Hi Filip, Sorry to bother you.
If you have any update on this please let me know. I can perform any test you need. Thanks! On Thu, Sep 17, 2020 at 10:05 AM Pac Ette via lists.fd.io <pktnoise= gmail....@lists.fd.io> wrote: > Hi Filip, > > Sounds good. > > Thanks! > > On Thu, Sep 17, 2020 at 1:27 AM Filip Varga -X (fivarga - PANTHEON TECH > SRO at Cisco) <fiva...@cisco.com> wrote: > >> Hi Pac, >> >> >> >> Yes the idea is that you should be able to ping NAT outside interface >> from the adjacent side of the connection. This was previously working. >> I will create a ticket for the issue and look in to it shortly. >> >> >> >> If you have any other issues with NAT please let me know. >> >> >> >> Best regards, >> Filip >> >> >> >> *From:* Pac Ette <pktno...@gmail.com> >> *Sent:* Wednesday, September 16, 2020 10:16 PM >> *To:* pktno...@gmail.com >> *Cc:* Filip Varga -X (fivarga - PANTHEON TECH SRO at Cisco) < >> fiva...@cisco.com>; Dave Barach (dbarach) <dbar...@cisco.com>; >> vpp-dev@lists.fd.io >> *Subject:* Re: [vpp-dev] ping not able to receive replies on vpp >> interface >> *Importance:* High >> >> >> >> Hi Filip, >> >> >> >> sorry, amendment to my last email: >> >> >> >> Your suggestion worked. But ping from linux stack (tap interface) is not >> working because there is no NAT in/out anymore. >> >> >> >> I am using VPP with NAT. Is it not possible for ping to work with NAT? >> >> >> >> I noticed something. If I add back: >> >> >> >> set interface nat44 in loop0 in loop1 >> set interface nat44 out wan1 >> >> >> >> In addition to vpp-to-server not working, I am also unable to ping from >> linux server to vpp box. >> >> >> >> $ ping 10.200.1.7 >> PING 10.200.1.7 (10.200.1.7) from 10.200.1.1 eth2: 56(84) bytes of data. >> --- 10.200.1.7 ping statistics --- >> 80 packets transmitted, 0 received, 100% packet loss, time 80882ms >> >> >> >> Thanks! >> >> >> >> On Wed, Sep 16, 2020 at 1:10 PM Pac Ette via lists.fd.io <pktnoise= >> gmail....@lists.fd.io> wrote: >> >> Hi Filip, >> >> >> >> Your suggestion worked. But I am using VPP with NAT. Is it not possible >> for ping to work with NAT? >> >> >> >> I noticed something. When NAT is set, in addition to vpp to server not >> working, I am also unable to ping from linux server to vpp box. >> >> >> >> If I add back: >> >> set interface nat44 in loop0 in loop1 >> set interface nat44 out wan1 >> >> >> >> linux (10.200.1.1) --> to --> wan1 (vpp) does not work either. >> >> >> >> Thanks! >> >> >> >> >> >> On Wed, Sep 16, 2020 at 12:35 PM Filip Varga -X (fivarga - PANTHEON TECH >> SRO at Cisco) <fiva...@cisco.com> wrote: >> >> Hi Pac, >> >> >> >> Try removing from your configuration following two lines: >> >> >> >> set interface nat44 in loop0 in loop1 >> set interface nat44 out wan1 >> >> >> >> Now try to ping from linux & vpp. From linux ping vpp wan interface >> 10.200.1.7 and from vpp linux host 10.200.1.1 (don’t forget to specify the >> source interface, this should be your wan interface in vpp). >> >> >> >> # ping <ip-addr> source <interface> >> >> >> >> Best regards, >> >> Filip >> >> >> >> *From:* vpp-dev@lists.fd.io <vpp-dev@lists.fd.io> *On Behalf Of *Pac Ette >> *Sent:* Wednesday, September 16, 2020 6:14 PM >> *To:* Dave Barach (dbarach) <dbar...@cisco.com> >> *Cc:* vpp-dev@lists.fd.io >> *Subject:* Re: [vpp-dev] ping not able to receive replies on vpp >> interface >> >> >> >> Hi Dave, >> >> >> >> I had a suspicion that my configs might be wrong. But, why would packets >> go through the NAT plugin when I am pinging from vppctl and directly on the >> wan1 port - I was thinking these packets don't need to be NAT-ed. Here are >> my configs and testing results. >> >> >> >> ## Configs >> cat vpp.conf >> set interface state wan1 up >> set interface state lan3 up >> set interface state lan2 up >> set interface state lan0 up >> >> set dhcp client intfc wan1 hostname test-ccB >> >> loopback create >> set interface l2 bridge loop0 1 bvi >> set interface ip address loop0 10.90.0.1/16 >> set interface state loop0 up >> >> create tap id 0 host-ip4-addr 10.90.0.2/16 host-if-name lstack1 >> set interface l2 bridge tap0 1 >> set interface state tap0 up >> >> loopback create >> set interface l2 bridge loop1 2 bvi >> set interface ip address loop1 10.100.0.1/16 >> set interface state loop1 up >> >> set interface l2 bridge lan0 2 >> set interface l2 bridge lan2 2 >> set interface l2 bridge lan3 2 >> >> create tap id 1 host-ip4-addr 10.100.0.2/16 host-if-name lstack2 >> set interface l2 bridge tap1 2 >> set interface state tap1 up >> >> nat44 add interface address wan1 >> set interface nat44 in loop0 in loop1 >> set interface nat44 out wan1 >> ---------------------------------------------------------- >> vpp# sh nat44 addresses >> NAT44 pool addresses: >> 10.200.1.7 >> tenant VRF independent >> 0 busy other ports >> 18 busy udp ports >> 0 busy tcp ports >> 0 busy icmp ports >> NAT44 twice-nat pool addresses: >> >> vpp# sh nat44 interfaces >> NAT44 interfaces: >> loop0 in >> loop1 in >> wan1 out >> >> vpp# sh dhcp client >> [0] wan1 state DHCP_BOUND installed 1 addr 10.200.1.7/24 gw 10.200.1.1 >> server 10.200.1.1 dns 8.8.8.8 >> >> linux stack >> $ ip route >> default via 10.90.0.1 dev lstack1 >> 10.90.0.0/16 dev lstack1 proto kernel scope link src 10.90.0.2 >> 10.100.0.0/16 dev lstack2 proto kernel scope link src 10.100.0.2 >> ---------------------------------------------------------- >> ## Testing >> >> pings via linux stack works but pings via vppctl do not. >> >> ping via vppctl: >> vpp# ping 10.200.1.1 >> Statistics: 5 sent, 0 received, 100% packet loss >> >> ping via linux stack: >> $ ping 10.200.1.1 >> PING 10.200.1.1 (10.200.1.1) 56(84) bytes of data. >> 64 bytes from 10.200.1.1: icmp_seq=1 ttl=63 time=1.01 ms >> 64 bytes from 10.200.1.1: icmp_seq=2 ttl=63 time=0.321 ms >> --- 10.200.1.1 ping statistics --- >> 2 packets transmitted, 2 received, 0% packet loss, time 1001ms >> rtt min/avg/max/mdev = 0.321/0.670/1.019/0.349 ms >> >> >> >> Thanks! >> >> >> >> On Wed, Sep 16, 2020 at 4:32 AM Dave Barach (dbarach) <dbar...@cisco.com> >> wrote: >> >> The dispatch pcap trace shows that “nat44-ed-out2in-slowpath” drops the >> reply. Since the *request* never visits the nat plugin, there is no >> translation set up to process the reply. >> >> >> >> Please check your configuration. >> >> >> >> Dave >> >> >> >> *From:* vpp-dev@lists.fd.io <vpp-dev@lists.fd.io> *On Behalf Of *Pac Ette >> *Sent:* Tuesday, September 15, 2020 11:40 PM >> *To:* vpp-dev@lists.fd.io >> *Subject:* [vpp-dev] ping not able to receive replies on vpp interface >> >> >> >> Hi folks, >> >> >> >> vpp is unable to ping on an interface: >> >> vpp# ping 10.200.1.1 source wan1 >> Statistics: 5 sent, 0 received, 100% packet loss >> >> >> >> current setup: >> >> vpp 20.05 >> >> >> >> linux machine (A) <----> vpp machine (B) >> >> 10.200.1.1 <----> 10.200.1.7 >> >> >> >> >> >> So the server at 10.200.1.1 is replying but vpp is showing 100% packet >> loss. >> >> >> >> I am also attaching a vpp dispatch pcap file. >> >> >> >> Thanks for the help! >> >> >> >> >> > > >
-=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#17494): https://lists.fd.io/g/vpp-dev/message/17494 Mute This Topic: https://lists.fd.io/mt/76880903/21656 Group Owner: vpp-dev+ow...@lists.fd.io Unsubscribe: https://lists.fd.io/g/vpp-dev/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
