[vpp-dev] Routing between two loopback interface without any host interface

Thu, 12 May 2022 21:29:36 -0700 

Hi

Need to establish communication between loopback1 and loopback2.
There is no host ( host-ethx )  interface between them. Pure loopback
communication.

create loopback interface instance 1
set interface ip address loop1 11.11.11.1/28
set interface state loop1 up

create loopback interface instance 2
set interface ip address loop2 22.22.22.1/28
set interface state loop2 up


ping 22.22.22.1 source loop1

    1   0.000000   11.11.11.1 ? 22.22.22.1   ICMP 2327 Echo (ping) request
 id=0xc46f, seq=1/256, ttl=255
    2   0.000059   11.11.11.1 ? 22.22.22.1   ICMP 2326 Echo (ping) request
 id=0xc46f, seq=1/256, ttl=255
    3   0.000074   11.11.11.1 ? 22.22.22.1   ICMP 2324 Echo (ping) request
 id=0xc46f, seq=1/256, ttl=255
    4   0.000090   11.11.11.1 ? 22.22.22.1   ICMP 2326 Echo (ping) request
 id=0xc46f, seq=1/256, ttl=255
    5   0.000104   11.11.11.1 ? 22.22.22.1   ICMP 2320 Echo (ping) request
 id=0xc46f, seq=1/256, ttl=255
    6   1.003085   11.11.11.1 ? 22.22.22.1   ICMP 2327 Echo (ping) request
 id=0xc46f, seq=2/512, ttl=255
    7   1.003114   11.11.11.1 ? 22.22.22.1   ICMP 2326 Echo (ping) request
 id=0xc46f, seq=2/512, ttl=255
    8   1.003145   11.11.11.1 ? 22.22.22.1   ICMP 2324 Echo (ping) request
 id=0xc46f, seq=2/512, ttl=255
    9   1.003157   11.11.11.1 ? 22.22.22.1   ICMP 2326 Echo (ping) request
 id=0xc46f, seq=2/512, ttl=255
   10   1.003167   11.11.11.1 ? 22.22.22.1   ICMP 2320 Echo (ping) request
 id=0xc46f, seq=2/512, ttl=255
   11   2.007094   11.11.11.1 ? 22.22.22.1   ICMP 2327 Echo (ping) request
 id=0xc46f, seq=3/768, ttl=255
   12   2.007132   11.11.11.1 ? 22.22.22.1   ICMP 2326 Echo (ping) request
 id=0xc46f, seq=3/768, ttl=255
   13   2.007142   11.11.11.1 ? 22.22.22.1   ICMP 2324 Echo (ping) request
 id=0xc46f, seq=3/768, ttl=255
   14   2.007154   11.11.11.1 ? 22.22.22.1   ICMP 2326 Echo (ping) request
 id=0xc46f, seq=3/768, ttl=255
   15   2.007164   11.11.11.1 ? 22.22.22.1   ICMP 2320 Echo (ping) request
 id=0xc46f, seq=3/768, ttl=255
   16   3.000007   11.11.11.1 ? 22.22.22.1   ICMP 2327 Echo (ping) request
 id=0xc46f, seq=4/1024, ttl=255

VPPCTL# show ip fib
ipv4-VRF:0, fib_index:0, flow hash:[src dst sport dport proto ] epoch:0
flags:none locks:[default-route:1, nat-hi:2, ]
0.0.0.0/0
  unicast-ip4-chain
  [@0]: dpo-load-balance: [proto:ip4 index:1 buckets:1 uRPF:0 to:[0:0]]
    [0] [@0]: dpo-drop ip4
0.0.0.0/32
  unicast-ip4-chain
  [@0]: dpo-load-balance: [proto:ip4 index:2 buckets:1 uRPF:1 to:[0:0]]
    [0] [@0]: dpo-drop ip4
11.11.11.0/32
  unicast-ip4-chain
  [@0]: dpo-load-balance: [proto:ip4 index:10 buckets:1 uRPF:11 to:[0:0]]
    [0] [@0]: dpo-drop ip4
11.11.11.0/28
  unicast-ip4-chain
  [@0]: dpo-load-balance: [proto:ip4 index:9 buckets:1 uRPF:14 to:[0:0]]
    [0] [@4]: ipv4-glean: loop1: mtu:9000 next:1
ffffffffffffdead000000010806
11.11.11.1/32
  unicast-ip4-chain
  [@0]: dpo-load-balance: [proto:ip4 index:12 buckets:1 uRPF:15 to:[0:0]]
    [0] [@2]: dpo-receive: 11.11.11.1 on loop1
11.11.11.15/32
  unicast-ip4-chain
  [@0]: dpo-load-balance: [proto:ip4 index:11 buckets:1 uRPF:13 to:[0:0]]
    [0] [@0]: dpo-drop ip4
22.22.22.0/32
  unicast-ip4-chain
  [@0]: dpo-load-balance: [proto:ip4 index:14 buckets:1 uRPF:17 to:[0:0]]
    [0] [@0]: dpo-drop ip4
22.22.22.0/28
  unicast-ip4-chain
  [@0]: dpo-load-balance: [proto:ip4 index:13 buckets:1 uRPF:20 to:[5:480]]
    [0] [@4]: ipv4-glean: loop2: mtu:9000 next:2
ffffffffffffdead000000020806
22.22.22.1/32
  unicast-ip4-chain
  [@0]: dpo-load-balance: [proto:ip4 index:16 buckets:1 uRPF:21
to:[15:1440]]
    [0] [@2]: dpo-receive: 22.22.22.1 on loop2
22.22.22.15/32
  unicast-ip4-chain
  [@0]: dpo-load-balance: [proto:ip4 index:15 buckets:1 uRPF:19 to:[0:0]]
    [0] [@0]: dpo-drop ip4
224.0.0.0/4
  unicast-ip4-chain
  [@0]: dpo-load-balance: [proto:ip4 index:4 buckets:1 uRPF:3 to:[0:0]]
    [0] [@0]: dpo-drop ip4
240.0.0.0/4
  unicast-ip4-chain
  [@0]: dpo-load-balance: [proto:ip4 index:3 buckets:1 uRPF:2 to:[0:0]]
    [0] [@0]: dpo-drop ip4
255.255.255.255/32
  unicast-ip4-chain
  [@0]: dpo-load-balance: [proto:ip4 index:5 buckets:1 uRPF:4 to:[0:0]]
    [0] [@0]: dpo-drop ip4


Facing issue with IP source address validation in src/vnet/ip/ip4_forward.c
which drops the packet as spoof.

*error0 = ((*error0 == IP4_ERROR_UNKNOWN_PROTOCOL
            && dpo0->dpoi_type == DPO_RECEIVE) ?
           IP4_ERROR_SPOOFED_LOCAL_PACKETS : *error0);
*error0 = ((*error0 == IP4_ERROR_UNKNOWN_PROTOCOL
            && !fib_urpf_check_size (lb0->lb_urpf)
            && ip0->dst_address.as_u32 != 0xFFFFFFFF) ?
           IP4_ERROR_SRC_LOOKUP_MISS : *error0);

I tried loose source validation, table, route entry, etc always hitting
spoof.
In case if i remove the validation, communication is working.

Can we route the data without modifying the code and bypass the validation
with proper configuration ? If so, please share it.

Thanks,
Sri

-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#21408): https://lists.fd.io/g/vpp-dev/message/21408
Mute This Topic: https://lists.fd.io/mt/91074078/21656
Group Owner: [email protected]
Unsubscribe: https://lists.fd.io/g/vpp-dev/unsub [[email protected]]
-=-=-=-=-=-=-=-=-=-=-=-

Reply via email to