Re: 回复: 回复: 回复: [vpp-dev] Add ip route without next-hop-address

2019-08-23 Thread Neale Ranns via Lists.Fd.Io 

Hi Dave,

That flow would suggest the packet was correctly sent out of GigEth0/a/0 with 
the destination MAC of 172.16.3.1. was that not the case? Or was that your 
desired flow not the actual?

/neale

De : shi dave 
Date : vendredi 23 août 2019 à 09:11
À : "Neale Ranns (nranns)" , "vpp-dev@lists.fd.io" 

Objet : 回复: 回复: 回复: [vpp-dev] Add ip route without next-hop-address


Hi Neale,

sorry, clerical error, the flow is

dpdk-input
ip4-input (GigabitEthernet0/b/0)
ip4-lookup
ip4-rewrite (GigabitEthernet0/a/0)
ipsec-output-ip4
dpdk-esp-encrypt
dpdk-crypto-input
ip4-lookup (dst 172.16.3.1)
ip4-rewrite (GigabitEthernet0/a/0)
ipsec-output-ip4 (by pass)


Best Rregards

Dave


发件人: vpp-dev@lists.fd.io  代表 shi dave 

发送时间: 2019年8月23日 15:03
收件人: Neale Ranns (nranns) ; vpp-dev@lists.fd.io 

主题: 回复: 回复: [vpp-dev] Add ip route without next-hop-address

Hi Neale,

When routing to GigabitEthernet0/a/0, it could run into ipsec-output-ip4, then 
the packet will be added a ipsec tunnel ip (src 172.16.3.15, dst 172.16.3.1), 
so the destination MAC is the mac of 172.16.3.1

the flow is like:
dpdk-input
ip4-input (GigabitEthernet0/b/0)
ip4-lookup
ip4-rewrite (GigabitEthernet0/b/0)
ipsec-output-ip4
dpdk-esp-encrypt
dpdk-crypto-input
ip4-lookup (dst 172.16.3.1)
ip4-rewrite (GigabitEthernet0/b/0)
ipsec-output-ip4 (by pass)


Best Rregards

Dave


发件人: Neale Ranns (nranns) 
发送时间: 2019年8月23日 14:53
收件人: shi dave ; vpp-dev@lists.fd.io 
主题: Re: 回复: [vpp-dev] Add ip route without next-hop-address


Hi Dave,



When routing to GigabitEthernet0/a/0 what destination MAC address should the 
packet have?



/neale





De : shi dave 
Date : vendredi 23 août 2019 à 05:01
À : "Neale Ranns (nranns)" , "vpp-dev@lists.fd.io" 

Objet : 回复: [vpp-dev] Add ip route without next-hop-address



Hi Neale,



yes, it's a correct behavior for VPP ARP for 173.2.0.1, but in my case, 
173.2.0.1 is a inner ip(src 173.10.10.10, dst 173.2.0.1), the outer ip is IPSEC 
tunnel ip(src 172.16.3.15, dst 172.16.3.1), so that's no sense to get the mac 
of 173.2.0.1.



so is there have any method to route the packet from GigabitEthernet0/b/0 to 
GigabitEthernet0/a/0, without send any ARP request?



Best Rregards

Dave



发件人: Neale Ranns (nranns) 
发送时间: 2019年8月22日 22:03
收件人: shi dave ; vpp-dev@lists.fd.io 
主题: Re: [vpp-dev] Add ip route without next-hop-address





Hi Dave,



but from the trace, it send a ARP request to ask 173.2.0.1 directly

ip4-lookup -> ip4-glean -> GigabitEthernet0/a/0-output -> ip4-glean: ARP 
requests sent

how could I avoid this ARP request, like ?
ip4-lookup -> ip4-rewrite (GigabitEthernet0/a/0) -> ipsec-output-ip4



VPP is ARPing for 173.2.0.1. What do you want it to do instead?



neale
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.

View/Reply Online (#13830): https://lists.fd.io/g/vpp-dev/message/13830
Mute This Topic: https://lists.fd.io/mt/32998559/21656
Group Owner: vpp-dev+ow...@lists.fd.io
Unsubscribe: https://lists.fd.io/g/vpp-dev/unsub  [arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

回复: 回复: 回复: [vpp-dev] Add ip route without next-hop-address

2019-08-23 Thread shi dave 

Hi Neale,


sorry, clerical error, the flow is

dpdk-input
ip4-input (GigabitEthernet0/b/0)
ip4-lookup
ip4-rewrite (GigabitEthernet0/a/0)
ipsec-output-ip4
dpdk-esp-encrypt
dpdk-crypto-input
ip4-lookup (dst 172.16.3.1)
ip4-rewrite (GigabitEthernet0/a/0)
ipsec-output-ip4 (by pass)


Best Rregards

Dave


发件人: vpp-dev@lists.fd.io  代表 shi dave 

发送时间: 2019年8月23日 15:03
收件人: Neale Ranns (nranns) ; vpp-dev@lists.fd.io 

主题: 回复: 回复: [vpp-dev] Add ip route without next-hop-address

Hi Neale,

When routing to GigabitEthernet0/a/0, it could run into ipsec-output-ip4, then 
the packet will be added a ipsec tunnel ip (src 172.16.3.15, dst 172.16.3.1), 
so the destination MAC is the mac of 172.16.3.1

the flow is like:

dpdk-input
ip4-input (GigabitEthernet0/b/0)
ip4-lookup
ip4-rewrite (GigabitEthernet0/b/0)
ipsec-output-ip4
dpdk-esp-encrypt
dpdk-crypto-input
ip4-lookup (dst 172.16.3.1)
ip4-rewrite (GigabitEthernet0/b/0)
ipsec-output-ip4 (by pass)


Best Rregards

Dave


发件人: Neale Ranns (nranns) 
发送时间: 2019年8月23日 14:53
收件人: shi dave ; vpp-dev@lists.fd.io 
主题: Re: 回复: [vpp-dev] Add ip route without next-hop-address


Hi Dave,



When routing to GigabitEthernet0/a/0 what destination MAC address should the 
packet have?



/neale





De : shi dave 
Date : vendredi 23 août 2019 à 05:01
À : "Neale Ranns (nranns)" , "vpp-dev@lists.fd.io" 

Objet : 回复: [vpp-dev] Add ip route without next-hop-address



Hi Neale,



yes, it's a correct behavior for VPP ARP for 173.2.0.1, but in my case, 
173.2.0.1 is a inner ip(src 173.10.10.10, dst 173.2.0.1), the outer ip is IPSEC 
tunnel ip(src 172.16.3.15, dst 172.16.3.1), so that's no sense to get the mac 
of 173.2.0.1.



so is there have any method to route the packet from GigabitEthernet0/b/0 to 
GigabitEthernet0/a/0, without send any ARP request?



Best Rregards

Dave



发件人: Neale Ranns (nranns) 
发送时间: 2019年8月22日 22:03
收件人: shi dave ; vpp-dev@lists.fd.io 
主题: Re: [vpp-dev] Add ip route without next-hop-address





Hi Dave,



but from the trace, it send a ARP request to ask 173.2.0.1 directly

ip4-lookup -> ip4-glean -> GigabitEthernet0/a/0-output -> ip4-glean: ARP 
requests sent

how could I avoid this ARP request, like ?
ip4-lookup -> ip4-rewrite (GigabitEthernet0/a/0) -> ipsec-output-ip4



VPP is ARPing for 173.2.0.1. What do you want it to do instead?



neale
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.

View/Reply Online (#13829): https://lists.fd.io/g/vpp-dev/message/13829
Mute This Topic: https://lists.fd.io/mt/32998559/21656
Group Owner: vpp-dev+ow...@lists.fd.io
Unsubscribe: https://lists.fd.io/g/vpp-dev/unsub  [arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-