On 19/11/2021 13:32, Ben McKeegan via lists.fd.io wrote:
Firstly, with the map plugin it appears to break IPv6 connectivity: the
control plane can no longer successfully do NDP to the external gateway
(a layer 3 switch). NDP replies from the gateway to the control plane
do not arrive. There is a very simple workaround: if I put in a static
neighbour entry in Linux (with 'ip neigh replace ...') everything else
works. I have not yet understood why this happens although as I have a
workaround I did not spent too long on investigating it.
It turns out this was fairly straightforward, see patch below which
fixed it for me. Previously, the code checked for ICMP6 echo request
and reply codes and handled these locally, attempting to relay
everything else (and discarding any that are not suitable for relaying).
For now I have added similar exceptions for NDP and RAs, but this
seems a little backward to me. Should we make IP6_MAP_NEXT_IP6_LOCAL
the default and only set IP6_MAP_NEXT_IP6_ICMP_RELAY for one of the four
ICMP6 error codes that ip6_map_icmp_relay() actually checks for? The
comment in the code says:
* ICMP IPv6 packet
* - Error -> Pass to ICMPv6/ICMPv4 relay
* - Info -> Pass to IPv6 local
... which makes sense, but doesn't match what the code was doing.
diff --git a/src/plugins/map/ip6_map.c b/src/plugins/map/ip6_map.c
index 1193dda0a..d400c634c 100644
--- a/src/plugins/map/ip6_map.c
+++ b/src/plugins/map/ip6_map.c
@@ -246,8 +246,11 @@ ip6_map (vlib_main_t * vm, vlib_node_runtime_t *
node, vlib_frame_t * frame)
{
icmp46_header_t *icmp = (void *) (ip60 + 1);
next0 = (icmp->type == ICMP6_echo_request
- || icmp->type ==
- ICMP6_echo_reply) ? IP6_MAP_NEXT_IP6_LOCAL :
+ || icmp->type == ICMP6_echo_reply
+ || icmp->type == ICMP6_neighbor_solicitation
+ || icmp->type == ICMP6_neighbor_advertisement
+ || icmp->type == ICMP6_router_solicitation
+ || icmp->type == ICMP6_router_advertisement) ?
IP6_MAP_NEXT_IP6_LOCAL :
IP6_MAP_NEXT_IP6_ICMP_RELAY;
}
else if (ip60->protocol == IP_PROTOCOL_IPV6_FRAGMENTATION)
@@ -273,8 +276,11 @@ ip6_map (vlib_main_t * vm, vlib_node_runtime_t *
node, vlib_frame_t * frame)
{
icmp46_header_t *icmp = (void *) (ip61 + 1);
next1 = (icmp->type == ICMP6_echo_request
- || icmp->type ==
- ICMP6_echo_reply) ? IP6_MAP_NEXT_IP6_LOCAL :
+ || icmp->type == ICMP6_echo_reply
+ || icmp->type == ICMP6_neighbor_solicitation
+ || icmp->type == ICMP6_neighbor_advertisement
+ || icmp->type == ICMP6_router_solicitation
+ || icmp->type == ICMP6_router_advertisement) ?
IP6_MAP_NEXT_IP6_LOCAL :
IP6_MAP_NEXT_IP6_ICMP_RELAY;
}
else if (ip61->protocol == IP_PROTOCOL_IPV6_FRAGMENTATION)
@@ -451,8 +457,11 @@ ip6_map (vlib_main_t * vm, vlib_node_runtime_t *
node, vlib_frame_t * frame)
{
icmp46_header_t *icmp = (void *) (ip60 + 1);
next0 = (icmp->type == ICMP6_echo_request
- || icmp->type ==
- ICMP6_echo_reply) ? IP6_MAP_NEXT_IP6_LOCAL :
+ || icmp->type == ICMP6_echo_reply
+ || icmp->type == ICMP6_neighbor_solicitation
+ || icmp->type == ICMP6_neighbor_advertisement
+ || icmp->type == ICMP6_router_solicitation
+ || icmp->type == ICMP6_router_advertisement) ?
IP6_MAP_NEXT_IP6_LOCAL :
IP6_MAP_NEXT_IP6_ICMP_RELAY;
}
else if (ip60->protocol == IP_PROTOCOL_IPV6_FRAGMENTATION &&
Regards,
Ben.
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#20523): https://lists.fd.io/g/vpp-dev/message/20523
Mute This Topic: https://lists.fd.io/mt/87167458/21656
Group Owner: vpp-dev+ow...@lists.fd.io
Unsubscribe: https://lists.fd.io/g/vpp-dev/unsub [arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-
