.fd.io/g/vpp-dev/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
