vpp icon indicating copy to clipboard operation
vpp copied to clipboard
verified publisher icon FDio

[VPP-1637] IPSec packet punt to control plane

Open vvalderrv opened this issue 10 months ago • 1 comments

Description

We need to punt the first (and only the first) packet from each unknown IPSec flow to the control plane. So, after punting the first packet from an unknown flow through the punt socket (the UDS socket is used for punting IKE packets), we need to put an ACL on the flow to drop all subsequent packets. The Control plane will examine if this flow should be allowed, create an IPSEc tunnel for it, and remove the ACL so that the traffic can now flow through the tunnel.

For more info, please contact Jan Medved

Assignee

Unassigned

Reporter

Rastislav Szabo

Comments

No comments.

Original issue: https://jira.fd.io/browse/VPP-1637

vvalderrv avatar Feb 02 '25 03:02 vvalderrv