So sorry for my formatting...
"Machine A" 1.1.2.10/24 with default route 1.1.2.1
"VPP host" (linux machine) 1.1.1.10/24 with static route 1.1.2.0/24 via 1.1.1.1
On VPP side GigabitEthernet2/0/0 with ip 1.1.2.1/24 looking to Machine "A",
tap-0 with ip 1.1.1.1/24 looking to "VPP host", and GigabitEthernet2/0/1.871
with 2.2.2.2/24 looking to Internet
# cat /etc/vpp/startup.confunix {
nodaemon
log /tmp/vpp.log
full-coredump
cli-listen localhost:5002
exec /etc/vpp/111
} dpdk {
dev 0000:02:00.0
dev 0000:02:00.1
}
snat {
translation hash buckets 20971520
translation hash memory 1073741824
user hash buckets 12288
user hash memory 20971520
max translations per user 50000
}
api-trace {
on
} api-segment {
gid vpp
}
# cat /etc/vpp/111create sub-interfaces GigabitEthernet2/0/1 871
set int state GigabitEthernet2/0/1 up
set int state GigabitEthernet2/0/0 up
set int state GigabitEthernet2/0/1.871 up
set int ip address GigabitEthernet2/0/1.871 2.2.2.2/24
set int ip address GigabitEthernet2/0/0 1.1.2.1/24
set int snat out GigabitEthernet2/0/1.871
ip route add 0.0.0.0/0 via 2.2.2.1 GigabitEthernet2/0/1.871
set int snat in GigabitEthernet2/0/0 out GigabitEthernet2/0/1.871
snat add address 2.2.2.3
tap connect vppctl
set int state tap-0 up
set int ip address tap-0 1.1.1.1/24
With this configuration SNAT working very good from Machine A, but i cannot
ping from Machine A (1.1.2.10) to VPP host (1.1.1.10).
When i delete only one rule set int snat in GigabitEthernet2/0/0 out
GigabitEthernet2/0/1.871 then i can ping VPP host, but SNAT lost.
How to get working both SNAT and SSH via tap device?
I can send additional information if needed. Thank you for your help!
--
Yours sincerely,
Denis Lotarev
________________________________
From: Denis Lotarev <[email protected]>
To: "[email protected]" <[email protected]>
Sent: Tuesday, January 24, 2017 5:01 PM
Subject: SNAT and tap for SSH problem
Hi all!
I have a problem when SNAT enable on VPP side.
"Machine A" 1.1.2.10/24 with default route 10.2.1.1
"VPP host" (linux machine) 1.1.1.10/24 with static route 1.1.2.0/24 via 1.1.1.1
On VPP side GigabitEthernet2/0/0 with ip 1.1.2.1/24 looking to Machine "A",
tap-0 with ip 1.1.1.1/24 looking to "VPP host", and GigabitEthernet2/0/1.871
with 2.2.2.2/24 looking to Internet
# cat /etc/vpp/startup.conf
unix {
nodaemon
log /tmp/vpp.log
full-coredump
cli-listen localhost:5002
exec /etc/vpp/111
}
dpdk {
dev 0000:02:00.0
dev 0000:02:00.1
}
snat {
translation hash buckets 20971520
translation hash memory 1073741824
user hash buckets 12288
user hash memory 20971520
max translations per user 50000
}
api-trace {
on
}
api-segment {
gid vpp
}
# cat /etc/vpp/111
create sub-interfaces GigabitEthernet2/0/1 871
set int state GigabitEthernet2/0/1 up
set int state GigabitEthernet2/0/0 up
set int state GigabitEthernet2/0/1.871 up
set int ip address GigabitEthernet2/0/1.871 2.2.2.2/24
set int ip address GigabitEthernet2/0/0 1.1.2.1/24
set int snat out GigabitEthernet2/0/1.871
ip route add 0.0.0.0/0 via 2.2.2.1 GigabitEthernet2/0/1.871
set int snat in GigabitEthernet2/0/0 out GigabitEthernet2/0/1.871
snat add address 2.2.2.3
tap connect vppctl
set int state tap-0 up
set int ip address tap-0 1.1.1.1/24
With this configuration SNAT working very good from Machine A, but i cannot
ping from Machine A (1.1.2.10) to VPP host (1.1.1.10).
When i delete only one rule set int snat in GigabitEthernet2/0/0 out
GigabitEthernet2/0/1.871 then i can ping VPP host, but SNAT lost.
How to get working both SNAT and SSH via tap device?
I can send additional information if needed.
Thank you for your help!
--
Yours sincerely,
Denis Lotarev
_______________________________________________
vpp-dev mailing list
[email protected]
https://lists.fd.io/mailman/listinfo/vpp-dev
