Re: [vpp-dev] issue with ARP and classify packet forwarding #classify
Hi Po, From: on behalf of Po Date: Friday 24 January 2020 at 08:14 To: "vpp-dev@lists.fd.io" Subject: [vpp-dev] issue with ARP and classify packet forwarding #classify Hi, I would like to classify the packet and forward to desired destination - Classify hits the rules - ARP proxy enabled Expect the acl-hits goes to [ip4-arp] then hand over to [memif0/3-output], but end up packet dropped with ip4-arp: no source address for ARP request Any expert may share the what is missing from the debug CLI? Thank you. Po Topology [cid:image001.png@01D5DA83.0547A510] Commands: vpp# create interface memif id 2 slave vpp# create interface memif id 3 slave vpp# set interface state memif0/2 up vpp# set interface state memif0/3 up vpp# classify table mask hex 00ff buckets 16 skip 1 vpp# classify session opaque-index 0 table-index 0 match hex 00060a0a02010a0a0202 action set-ip4-fib-id 100 vpp# classify session opaque-index 1 table-index 0 match hex 00060a0a02010a0a0203 action set-ip4-fib-id 200 vpp# ip route add 10.10.2.2/32 table 100 via memif0/3 vpp# ip route add 10.10.2.0/24 table 100 via memif0/2 vpp# ip route add 10.10.2.0/24 via memif0/2 vpp# set int input acl intfc memif0/2 ip4-table 0 vpp# set int ip address memif0/2 10.10.2.0/24 this is not a valid address in a /24 subnet. Please choose a valid address and see if that works. /neale vpp# set ip arp proxy 10.10.2.1 - 10.10.2.11 vpp# set ip arp fib-id 100 proxy 10.10.2.1 - 10.10.2.11 vpp# set interface proxy-arp memif0/2 enable vpp# set interface proxy-arp memif0/3 enable vpp# vpp# show classify table [6]: heap offset 1200, elts 2, normal 0: [1200]: next_index -1 advance 0 opaque 0 action 1 metadata 1 k: 00060a0a02010a0a0202 hits 3, last_heard 494.07 vpp# show vlib graph ip4-arp Name NextPrevious ip4-arp error-drop [0] nsh-adj-incomplete memif0/3-output [1] lookup-ip4-src lookup-ip4-dst-itf lookup-ip4-dst mpls-adj-incomplete tcp4-output bfd-udp-echo4-input bfd-udp4-input ip4-punt-redirect ip4-load-balance ip4-lookup ip4-classify vpp# show ip fib index 1 ipv4-VRF:100, fib_index:1, flow hash:[src dst sport dport proto ] locks:[src:classify:1, ] 0.0.0.0/0 unicast-ip4-chain [@0]: dpo-load-balance: [proto:ip4 index:9 buckets:1 uRPF:7 to:[0:0]] [0] [@0]: dpo-drop ip4 0.0.0.0/32 unicast-ip4-chain [@0]: dpo-load-balance: [proto:ip4 index:10 buckets:1 uRPF:8 to:[0:0]] [0] [@0]: dpo-drop ip4 10.10.2.0/24 unicast-ip4-chain [@0]: dpo-load-balance: [proto:ip4 index:20 buckets:1 uRPF:18 to:[0:0]] [0] [@4]: ipv4-glean: memif0/2: mtu:9000 02fea803ab310806 10.10.2.0/32 unicast-ip4-chain [@0]: dpo-load-balance: [proto:ip4 index:24 buckets:1 uRPF:22 to:[0:0]] [0] [@2]: dpo-receive 10.10.2.2/32 unicast-ip4-chain [@0]: dpo-load-balance: [proto:ip4 index:19 buckets:1 uRPF:17 to:[3:180]] [0] [@3]: arp-ipv4: via 10.10.2.2 memif0/3 224.0.0.0/4 unicast-ip4-chain [@0]: dpo-load-balance: [proto:ip4 index:12 buckets:1 uRPF:10 to:[0:0]] [0] [@0]: dpo-drop ip4 240.0.0.0/4 unicast-ip4-chain [@0]: dpo-load-balance: [proto:ip4 index:11 buckets:1 uRPF:9 to:[0:0]] [0] [@0]: dpo-drop ip4 255.255.255.255/32 unicast-ip4-chain [@0]: dpo-load-balance: [proto:ip4 index:13 buckets:1 uRPF:11 to:[0:0]] [0] [@0]: dpo-drop ip4 Trace Packet 12 00:08:13:344609: memif-input memif: hw_if_index 1 next-index 4 slot: ring 0 00:08:13:344620: ethernet-input IP4: b2:5f:84:5e:0b:43 -> 02:fe:a8:03:ab:31 00:08:13:344628: ip4-input TCP: 10.10.2.1 -> 10.10.2.2 tos 0x00, ttl 64, length 60, checksum 0xbb1c fragment id 0x6789, flags DONT_FRAGMENT TCP: 59057 -> 12345 seq. 0x692e832e ack 0x flags 0x02 SYN, tcp header: 40 bytes window 29200, checksum 0xf2cc 00:08:13:344634: ip4-inacl INACL: sw_if_index 1, next_index 1, table 0, offset 1200 00:08:13:344639: ip4-lookup fib 1 dpo-idx 0 flow hash: 0x TCP: 10.10.2.1 -> 10.10.2.2 tos 0x00, ttl 64, length 60, checksum 0xbb1c fragment id 0x678
Re: [vpp-dev] issue with ARP and classify packet forwarding #classify
Hi Po, Could you ensure the memifs and the ACLs u have configured are consistent with the tables you have. Are all under 100? -- Regards, Balaji. From: on behalf of Po Date: Thursday, January 23, 2020 at 11:14 PM To: "vpp-dev@lists.fd.io" Subject: [vpp-dev] issue with ARP and classify packet forwarding #classify Hi, I would like to classify the packet and forward to desired destination - Classify hits the rules - ARP proxy enabled Expect the acl-hits goes to [ip4-arp] then hand over to [memif0/3-output], but end up packet dropped with ip4-arp: no source address for ARP request Any expert may share the what is missing from the debug CLI? Thank you. Po Topology [cid:attach_0_15ECC1408F99A7F7_12230@lists.fd.io] Commands: vpp# create interface memif id 2 slave vpp# create interface memif id 3 slave vpp# set interface state memif0/2 up vpp# set interface state memif0/3 up vpp# classify table mask hex 00ff buckets 16 skip 1 vpp# classify session opaque-index 0 table-index 0 match hex 00060a0a02010a0a0202 action set-ip4-fib-id 100 vpp# classify session opaque-index 1 table-index 0 match hex 00060a0a02010a0a0203 action set-ip4-fib-id 200 vpp# ip route add 10.10.2.2/32 table 100 via memif0/3 vpp# ip route add 10.10.2.0/24 table 100 via memif0/2 vpp# ip route add 10.10.2.0/24 via memif0/2 vpp# set int input acl intfc memif0/2 ip4-table 0 vpp# set int ip address memif0/2 10.10.2.0/24 vpp# set ip arp proxy 10.10.2.1 - 10.10.2.11 vpp# set ip arp fib-id 100 proxy 10.10.2.1 - 10.10.2.11 vpp# set interface proxy-arp memif0/2 enable vpp# set interface proxy-arp memif0/3 enable vpp# vpp# show classify table [6]: heap offset 1200, elts 2, normal 0: [1200]: next_index -1 advance 0 opaque 0 action 1 metadata 1 k: 00060a0a02010a0a0202 hits 3, last_heard 494.07 vpp# show vlib graph ip4-arp Name NextPrevious ip4-arp error-drop [0] nsh-adj-incomplete memif0/3-output [1] lookup-ip4-src lookup-ip4-dst-itf lookup-ip4-dst mpls-adj-incomplete tcp4-output bfd-udp-echo4-input bfd-udp4-input ip4-punt-redirect ip4-load-balance ip4-lookup ip4-classify vpp# show ip fib index 1 ipv4-VRF:100, fib_index:1, flow hash:[src dst sport dport proto ] locks:[src:classify:1, ] 0.0.0.0/0 unicast-ip4-chain [@0]: dpo-load-balance: [proto:ip4 index:9 buckets:1 uRPF:7 to:[0:0]] [0] [@0]: dpo-drop ip4 0.0.0.0/32 unicast-ip4-chain [@0]: dpo-load-balance: [proto:ip4 index:10 buckets:1 uRPF:8 to:[0:0]] [0] [@0]: dpo-drop ip4 10.10.2.0/24 unicast-ip4-chain [@0]: dpo-load-balance: [proto:ip4 index:20 buckets:1 uRPF:18 to:[0:0]] [0] [@4]: ipv4-glean: memif0/2: mtu:9000 02fea803ab310806 10.10.2.0/32 unicast-ip4-chain [@0]: dpo-load-balance: [proto:ip4 index:24 buckets:1 uRPF:22 to:[0:0]] [0] [@2]: dpo-receive 10.10.2.2/32 unicast-ip4-chain [@0]: dpo-load-balance: [proto:ip4 index:19 buckets:1 uRPF:17 to:[3:180]] [0] [@3]: arp-ipv4: via 10.10.2.2 memif0/3 224.0.0.0/4 unicast-ip4-chain [@0]: dpo-load-balance: [proto:ip4 index:12 buckets:1 uRPF:10 to:[0:0]] [0] [@0]: dpo-drop ip4 240.0.0.0/4 unicast-ip4-chain [@0]: dpo-load-balance: [proto:ip4 index:11 buckets:1 uRPF:9 to:[0:0]] [0] [@0]: dpo-drop ip4 255.255.255.255/32 unicast-ip4-chain [@0]: dpo-load-balance: [proto:ip4 index:13 buckets:1 uRPF:11 to:[0:0]] [0] [@0]: dpo-drop ip4 Trace Packet 12 00:08:13:344609: memif-input memif: hw_if_index 1 next-index 4 slot: ring 0 00:08:13:344620: ethernet-input IP4: b2:5f:84:5e:0b:43 -> 02:fe:a8:03:ab:31 00:08:13:344628: ip4-input TCP: 10.10.2.1 -> 10.10.2.2 tos 0x00, ttl 64, length 60, checksum 0xbb1c fragment id 0x6789, flags DONT_FRAGMENT TCP: 59057 -> 12345 seq. 0x692e832e ack 0x flags 0x02 SYN, tcp header: 40 bytes window 29200, checksum 0xf2cc 00:08:13:344634: ip4-inacl INACL: sw_if_index 1, next_index 1, table 0, offset 1200 00:08:13:344639: ip4-lookup fib 1 dpo-idx 0 flow hash: 0x TCP: 10.10.2.1 -> 10.10.2.2 tos 0x00, ttl 6
[vpp-dev] issue with ARP and classify packet forwarding #classify
Hi, I would like to classify the packet and forward to desired destination - Classify hits the rules - ARP proxy enabled Expect the acl-hits goes to [ip4-arp] then hand over to [memif0/3-output], but end up packet dropped with ip4-arp: no source address for ARP request Any expert may share the what is missing from the debug CLI? Thank you. Po *Topology* *Commands :* vpp# create interface memif id 2 slave vpp# create interface memif id 3 slave vpp# set interface state memif0/2 up vpp# set interface state memif0/3 up vpp# classify table mask hex 00ff buckets 16 skip 1 vpp# classify session opaque-index 0 table-index 0 match hex 00060a0a02010a0a0202 action set-ip4-fib-id 100 vpp# classify session opaque-index 1 table-index 0 match hex 00060a0a02010a0a0203 action set-ip4-fib-id 200 vpp# ip route add 10.10.2.2/32 table 100 via memif0/3 vpp# ip route add 10.10.2.0/24 table 100 via memif0/2 vpp# ip route add 10.10.2.0/24 via memif0/2 vpp# set int input acl intfc memif0/2 ip4-table 0 vpp# set int ip address memif0/2 10.10.2.0/24 vpp# set ip arp proxy 10.10.2.1 - 10.10.2.11 vpp# set ip arp fib-id 100 proxy 10.10.2.1 - 10.10.2.11 vpp# set interface proxy-arp memif0/2 enable vpp# set interface proxy-arp memif0/3 enable vpp# ** *vpp# show classify table* [6]: heap offset 1200, elts 2, normal 0: [1200]: next_index -1 advance 0 opaque 0 action 1 metadata 1 k: 00060a0a02010a0a0202 *hits 3* , last_heard 494.07 vpp# show vlib graph ip4-arp Name Next Previous ip4-arp error-drop [0] nsh-adj-incomplete memif0/3-output [1] lookup-ip4-src lookup-ip4-dst-itf lookup-ip4-dst mpls-adj-incomplete tcp4-output bfd-udp-echo4-input bfd-udp4-input ip4-punt-redirect ip4-load-balance ip4-lookup ip4-classify *vpp# show ip fib index 1* ipv4-VRF:100, fib_index:1, flow hash:[src dst sport dport proto ] locks:[src:classify:1, ] 0.0.0.0/0 unicast-ip4-chain [@0]: dpo-load-balance: [proto:ip4 index:9 buckets:1 uRPF:7 to:[0:0]] [0] [@0]: dpo-drop ip4 0.0.0.0/32 unicast-ip4-chain [@0]: dpo-load-balance: [proto:ip4 index:10 buckets:1 uRPF:8 to:[0:0]] [0] [@0]: dpo-drop ip4 10.10.2.0/24 unicast-ip4-chain [@0]: dpo-load-balance: [proto:ip4 index:20 buckets:1 uRPF:18 to:[0:0]] [0] [@4]: ipv4-glean: memif0/2: mtu:9000 02fea803ab310806 10.10.2.0/32 unicast-ip4-chain [@0]: dpo-load-balance: [proto:ip4 index:24 buckets:1 uRPF:22 to:[0:0]] [0] [@2]: dpo-receive 10.10.2.2/32 unicast-ip4-chain [@0]: dpo-load-balance: [proto:ip4 index:19 buckets:1 uRPF:17 to:[3:180]] [0] [@3]: arp-ipv4: via 10.10.2.2 memif0/3 224.0.0.0/4 unicast-ip4-chain [@0]: dpo-load-balance: [proto:ip4 index:12 buckets:1 uRPF:10 to:[0:0]] [0] [@0]: dpo-drop ip4 240.0.0.0/4 unicast-ip4-chain [@0]: dpo-load-balance: [proto:ip4 index:11 buckets:1 uRPF:9 to:[0:0]] [0] [@0]: dpo-drop ip4 255.255.255.255/32 unicast-ip4-chain [@0]: dpo-load-balance: [proto:ip4 index:13 buckets:1 uRPF:11 to:[0:0]] [0] [@0]: dpo-drop ip4 * Trace* Packet 12 00:08:13:344609: memif-input memif: hw_if_index 1 next-index 4 slot: ring 0 00:08:13:344620: ethernet-input IP4: b2:5f:84:5e:0b:43 -> 02:fe:a8:03:ab:31 00:08:13:344628: ip4-input TCP: 10.10.2.1 -> 10.10.2.2 tos 0x00, ttl 64, length 60, checksum 0xbb1c fragment id 0x6789, flags DONT_FRAGMENT TCP: 59057 -> 12345 seq. 0x692e832e ack 0x flags 0x02 SYN, tcp header: 40 bytes window 29200, checksum 0xf2cc 00:08:13:344634: ip4-inacl INACL: sw_if_index 1, next_index 1, table 0, offset 1200 00:08:13:344639: ip4-lookup *fib 1* dpo-idx 0 flow hash: 0x TCP: 10.10.2.1 -> 10.10.2.2 tos 0x00, ttl 64, length 60, checksum 0xbb1c fragment id 0x6789, flags DONT_FRAGMENT TCP: 59057 -> 12345 seq. 0x692e832e ack 0x flags 0x02 SYN, tcp header: 40 bytes window 29200, checksum 0xf2cc *00:08:13:344643: ip4-arp* TCP: 10.10.2.1 -> 10.10.2.2 tos 0x00, ttl 64, length 60, checksum 0xbb1c fragment id 0x6789, flags DONT_FRAGMENT TCP: 59057 -> 12345 seq. 0x692e832e ack 0x flags 0x02 SYN, tcp header: 40 bytes window 29200, checksum 0xf2cc *00:08:13:344647: error-drop* rx:memif0/2 00:08:13:344649: drop *ip4-arp: no source address for ARP request* -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#15242): https://lists.fd.io/g/vpp-dev/message/15242 Mute This Topic: https://lists.fd.io/mt/70065120/21656 Mute #classify: https://lists.fd.io/mk?hashtag=classify=1480452 Group Owner: vpp-dev+ow...@lists.fd.io Unsubscribe: https://lists.fd.io/g/vpp-dev/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
