vpp-manager: fix DHCPv6 ip6tables hop-limit workaround#961
Open
vpp-manager: fix DHCPv6 ip6tables hop-limit workaround#961
Conversation
Replace the ip6tables hop-limit workaround with the VPP ttl_fixup
plugin, which provides protocol-agnostic TTL/hop-limit preservation
for host-originated traffic forwarded through VPP.
The plugin uses a two-phase approach:
- Input features on tap0: Set VNET_BUFFER_F_LOCALLY_ORIGINATED to
prevent ip4/ip6-rewrite from decrementing TTL. This preserves
TTL=1 for link-local protocols (DHCPv6, BGP, etc.) that would
otherwise be dropped.
- Output features on pod interfaces: For packets that originated
from tap0, decrement TTL post-rewrite and send ICMP time-exceeded
if needed. This restores normal router-hop behaviour for
host-to-pod traffic while keeping TTL preserved for host-to-uplink
(transparent forwarding).
This ensures:
- tap → uplink: TTL preserved (VPP transparent, DHCPv6 works)
- tap → pod: TTL decremented (VPP acts as router hop)
Signed-off-by: Aritra Basu <aritrbas@cisco.com>
aritrbas
force-pushed
the
abasu-fix-ttl-hack
branch
from
9c749c3 to
dec9cb9
Compare
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
This patch replaces the
ip6tableshop-limit workaround with the VPPttl_fixupplugin, which provides protocol-agnostic TTL/hop-limit preservation for host-originated traffic forwarded through VPP.The
ttl_fixupplugin introduces a two-phase dataplane behavior:Changes
ttl_fixupinput on host tap setup path invpp-manager.ttl_fixupoutput on pod interface setup and disabled it on teardown.ip6tablesworkaround logic fromvpp-managerstartup/restore path.vpplinkbindings for thettl_fixupplugin.Resulting behavior:
ip6tableshack required.