Hi John, This is via L3 forwarding. Please see below link for details, which was run when merging this feature: https://wiki.fd.io/images/5/5f/NSH_SNAT_Output.png
Agree that the latter approach is more efficient. But for some cases, we are required not to touch the inner Ethernet header. Thanks, Hongjun From: John Lo (loj) [mailto:l...@cisco.com] Sent: Tuesday, April 25, 2017 10:15 AM To: Ni, Hongjun <hongjun...@intel.com>; vpp-dev@lists.fd.io Cc: nsh_sfc-...@lists.fd.io Subject: RE: [vpp-dev] About MAC address check in ethernet-input node if interface in L3 mode Hi Hongjun, How is the packet forwarded between Ethernet-input -> ... -> Tx to phy interface? Is it via L2 or L3 forwarding? I am guessing it is L3 forwarding thus this check for ethernet-input. If it is L2 forwarded and the tunnel interface can be changed to L2 mode, this MAC address check will not be done in ethernet-input. If it is L3 forwarded and ethernet-input node is used, then tunnel should be created as a ethernet interface type so its MAC can be assigned and behave like a ethernet interface. Another way would be for the tunnel decap node to also remove the L2 header and pass L3 packet to the correct L3 forward node (ip4/6-input?) directly. The latter approach can be more efficient since it will bypass ethernet-input node. Regards, John From: vpp-dev-boun...@lists.fd.io<mailto:vpp-dev-boun...@lists.fd.io> [mailto:vpp-dev-boun...@lists.fd.io] On Behalf Of Ni, Hongjun Sent: Monday, April 24, 2017 9:13 PM To: vpp-dev@lists.fd.io<mailto:vpp-dev@lists.fd.io> Cc: nsh_sfc-...@lists.fd.io<mailto:nsh_sfc-...@lists.fd.io> Subject: [vpp-dev] About MAC address check in ethernet-input node if interface in L3 mode Hey, For NSH-aware SNAT case, a packet goes through below flow path: Rx on Phy interface -> .. -> nsh_plugin for tunnel decap -> Ethernet-input -> ... -> Tx to phy interface. It works well when this feature was merged before. Recently, I ran into an issue when running NSH-aware SNAT case: When packets sent from nsh_tunnel to Ethernet-input node, ethernet_input_inline function will check packet's destination MAC with nsh_tunnel's interface MAC. But nsh_tunnel is a virtual interface and has no MAC address. It results in the failure of packets process. https://gerrit.fd.io/r/#/c/5718/ Add MAC address check in ethernet-input node if interface in L3 mode This bug fix was merged in VPP some days ago, which causes above failure. When I tried to configure the MAC address of nsh_tunnel, it has an error: DBGvpp# set interface mac address nsh_tunnel0 90:E2:BA:48:7A:80 set interface mac address: mac address change is not supported for interface index 4 We need to figure out a way to fix this issue. Thanks a lot, Hongjun
_______________________________________________ vpp-dev mailing list vpp-dev@lists.fd.io https://lists.fd.io/mailman/listinfo/vpp-dev
