Hi All,
Am currently working on supporting the multipoint ipsec interface(p2mp)
feature on our product.
Issue is that packets are sent out without being encrypted.
Packets are taking following graph nodes path "tcp4-output --->
ipv4-lookup--->ip4-midchain---> adj-midchain-tx"
But i want my packets to take "tcp4-output --->
ipv4-lookup--->ip4-midchain---> esp4_encrypt_tun-->"
Below is the fib entry,
=======================
inner packet destination = 44.44.44.44
outer packet(tunnel) destination = 20.20.99.215
44.44.44.44/32
unicast-ip4-chain
[@0]: dpo-load-balance: [proto:ip4 index:14 buckets:1 uRPF:16 to:[12:720]]
[0] [@6]: ipv4 via 44.44.44.44 ipip0: mtu:9000 next:12
45000000000000004004626f50505050141463d7
stacked-on entry:13:
[@2]: dpo-load-balance: [proto:ip4 index:15 buckets:1 uRPF:19
to:[6:1324] via:[12:960]]
[0] [@5]: ipv4 via 20.20.99.215 VirtualFuncEthernet0/7/0.1556:
mtu:1500 next:11 fa163e4b6b42fa163eeb7f86810006140800
vpp# show adj nbr
[@16] ipv4 via 44.44.44.44 ipip0: mtu:9000 next:12
45000000000000004004626f50505050141463d7
stacked-on entry:13:
[@2]: dpo-load-balance: [proto:ip4 index:15 buckets:1 uRPF:19
to:[8:1540] via:[15:1200]]
[0] [@5]: ipv4 via 20.20.99.215 VirtualFuncEthernet0/7/0.1556:
mtu:1500 next:11 fa163e4b6b42fa163eeb7f86810006140800
ipsec protect output.
====================
vpp# show ipsec protect
ipip0: 20.20.99.215
output-sa:
[0] sa 68092 (0x109fc) spi 3249629366 (0xc1b168b6) protocol:esp
flags:[anti-replay ]
input-sa:
[1] sa 68093 (0x109fd) spi 12413 (0x0000307d) protocol:esp
flags:[anti-replay inbound ]
Can you please point out any basic issue with my routing or any issue here?
Thanks,
Sagar
--
Regards,
sagar g
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#20859): https://lists.fd.io/g/vpp-dev/message/20859
Mute This Topic: https://lists.fd.io/mt/89069167/21656
Group Owner: vpp-dev+ow...@lists.fd.io
Unsubscribe: https://lists.fd.io/g/vpp-dev/unsub [arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-
