Hi Yuxiang,
Thank you for the report. I am looking into replicating the issue. Please
create a ticket on the public jira – you can track the progress there.
Best regards,
Filip Varga
From: vpp-dev@lists.fd.io On Behalf Of Yuxiang Zhu
Sent: Monday, June 13, 2022 9:43 AM
To: vpp-dev@lists.fd.io
Hi Marcelo,
It is possible to run at once all of the nat plugins.
There are few issues I can see.
Using forwarding enabled configuration with nat44-ed should let all of the
in2out traffic except static mapping get ignored / not translated. This should
let you run both in2out nat44-ed and in2ou
Hi,
I will do some testing and let you know.
For now:
There is one solution you can try at this moment:
1. configure both interfaces as inside (management traffic and business
traffic)
2. configure G0 as outside interface
3. enable forwarding
4. add G0 as nat interface address
5.
Hi Haiyan,
Can you please be more specific. For example what other traffic except from
interface A and B will be passing (are there other interfaces involved) ? Using
nat44-ed forwarding is a bit tricky. It let's pass traffic without translation
if a preexisting session isn't found so this woul
Hi Haiyan,
In this case you have to configure other VRF1’s interfaces as inside interfaces
and configure a different outside address for tenant-vrf VRF1.
Other option is to use the same NAT outside address for both VRF’s, this can be
achieved by configuring address without specifing tenant-vrf.
Hi Haiyan,
VRF for nat44-ed and nat44-ei works as follows:
Scenario 2 VRF’s. VRF1 can reach the internet, VRF2 can’t.
1)
Enable nat44-ed plugin.
2)
VRF1:
Configure public facing interface to be used as outside interface for nat44-ed
plugin.
VRF2:
Configure one or all interface (that you want
Hi Rene,
The homegateway configuration of NAT is bit outdated. I am working on a newer
configuration.
What the old configuration doesn't account for is the split of nat plugins. In
configuration nat is setup as endpoint independent.
Current nat is split into plugins nat44-ed nat44-ei
(endpoin
Hi Rajith,
If you are not using output feature you have to configure both inside and
outside nat interfaces separately.
So got with input + output or output feature.
Output feature is not an nat interface. it is a feature that handles
configuration of both outside and inside nat interfaces and
Hi,
From the first look i can see you are not enabling deterministic plugin like
you are nat44 plugin. Secondly mixing both plugins isn't fully supported. There
could be probably some issues. I am not completely sure about your use cases
but using static mappings in this kind of scenario isn't
Hello,
Not exactly. No vrf if nat plugin means ~0 vrf (all vrf’s) so it really depends
on what vrfs are inside and outside nat interfaces placed on. There is support
for multi-tenancy in the plugin. There are though some limitations in the
plugin.
Best regards,
Filip Varga
From: vpp-dev@list
Hi Ben,
Thank you for pointing out the issue. Indeed it looks like the node runs just
once. I will provide a patch shortly.
Best regards,
Filip Varga
-Original Message-
From: vpp-dev@lists.fd.io On Behalf Of Ben McKeegan
Sent: Monday, November 1, 2021 7:24 PM
To: vpp-dev@lists.fd.io
S
Hello,
Are you on current master ?
Can you please specify configuraiton parameters APi/CLI.
Best regards,
Filip
-Original Message-
From: vpp-dev@lists.fd.io On Behalf Of S Rajkumar
Sent: Tuesday, April 27, 2021 2:03 PM
To: vpp-dev
Subject: [vpp-dev] Assertion failure: thread_index == e
correct to think that "out of ports" error is a consequence of this
limitation in number of simultaneous sessions?
Best Regars
Marcos
De: vpp-dev@lists.fd.io<mailto:vpp-dev@lists.fd.io>
mailto:vpp-dev@lists.fd.io>> Em nome de Filip Varga via
lists.fd.io
Enviada em: quinta
Hi Marcos,
Q1.
Yes exactly.
Q2.
Yes there is difference between 20.05 and master. DET44 was previously one of
the many features of NAT plugin now it is separate plugin. Still there was
never possibility to change any inner configuration of memory allocation
through API/CLI. NAT plugin was neve
out?
Best Regards
De: vpp-dev@lists.fd.io<mailto:vpp-dev@lists.fd.io>
mailto:vpp-dev@lists.fd.io>> Em nome de Filip Varga via
lists.fd.io
Enviada em: terça-feira, 6 de abril de 2021 08:00
Para: Marcos - Mgiga mailto:mar...@mgiga.com.br>>;
vpp-dev@lists.fd.io<mailto:vpp-de
Hello Marcos,
I am currently working on updating docs for all NAT plugins. These docs &
introduction should be than located in the appropriate plugin directory in
markdown file.
The wiki docs is outdated.
To use DET44 nat (it is a separate plugin now) you would have to first enable
the plugin
Hi Xuo,
That is a fair point but i don’t it should be NAT’s responsibility implementing
DoS prevention mechanisms. This would require having some sort of list of ip
addresses for all dynamic clients and that would greatly decrease performance
of NAT. This kind of protection could be achieved th
Hello,
Max translations per user is a NAT44 EI (endpoint independent) plugin concept.
EI plugin was previously mode of NAT. NAT would run either EI or ED (endpoint
dependent). If you are interested in running EI mode please use the plugin
configuration as follows:
nat44 ei enable
nat44 ei add
Hello,
For clarification i will explain how the nat is devided.
At this point NAT functionality is devided in multiple sub plugins because of
it's previous complexity and issues with it.
We have det44 and nat44 plugins that are completely separate. The whole
separation is still in progress. So
Hi,
If you are looking for option to specify exact outside translation address from
a specific pool. You should try :
nat44 add static mapping ... exact
Also supported by API.
This will give you exact address picked from pool.
Best regards,
Filip Varga
From: vpp-dev@lists.fd.io On Behalf Of
Hi Date,
Ok now i understand where you are trying to get. At this point this kind of
matching is not supported. At this point you can either get match combination
of external-host external-host-port && external external-port in out2in-only
twice-nat scenario. I will try to look into it and do s
Hi Date,
Just to verify you want something like this ?
(OUTSIDE HOST) X.X.X.X :* -> (NAT ADDRESS)Y.Y.Y.Y:8080 translated to (OUTSIDE
HOST)X.X.X.X:* -> (INSIDE HOST)Z.Z.Z.Z:5566
* outside host address should be uniquelly matched to the NAT rule for the
(NAT ADDRESS) to (INSIDE HOST) transl
Hi Date,
I would suggest looking into ED NAT out2in only translations.
Just to point out
(OUTSIDE HOST) X.X.X.X :* -> (NAT ADDRESS)Y.Y.Y.Y:8080 translated to (OUTSIDE
HOST)X.X.X.X:* -> (INSIDE HOST)Z.Z.Z.Z:5566
Let’s go with NAT in VPP
set interface nat44 in LAN out WAN
nat44 add address (NAT
Hi Joshua,
Try to run your setup on master branch with recent changes. Few weeks ago i
have moved deterministic feature out of snat plugin. Now deterministic feature
is running in it’s separate plugin. Please check det44 sub plugin. If you have
any issues feel free to write me back.
Best regar
Hi,
Yes snat plugin is still maintained but it is undergoing big refactor and
separation of features. Some of them already happend some will be done just in
a few days. If you still encounter the issue reported here in the community
feel free to provide a patch and put me on review though i hav
Hi,
I will look into it.
Best regards,
Filip
From: vpp-dev@lists.fd.io On Behalf Of Dengfeng Liu
Sent: Thursday, September 24, 2020 11:44 AM
To: vpp-dev@lists.fd.io
Subject: [vpp-dev] nat44 static mapping does not work in endpoint-dependent
mode and workers > 1
Importance: High
Dear all,
It
Hi Pack,
I am currently working on larger patch. If you need the fix as soon as possible
feel free to contribute and add me as reviewer in gerrit. I will be able to
look into it on the end of the weekend.
Best regards,
Filip
From: Pac Ette
Sent: Wednesday, September 23, 2020 7:47 PM
To: Pac E
Hi Pac,
Yes the idea is that you should be able to ping NAT outside interface from the
adjacent side of the connection. This was previously working. I will create a
ticket for the issue and look in to it shortly.
If you have any other issues with NAT please let me know.
Best regards,
Filip
Fr
Hi Pac,
Try removing from your configuration following two lines:
set interface nat44 in loop0 in loop1
set interface nat44 out wan1
Now try to ping from linux & vpp. From linux ping vpp wan interface 10.200.1.7
and from vpp linux host 10.200.1.1 (don’t forget to specify the source
interface,
Hi Nick,
The behavior you are seeing is correct. Based on specificatoin TCP sessions /
tcp ports should not get reused before transitory timeout passes. WAIT-CLOSED
means that these sessions are closed but still waiting for timeout to expire
before address and port can be reused. The are not ab
Hi Venkat,
Yes this is resolved. At this point NAT44 ED is using port overloading
algorithm with LRU list of session for reusability of the expired ones.
Best regards,
Filip Varga
From: vpp-dev@lists.fd.io On Behalf Of Venkat
Sent: Thursday, September 3, 2020 5:25 PM
To: vpp-dev@lists.fd.io
Su
Hello,
Thank you for your contribution Elias.
Best regards,
Filip
-Original Message-
From: vpp-dev@lists.fd.io On Behalf Of Elias Rudberg
Sent: Friday, March 13, 2020 3:00 PM
To: vpp-dev@lists.fd.io
Subject: [vpp-dev] NAT bugix related to in2out/out2in handoff node index
Hello,
While
Hi,
Could you please send me output of `show version` command and your NAT
configuration. There is a use case when this behavior is expected.
Best regards,
Filip
[https://www.cisco.com/c/dam/m/en_us/signaturetool/images/logo/Cisco_Logo_no_TM_Cisco_Blue-RGB_43px.png]
Filip Varga
Engineer - Softw
33 matches
Mail list logo
