Uploaded image for project: 'vpp'
  1. vpp
  2. VPP-464

IPSec-GRE - adjacency drop in FIB 2.0

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Done
    • Icon: High High
    • 17.01
    • None
    • None

      Used vat commands:

      sw_interface_set_flags sw_if_index 2 admin-up
      sw_interface_set_flags sw_if_index 1 admin-up
      sw_interface_add_del_address sw_if_index 1 192.168.2.1/24
      ip_neighbor_add_del sw_if_index 1 dst 192.168.2.2 mac 08:00:27:04:98:31
      ipsec_sad_add_del_entry esp sad_id 10 spi 1001 crypto_alg aes-cbc-128 crypto_key 357a63524f6a637059624d474d387659 integ_alg sha1-96 integ_key 584b66304870376e513841696259445969304155
      ipsec_sad_add_del_entry esp sad_id 20 spi 1000 crypto_alg aes-cbc-128 crypto_key 357a63524f6a637059624d474d387659 integ_alg sha1-96 integ_key 584b66304870376e513841696259445969304155
      ipsec_gre_add_del_tunnel src 192.168.2.1 dst 192.168.2.2 local_sa 10 remote_sa 20
      bridge_domain_add_del bd_id 10 flood 1 uu-flood 1 forward 1 learn 1 arp-term 0
      sw_interface_set_l2_bridge sw_if_index 2 bd_id 10 shg 0 enable
      sw_interface_set_l2_bridge sw_if_index 5 bd_id 10 shg 0 enable

      VPP show error:

      Count Node Reason
      1 ipsec-gre-input GRE output packets encapsulated
      1 esp-encrypt ESP pkts received
      1 ip4-input ip4 adjacency drop

      VPP trace:

      Packet 1

      00:00:15:446226: dpdk-input
      GigabitEthernet0/a/0 rx queue 0
      buffer 0x4e03: current data 0, length 60, free-list 0, totlen-nifb 0, trace 0x0
      PKT MBUF: port 1, nb_segs 1, pkt_len 60
      buf_len 2176, data_len 60, ol_flags 0x0, data_off 128, phys_addr 0x4e133fc0
      packet_type 0x0
      IP4: 08:00:27:7e:6e:2e -> 08:00:27:9b:f1:65
      ICMP: 192.168.1.1 -> 192.168.1.2
      tos 0x00, ttl 64, length 28, checksum 0xf78c
      fragment id 0x0001
      ICMP echo_request checksum 0xf7ff
      00:00:15:446269: ethernet-input
      IP4: 08:00:27:7e:6e:2e -> 08:00:27:9b:f1:65
      00:00:15:446278: l2-input
      l2-input: sw_if_index 2 dst 08:00:27:9b:f1:65 src 08:00:27:7e:6e:2e
      00:00:15:446281: l2-learn
      l2-learn: sw_if_index 2 dst 08:00:27:9b:f1:65 src 08:00:27:7e:6e:2e bd_index 1
      00:00:15:446286: l2-fwd
      l2-fwd: sw_if_index 2 dst 08:00:27:9b:f1:65 src 08:00:27:7e:6e:2e bd_index 1
      00:00:15:446288: l2-flood
      l2-flood: sw_if_index 2 dst 08:00:27:9b:f1:65 src 08:00:27:7e:6e:2e bd_index 1
      00:00:15:446290: l2-output
      l2-output: sw_if_index 5 dst 08:00:27:9b:f1:65 src 08:00:27:7e:6e:2e
      00:00:15:446306: ipsec-gre0-output
      ipsec-gre0
      00000000: 0800279bf1650800277e6e2e08004500001c000100004001f78cc0a80101c0a8
      00000020: 01020800f7ff00000000000000000000000000000000000000000000e82c3c73
      00000040: 0000000000000000000000000000000000000000000000000000000000000000
      00000060: 00000000000000000000000000000000000000000000000000000000
      00:00:15:446308: ipsec-gre0-tx
      GRE: tunnel 0 len 84 src 192.168.2.1 dst 192.168.2.2 sa-id 10
      00:00:15:446311: esp-encrypt
      esp: spi 1001 seq 0 crypto aes-cbc-128 integrity sha1-96
      00:00:15:446533: ip4-input
      IPSEC_ESP: 192.168.2.1 -> 192.168.2.2
      tos 0x00, ttl 254, length 136, checksum 0x36f0
      fragment id 0x0000
      00:00:15:446536: ip4-drop
      IPSEC_ESP: 192.168.2.1 -> 192.168.2.2
      tos 0x00, ttl 254, length 136, checksum 0x36f0
      fragment id 0x0000
      00:00:15:446540: error-drop
      ip4-input: ip4 adjacency drop

      Note:

      This setting worked with VPP before FIB 2.0
      After update to FIB 2.0 is no longer working.

            matfabia Matus Fabian
            zolsovsk Zdenko Olsovsky
            Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

              Created:
              Updated:
              Resolved: