Brief

How to reproduce Create a ipsec tunnel between two machines Assign ipv6 address to machines as tunnel ips Configure SRv6 End.DX4 Ping each other via srv6 end.dx4 Result: cannot ping each other Find root cause Let’s read kernel code and find how pocket flows with ipsec(via xfrm framework) and srv6. First, we need clarify the code path of target packets. Because we use ipsec tunnel, so every actual payload packet will be packed into a UDP via ESP protocol and the inner packet it’s a ipv6 packet with srv6 end.dx4 action which means the structure of entire packet is: ...