Hi Ole, Filip, Klement, Neale, John, Steven, &Community,
I have a demand about snat. With in a vpc, different subnets need use
different snat ip to the internet, but the vpp snat feature now do not support
snat ip bind to specific subnets. I have two ideas to resolve this:
1. modify and develop
Hi John & Everyone & Community,
In my scene, it is the demand to put multiple subnets in one BD. A few days
ago, I have found the other proper idea to implement the demand mentioned in
the mail subject and original mail.
This problem and mail can be close now.
Have a nice day, everybody!
Tha
Hi Li,
There are few errors in your statement.
1) SNAT - is an obsolete name for the old nat plugin.
2) NAT is split among multiple plugins
3) one of the plugins - nat44-ed (the most used and preferred) does support
all of the things you have mentioned
Please feel free to search in the community
Hi Filip,
Sorry, I didn’t state the demands clearly. My demand is to let a nat ip address
just only work for specific src network prefix in a vpc, the nat sessions using
the nat ip address will be created only when the i2o packets’s src ip matches
the specific network prefix in the vpc.
1) I sa
Hi Li,
Yes, try to search one of my mail accounts (current/previous) for example
fiva...@cisco.com, filipvarg...@gmail.com or my name.
If you are looking for a feature that does ACL matching based on source
address you should try to look in different implementations of nat44, there
are more then o
Hi Filip,
I have searched your mail accounts, and didn’t find any acl configuration used
with nat44. Do you mean use acl with nat44 address to achive to my target
creating nat sessions based packet’s source ip's network?
How about multi nat addresses respectively used for multi-subnets in a vr
Hi Li,
NAT44-ED doesn't support ACL. There are other NAT plugins in VPP. For
example PNAT uses ACL rules. You should go through all of the options there
are and pick the correct NAT flavor that will suffice.
Well your option is to do following:
1)
# lan1 interface belongs to vrf1
# lan2 interfa
Hi Filip,
Thanks very much for your detailed instructions and configuration examples. I
will try this method later on.
Another question about nat, is there any support for new nat session rate limit
in vpp?
Thanks & Regards,
Huawei LI
> 2022年10月28日 01:22,filvarga 写道:
>
> Hi Li,
>
> NAT44
Hi Li,
What exactly do you mean by "new nat session rate limit" ? There is no
session rate limiting in the classical flavours of nat
(nat44-ed,nat44-ei,det44,nat64,nat66)
Best regards,
Filip Varga
pi 28. 10. 2022 o 3:09 lihuawei napísal(a):
> Hi Filip,
>
> Thanks very much for your detailed i
Hi Filip,
Yes, it’s "session rate limiting" what I mean.
Does community have any plan about "session rate limiting" in the classical
flavours of nat?
Thanks & Regards,
Huawei LI
> 2022年10月28日 21:20,filvarga 写道:
>
> Hi Li,
>
> What exactly do you mean by "new nat session rate limit" ? There
Hi, Li
There is no such goal. It would’t be good idea to put rate limiting
directly into NAT. For many good reasons.
Much better solution would be to implement a new rate limiting plugin.
If you need such a functionality feel free to contribute.
Best regards
On Fri, 28 Oct 2022 at 18:35, lihua
Hi Filip,
I have tried to use extra vrf for routing the nat packets in my nat traffic
scenario, it worked good, just caused a little bit of a problem and could be
circumvented. I also tried the other way to add network prefix member in struct
snat_address_t, it worked well too, and this method
Hi Li,
Glad to help.
Best regards,
Filip
On Mon, 31 Oct 2022 at 16:52, lihuawei wrote:
> Hi Filip,
>
> I have tried to use extra vrf for routing the nat packets in my nat
> traffic scenario, it worked good, just caused a little bit of a problem
> and could be circumvented. I also tried the ot
Hi Filip & community,
About the rate limiting with NAT session, does anyone have recommended
reference?
Best regards,
Huawei LI
> 2022年10月29日 04:14,filvarga 写道:
>
> Hi, Li
>
> There is no such goal. It would’t be good idea to put rate limiting directly
> into NAT. For many good reasons.
>
Hi Li,
I would suggest looking into session logic implementation of NAT44-ED and
also into ACLs in VPP. The way to go would be to create a plugin that has
late limiting nodes.
Now you have two options on how to rate limit:
1) based on interface(s) - the more straightforward and easy to implement
Hi Filip,
Thanks for your suggestion, I will take into account all these.
Best regards,
Huawei LI
> 2022年11月1日 01:26,filvarga 写道:
>
> Hi Li,
>
> I would suggest looking into session logic implementation of NAT44-ED and
> also into ACLs in VPP. The way to go would be to create a plugin that h
Hi Filip,
how about using token bucket to create a feature that has late limiting nodes?
Best regards,
Huawei LI
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#22176): https://lists.fd.io/g/vpp-dev/message/22176
Mute This Topic: https://lists.fd.i
17 matches
Mail list logo