vpp icon indicating copy to clipboard operation
vpp copied to clipboard
verified publisher icon FDio

[VPP-1614] ip6 nd proxy does not work

Open vvalderrv opened this issue 10 months ago • 2 comments

Description

ip6 nd proxy feature has the following 3 issues:

1. the CLI help & the documentation is incorrect, it says:

vpp# set ip6 nd proxy ?
  set ip6 nd proxy                         set ip6 nd proxy
which does not work, the actual arguments need to be switched (first the interface, then the host):

 

vpp# set ip6 nd proxy 2001:fd00::10 tap0
unknown input `2001:fd00::10 tap0'

vpp# set ip6 nd proxy tap0 2001:fd00::10
vpp#
**2. It only allows configuring the proxy for a single address**, not for a whole subnet. If whole subnet needs to be configured, it would require sending multiple CLIs / binary APIs (that is too many binary APIs for a /64 IPv6 subnet, for instance)

3. it does not seem to work: (vpp v18.10-22~g13f5dcf9)

 

vpp# set ip6 nd proxy tap0 2001:fd00::10 
vpp#

vat# ip6nd_proxy_dump
host 2001:fd00::10 sw_if_index 3


vpp# sh inter addr
GigabitEthernet0/8/0 (up):
L3 2001:fd00::2/64
L3 fe80::a00:27ff:fef3:9cfe/64


tap0 (up):
unnumbered, use GigabitEthernet0/8/0
L3 2001:fd00::2/64
L3 fe80::a00:27ff:fef3:9cfe/64
 VPP does not respond to ICMP neighbor_solicitation for 2001:fd00::10 on tap0: 
Packet 2:
02:52:27:036587: virtio-input
  virtio: hw_if_index 3 next-index 4 vring 0 len 86
    hdr: flags 0x00 gso_type 0x00 hdr_len 0 gso_size 0 csum_start 0 csum_offset 0 num_buffers 1
02:52:27:036598: ethernet-input
  IP6: 00:00:00:00:00:02 -> 33:33:ff:00:00:10
02:52:27:036601: ip6-input
  ICMP6: 2001:fd00::2 -> ff02::1:ff00:10
    tos 0x00, flow label 0x0, hop limit 255, payload length 32
  ICMP neighbor_solicitation checksum 0x3f77
    target address 2001:fd00::10
02:52:27:036603: ip6-mfib-forward-lookup
  fib 0 entry 2
02:52:27:036607: ip6-mfib-forward-rpf
  entry 2 itf -1 flags 
02:52:27:036610: ip6-drop
    ICMP6: 2001:fd00::2 -> ff02::1:ff00:10
      tos 0x00, flow label 0x0, hop limit 255, payload length 32
    ICMP neighbor_solicitation checksum 0x3f77
    target address 2001:fd00::10
02:52:27:036611: error-drop
  ip4-input: Multicast RPF check failed
  
vagrant@k8s-master:~$ ip -6 neigh 
2001:fd00::10 dev vpp1  FAILED

Assignee

Unassigned

Reporter

Rastislav Szabo

Comments

  • raszabo (Tue, 26 Mar 2019 08:56:06 +0000): as for 3), I was missing the "ip6 enable". Now, I'm getting the following error-drop, but I guess that's by design as well?
00:17:48:542695: icmp6-neighbor-solicitation
  ICMP6: 2001:fd00::2 -> ff02::1:ff00:10
    tos 0x00, flow label 0x0, hop limit 255, payload length 32
  ICMP neighbor_solicitation checksum 0x3f77
    target address 2001:fd00::10
00:17:48:542698: ip6-drop
    ICMP6: 2001:fd00::2 -> ff02::1:ff00:10
      tos 0x00, flow label 0x0, hop limit 255, payload length 32
    ICMP neighbor_solicitation checksum 0x3f77
    target address 2001:fd00::10
00:17:48:542700: error-drop
  ip6-icmp-input: neighbor solicitations from source not on link
- **nranns (Mon, 25 Mar 2019 16:22:16 +0000)**: 1) i can fix that

  1. that's by design. this is not a solution that is similar to proxy ARP. This solution was only intended to say that host X (with the address specified in the proxy command) is attached to this interface. 

  2. the same interface also needs "ip6 enable". and the whole subnet needs to be configured on the 'real' interface.

Original issue: https://jira.fd.io/browse/VPP-1614

vvalderrv avatar Feb 02 '25 02:02 vvalderrv