Page MenuHomeVyOS Platform

Add tunnels FOO over UDP (FOU)
Open, Requires assessmentPublicFEATURE REQUEST

Description

FOO-over-UDP (FOU) can be able to encapsulate any IP protocol over UDP.

Example of configuration
Left site:

modprobe fou
ip fou add port 5555 ipproto 4

ip link add name tun1 type ipip \
     remote 192.0.2.2 \
     local 192.0.2.1 \
     mode ipip \
     ttl 255 \
     dev eth1 \
     encap fou \
           encap-sport 5555 \
           encap-dport 6666
ip add add 10.0.0.1 peer 10.0.0.2 dev tun1
sudo ip link set dev tun1 up

Right site:

modprobe fou
ip fou add port 6666 ipproto 4

modprobe fou
ip link add name tun1 type ipip \
     remote 192.0.2.1 \
     local 192.0.2.2 \
     mode ipip \
     ttl 255 \
     dev eth1 \
     encap fou \
           encap-sport 6666 \
           encap-dport 5555
ip add add 10.0.0.2 peer 10.0.0.1 dev tun1
sudo ip link set dev tun1 up

Ping from R2 => R1 and

root@r1-roll:/home/vyos# ping 10.0.0.1
PING 10.0.0.1 (10.0.0.1) 56(84) bytes of data.
64 bytes from 10.0.0.1: icmp_seq=1 ttl=64 time=0.419 ms
64 bytes from 10.0.0.1: icmp_seq=2 ttl=64 time=0.753 ms
64 bytes from 10.0.0.1: icmp_seq=3 ttl=64 time=0.831 ms
64 bytes from 10.0.0.1: icmp_seq=4 ttl=64 time=1.03 ms
64 bytes from 10.0.0.1: icmp_seq=5 ttl=64 time=0.711 ms
64 bytes from 10.0.0.1: icmp_seq=6 ttl=64 time=0.920 ms

Dump from R1

vyos@r4-1.3# sudo tcpdump -nti eth1 not stp
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on eth1, link-type EN10MB (Ethernet), capture size 262144 bytes
IP 192.0.2.2.6666 > 192.0.2.1.5555: UDP, length 84
IP 192.0.2.1.5555 > 192.0.2.2.6666: UDP, length 84
IP 192.0.2.2.6666 > 192.0.2.1.5555: UDP, length 84
IP 192.0.2.1.5555 > 192.0.2.2.6666: UDP, length 84
IP 192.0.2.2.6666 > 192.0.2.1.5555: UDP, length 84
IP 192.0.2.1.5555 > 192.0.2.2.6666: UDP, length 84
IP 192.0.2.2.6666 > 192.0.2.1.5555: UDP, length 84
IP 192.0.2.1.5555 > 192.0.2.2.6666: UDP, length 84

https://lwn.net/Articles/614348/
https://people.netfilter.org/pablo/netdev0.1/papers/UDP-Encapsulation-in-Linux.pdf
https://developers.redhat.com/blog/2019/05/17/an-introduction-to-linux-virtual-interfaces-tunnels#fou
https://manpages.debian.org/unstable/iproute2/ip-fou.8.en.html

Details

Difficulty level
Unknown (require assessment)
Version
-
Why the issue appeared?
Will be filled on close
Is it a breaking change?
Unspecified (possibly destroys the router)