Re: [vpp-dev] ARP resolution from non-connected IP
Hi Murty, ARP works the same way even when using MH-BGP :) Your peer is not directly connected, therefore you ARP for the nexthop, that's the target address. The source address comes from the interface on which the nexthop is attached, I.e the one on which the ARP is sent. this is not the loopback (no peers are ever attached to a loopback). The source address is therefore the one applied to the physical interface through which the nexthop is attached, hence to the receiving peer it is always an address within the interface's connected subnet. I would suggest you experiment with how you are adding the static route to see if it changes the way the ARPs are generated. /neale tpyed by my fat tumhbs From: vpp-dev@lists.fd.io on behalf of Satya Murthy Sent: Friday, August 21, 2020 7:52:28 AM To: vpp-dev@lists.fd.io Subject: Re: [vpp-dev] ARP resolution from non-connected IP Neale /Ben, We already have a static route to reach the peer. Even after that, we are getting this error. And this error is as per the VPP's ARP code. It's not allowing the ARP-REQUEST from a non-connected source IP. If we dont know allow this, I am not 100% sure how multihop-BGP peering kind of scenarios really work. In MH-BGP, the peer will be running on a loopback address and will try to reach a peer loopback. In this scenario, the ARP request can have the BGP-loopback address as the source address. How will it really work ? Any inputs pls. -- Thanks & Regards, Murthy -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#17279): https://lists.fd.io/g/vpp-dev/message/17279 Mute This Topic: https://lists.fd.io/mt/76285682/21656 Group Owner: vpp-dev+ow...@lists.fd.io Unsubscribe: https://lists.fd.io/g/vpp-dev/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
Re: [vpp-dev] ARP resolution from non-connected IP
Satya, > We already have a static route to reach the peer. Even after that, we are > getting this error. > And this error is as per the VPP's ARP code. It's not allowing the > ARP-REQUEST from a non-connected source IP. > > If we dont know allow this, I am not 100% sure how multihop-BGP peering kind > of scenarios really work. > In MH-BGP, the peer will be running on a loopback address and will try to > reach a peer loopback. > In this scenario, the ARP request can have the BGP-loopback address as the > source address. > > How will it really work ? > Any inputs pls. While I'm a big fan of giving people enough rope (and relegating sanity checks to the CP)... tradtionally (and correctly) this is done with routing. Best regards, Ole-=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#17278): https://lists.fd.io/g/vpp-dev/message/17278 Mute This Topic: https://lists.fd.io/mt/76285682/21656 Group Owner: vpp-dev+ow...@lists.fd.io Unsubscribe: https://lists.fd.io/g/vpp-dev/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
Re: [vpp-dev] ARP resolution from non-connected IP
Neale /Ben, We already have a static route to reach the peer. Even after that, we are getting this error. And this error is as per the VPP's ARP code. It's not allowing the ARP-REQUEST from a non-connected source IP. If we dont know allow this, I am not 100% sure how multihop-BGP peering kind of scenarios really work. In MH-BGP, the peer will be running on a loopback address and will try to reach a peer loopback. In this scenario, the ARP request can have the BGP-loopback address as the source address. How will it really work ? Any inputs pls. -- Thanks & Regards, Murthy -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#17277): https://lists.fd.io/g/vpp-dev/message/17277 Mute This Topic: https://lists.fd.io/mt/76285682/21656 Group Owner: vpp-dev+ow...@lists.fd.io Unsubscribe: https://lists.fd.io/g/vpp-dev/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
Re: [vpp-dev] ARP resolution from non-connected IP
That would probably cause the check to pass, but that route will cause VPP to ARP for the loopback address out of so the peer would also need to enable proxy ARP. However, If a-priori knowledge of what is connecting to what is allowed in the workaround, then add a static ARP entry on the peer. /neale On 20/08/2020 09:01, "Benoit Ganne (bganne)" wrote: Maybe a workaround would be to add the host prefix of the router loopback in the fib? Eg. 'ip route add /32 '? Best ben > -Original Message- > From: vpp-dev@lists.fd.io On Behalf Of Neale Ranns > via lists.fd.io > Sent: jeudi 20 août 2020 08:07 > To: vpp-dev@lists.fd.io; Satya Murthy > Subject: Re: [vpp-dev] ARP resolution from non-connected IP > > > There's no way to disable the check. VPP expects the ARP request to have > only address that belong to the link on which the ARP packet is sent. IMHO > the sender's behaviour is wrong. > > > /neale > > > tpyed by my fat tumhbs > > > > From: vpp-dev@lists.fd.io on behalf of Satya Murthy > > Sent: Wednesday, August 19, 2020 3:03:49 PM > To: vpp-dev@lists.fd.io > Subject: [vpp-dev] ARP resolution from non-connected IP > > > Hi, > > > > Have a query on the ARP resolution. > > > > We have a Router and VPP-box connected. > > > > We are trying to do some peering from router’s loopback IP. This loopback > IP is not in the connected subnet-range. > > Due to this, router is initiating an ARP request with src as non- > connected-IP in the payload. > > > > VPP is dropping this ARP request saying “IP4 source address not local to > subnet”. > > > > In linux and in cisco routers, we have options to allow ARP requests from > non-connected subnets. > > Is there any workaround in VPP to allow this ARP request. > > > > Please let us know. > > -- > Thanks & Regards, > Murthy -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#17271): https://lists.fd.io/g/vpp-dev/message/17271 Mute This Topic: https://lists.fd.io/mt/76285682/21656 Group Owner: vpp-dev+ow...@lists.fd.io Unsubscribe: https://lists.fd.io/g/vpp-dev/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
Re: [vpp-dev] ARP resolution from non-connected IP
Maybe a workaround would be to add the host prefix of the router loopback in the fib? Eg. 'ip route add /32 '? Best ben > -Original Message- > From: vpp-dev@lists.fd.io On Behalf Of Neale Ranns > via lists.fd.io > Sent: jeudi 20 août 2020 08:07 > To: vpp-dev@lists.fd.io; Satya Murthy > Subject: Re: [vpp-dev] ARP resolution from non-connected IP > > > There's no way to disable the check. VPP expects the ARP request to have > only address that belong to the link on which the ARP packet is sent. IMHO > the sender's behaviour is wrong. > > > /neale > > > tpyed by my fat tumhbs > > > > From: vpp-dev@lists.fd.io on behalf of Satya Murthy > > Sent: Wednesday, August 19, 2020 3:03:49 PM > To: vpp-dev@lists.fd.io > Subject: [vpp-dev] ARP resolution from non-connected IP > > > Hi, > > > > Have a query on the ARP resolution. > > > > We have a Router and VPP-box connected. > > > > We are trying to do some peering from router's loopback IP. This loopback > IP is not in the connected subnet-range. > > Due to this, router is initiating an ARP request with src as non- > connected-IP in the payload. > > > > VPP is dropping this ARP request saying "IP4 source address not local to > subnet". > > > > In linux and in cisco routers, we have options to allow ARP requests from > non-connected subnets. > > Is there any workaround in VPP to allow this ARP request. > > > > Please let us know. > > -- > Thanks & Regards, > Murthy -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#17268): https://lists.fd.io/g/vpp-dev/message/17268 Mute This Topic: https://lists.fd.io/mt/76285682/21656 Group Owner: vpp-dev+ow...@lists.fd.io Unsubscribe: https://lists.fd.io/g/vpp-dev/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
Re: [vpp-dev] ARP resolution from non-connected IP
There's no way to disable the check. VPP expects the ARP request to have only address that belong to the link on which the ARP packet is sent. IMHO the sender's behaviour is wrong. /neale tpyed by my fat tumhbs From: vpp-dev@lists.fd.io on behalf of Satya Murthy Sent: Wednesday, August 19, 2020 3:03:49 PM To: vpp-dev@lists.fd.io Subject: [vpp-dev] ARP resolution from non-connected IP Hi, Have a query on the ARP resolution. We have a Router and VPP-box connected. We are trying to do some peering from router’s loopback IP. This loopback IP is not in the connected subnet-range. Due to this, router is initiating an ARP request with src as non-connected-IP in the payload. VPP is dropping this ARP request saying “IP4 source address not local to subnet”. In linux and in cisco routers, we have options to allow ARP requests from non-connected subnets. Is there any workaround in VPP to allow this ARP request. Please let us know. -- Thanks & Regards, Murthy -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#17267): https://lists.fd.io/g/vpp-dev/message/17267 Mute This Topic: https://lists.fd.io/mt/76285682/21656 Group Owner: vpp-dev+ow...@lists.fd.io Unsubscribe: https://lists.fd.io/g/vpp-dev/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
Re: [vpp-dev] ARP resolution from non-connected IP
Hi Dave, Thanks for the quick inputs. I tried enabling the proxy-arp in both the following ways. But, still I am seeing the drop as below. CLIs tried: = set ip arp proxy 203.0.113.2 - 203.0.113.4 set interface proxy-arp intfc1 enable trace command o/p indicating the ARP drop: == 05:36:30:174070: arp-input request, type ethernet/IP4, address size 6/4 be:bb:1d:60:20:81/1.1.1.1 -> 00:00:00:00:00:00/203.0.113.2 05:36:30:174079: error-drop arp-input: IP4 source address not local to subnet Anything wrong I am doing here ? -- Thanks & Regards, Murthy -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#17261): https://lists.fd.io/g/vpp-dev/message/17261 Mute This Topic: https://lists.fd.io/mt/76285682/21656 Group Owner: vpp-dev+ow...@lists.fd.io Unsubscribe: https://lists.fd.io/g/vpp-dev/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
Re: [vpp-dev] ARP resolution from non-connected IP
Configure proxy-arp. From: vpp-dev@lists.fd.io On Behalf Of Satya Murthy Sent: Wednesday, August 19, 2020 9:04 AM To: vpp-dev@lists.fd.io Subject: [vpp-dev] ARP resolution from non-connected IP Hi, Have a query on the ARP resolution. We have a Router and VPP-box connected. We are trying to do some peering from router’s loopback IP. This loopback IP is not in the connected subnet-range. Due to this, router is initiating an ARP request with src as non-connected-IP in the payload. VPP is dropping this ARP request saying “IP4 source address not local to subnet”. In linux and in cisco routers, we have options to allow ARP requests from non-connected subnets. Is there any workaround in VPP to allow this ARP request. Please let us know. -- Thanks & Regards, Murthy -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#17260): https://lists.fd.io/g/vpp-dev/message/17260 Mute This Topic: https://lists.fd.io/mt/76285682/21656 Group Owner: vpp-dev+ow...@lists.fd.io Unsubscribe: https://lists.fd.io/g/vpp-dev/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-