I am facing a problem when IPSEC is enabled on my box.
1) once the packet comes to my box i am decrypting the packet and i am setting the fib index as 1 since my TCP application's listening ip belongs to fib 1.
2)in this scenario SYN has reached to TCP node and then SYN+ACK is formed and it forwarded by TCP node to ip node. where lookup is happening.
3) here at ip layer inside ip4_lookup_inline() it is marking the next node based on dpo object.
4) Now, from IP layer it has to reached to esp4-encrypt () but some times its not reaching.
What could be the reason can anyone please shed some light on this?
Below are the steps i am performing .
1) creating the IPSEC tunnel at my StrongSwan.
2) creating ipip0 interface using
set interface state ipip0 up
3)setting this unnumbered ipip0 to vth interface .
set interface unnumbered ipip0 use VirtualFuncEthernet0/6/0.884
4) adding reverse route so that my SYN+ACK can reach to my client.
There’s not enough information here to diagnose what the problem is. Let’s start with a packet trace.
From: vpp-dev@... <vpp-dev@...> on behalf of nikhil subhedar via lists.fd.io <subhedarnikhil=gmail.com@...>