Dear VPP Folks, I checked vpp behavior when nat is enabled to face packets with Time To Live (TTL) value of 1. I'm using vpp version of v19.08-rc0 on master branch.
I configured a simple nat scenario with static mapping, In normal Scenario, when my client ping the vpp IP, nat function has good functionality and convert destination address of packet to the desired address. But when client send an icmp packet with TTL 1, vpp drops the packets without generating any reject icmp message. I saw different behavior in different nat Scenario but I am not familiar with nat plugin , I think it is needed to check TTL test in another Scenario in vpp. For example, I test a scenario in which a packet with TTL 2 is sent to the vpp. VPP changed its destination address and forwarded it to the next hop, which was a router. In that hop, TTL was 1 and the packet was rejected due to TTL issue. The router that rejected the packet, sent an ICMP reject message to the client. Since a device having VPP was between the client and the router, VPP nat plugin changed the source ( router ip ) of icmp reject packet. So client received a rejected message from source of vpp while it was sent from the router. As a result, Client thinks that its next hop has rejected the packet, while it was not true. Can we consider this behavior as a bug? my topology: |Client 20.20.20.20| <--------> | 20.20.20.1 VPP device 30.30.30.1| <---------> |30.30.30.30 Router 40.40.40.1| <------------> |40.40.40.40 Server| attached, you will find my configuration file.
Configuration
Description: Binary data
-=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#13772): https://lists.fd.io/g/vpp-dev/message/13772 Mute This Topic: https://lists.fd.io/mt/32921308/21656 Group Owner: vpp-dev+ow...@lists.fd.io Unsubscribe: https://lists.fd.io/g/vpp-dev/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
