Using PBR for configuring routes on the NSE itself

[BenAgai]

Hey, I’m currently working on a project where I want to provide internet access through NSM. I have created the following topology:

In the above figure let’s assume that the OVPN server assigns every OVPN client an IP from the following CIDR 10.20.30.0/24.

The expected traffic flow:

1. Traffic goes from user to OVPN client
2. To OVPN server
3. To the VPP NSE (using PBR)
4. Traffic goes from the VPP NSE to the internet with a NAT being performed at the NSE
5. Traffic returns from the internet to the NSE
6. Traffic goes from the NSE to the user through the OVPN server and OVPN client

Issue: In order to make traffic, coming back from the internet, to be forwarded to the VPP daemon on the NSE I need to add the following rule using VPPCTL: vppctl ip route add 10.20.30.0/24 via Where memif is the interface created in my NSE's VPP daemon when the OVPN server (running NSC) connected to my NSC.

My question: Is there a way I can use PBR, or similar mechanism, that will cause the VPP daemon to add the relevant route on my behalf?

Thanks in advance!

[denis-tingaikin]

/cc @glazychev-art , @edwarnicke

[glazychev-art]

Hi @BenAgai , There is currently no such functionality, but we can consider it.

@edwarnicke Do you have any thoughts?

[denis-tingaikin]

@edwarnicke Do you have any updates?