Hi Filip, Your suggestion worked. But I am using VPP with NAT. Is it not possible for ping to work with NAT?
I noticed something. When NAT is set, in addition to vpp to server not working, I am also unable to ping from linux server to vpp box. If I add back: set interface nat44 in loop0 in loop1 set interface nat44 out wan1 linux (10.200.1.1) --> to --> wan1 (vpp) does not work either. Thanks! On Wed, Sep 16, 2020 at 12:35 PM Filip Varga -X (fivarga - PANTHEON TECH SRO at Cisco) <fiva...@cisco.com> wrote: > Hi Pac, > > > > Try removing from your configuration following two lines: > > > > set interface nat44 in loop0 in loop1 > set interface nat44 out wan1 > > > > Now try to ping from linux & vpp. From linux ping vpp wan interface > 10.200.1.7 and from vpp linux host 10.200.1.1 (don’t forget to specify the > source interface, this should be your wan interface in vpp). > > > > # ping <ip-addr> source <interface> > > > > Best regards, > > Filip > > > > *From:* vpp-dev@lists.fd.io <vpp-dev@lists.fd.io> *On Behalf Of *Pac Ette > *Sent:* Wednesday, September 16, 2020 6:14 PM > *To:* Dave Barach (dbarach) <dbar...@cisco.com> > *Cc:* vpp-dev@lists.fd.io > *Subject:* Re: [vpp-dev] ping not able to receive replies on vpp interface > > > > Hi Dave, > > > > I had a suspicion that my configs might be wrong. But, why would packets > go through the NAT plugin when I am pinging from vppctl and directly on the > wan1 port - I was thinking these packets don't need to be NAT-ed. Here are > my configs and testing results. > > > > ## Configs > cat vpp.conf > set interface state wan1 up > set interface state lan3 up > set interface state lan2 up > set interface state lan0 up > > set dhcp client intfc wan1 hostname test-ccB > > loopback create > set interface l2 bridge loop0 1 bvi > set interface ip address loop0 10.90.0.1/16 > set interface state loop0 up > > create tap id 0 host-ip4-addr 10.90.0.2/16 host-if-name lstack1 > set interface l2 bridge tap0 1 > set interface state tap0 up > > loopback create > set interface l2 bridge loop1 2 bvi > set interface ip address loop1 10.100.0.1/16 > set interface state loop1 up > > set interface l2 bridge lan0 2 > set interface l2 bridge lan2 2 > set interface l2 bridge lan3 2 > > create tap id 1 host-ip4-addr 10.100.0.2/16 host-if-name lstack2 > set interface l2 bridge tap1 2 > set interface state tap1 up > > nat44 add interface address wan1 > set interface nat44 in loop0 in loop1 > set interface nat44 out wan1 > ---------------------------------------------------------- > vpp# sh nat44 addresses > NAT44 pool addresses: > 10.200.1.7 > tenant VRF independent > 0 busy other ports > 18 busy udp ports > 0 busy tcp ports > 0 busy icmp ports > NAT44 twice-nat pool addresses: > > vpp# sh nat44 interfaces > NAT44 interfaces: > loop0 in > loop1 in > wan1 out > > vpp# sh dhcp client > [0] wan1 state DHCP_BOUND installed 1 addr 10.200.1.7/24 gw 10.200.1.1 > server 10.200.1.1 dns 8.8.8.8 > > linux stack > $ ip route > default via 10.90.0.1 dev lstack1 > 10.90.0.0/16 dev lstack1 proto kernel scope link src 10.90.0.2 > 10.100.0.0/16 dev lstack2 proto kernel scope link src 10.100.0.2 > ---------------------------------------------------------- > ## Testing > > pings via linux stack works but pings via vppctl do not. > > ping via vppctl: > vpp# ping 10.200.1.1 > Statistics: 5 sent, 0 received, 100% packet loss > > ping via linux stack: > $ ping 10.200.1.1 > PING 10.200.1.1 (10.200.1.1) 56(84) bytes of data. > 64 bytes from 10.200.1.1: icmp_seq=1 ttl=63 time=1.01 ms > 64 bytes from 10.200.1.1: icmp_seq=2 ttl=63 time=0.321 ms > --- 10.200.1.1 ping statistics --- > 2 packets transmitted, 2 received, 0% packet loss, time 1001ms > rtt min/avg/max/mdev = 0.321/0.670/1.019/0.349 ms > > > > Thanks! > > > > On Wed, Sep 16, 2020 at 4:32 AM Dave Barach (dbarach) <dbar...@cisco.com> > wrote: > > The dispatch pcap trace shows that “nat44-ed-out2in-slowpath” drops the > reply. Since the *request* never visits the nat plugin, there is no > translation set up to process the reply. > > > > Please check your configuration. > > > > Dave > > > > *From:* vpp-dev@lists.fd.io <vpp-dev@lists.fd.io> *On Behalf Of *Pac Ette > *Sent:* Tuesday, September 15, 2020 11:40 PM > *To:* vpp-dev@lists.fd.io > *Subject:* [vpp-dev] ping not able to receive replies on vpp interface > > > > Hi folks, > > > > vpp is unable to ping on an interface: > > vpp# ping 10.200.1.1 source wan1 > Statistics: 5 sent, 0 received, 100% packet loss > > > > current setup: > > vpp 20.05 > > > > linux machine (A) <----> vpp machine (B) > > 10.200.1.1 <----> 10.200.1.7 > > > > > > So the server at 10.200.1.1 is replying but vpp is showing 100% packet > loss. > > > > I am also attaching a vpp dispatch pcap file. > > > > Thanks for the help! > > > >
-=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#17426): https://lists.fd.io/g/vpp-dev/message/17426 Mute This Topic: https://lists.fd.io/mt/76880903/21656 Group Owner: vpp-dev+ow...@lists.fd.io Unsubscribe: https://lists.fd.io/g/vpp-dev/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
