Hi Jon, comments inline,
Matus From: Jon Loeliger [mailto:j...@netgate.com] Sent: Monday, February 20, 2017 9:14 PM To: Matus Fabian -X (matfabia - PANTHEON TECHNOLOGIES at Cisco) <matfa...@cisco.com> Cc: vpp-dev <vpp-dev@lists.fd.io> Subject: Re: [vpp-dev] SNAT API Question Hi Matus, Thanks for your answers here. On Sat, Feb 18, 2017 at 12:36 AM, Matus Fabian -X (matfabia - PANTHEON TECHNOLOGIES at Cisco) <matfa...@cisco.com<mailto:matfa...@cisco.com>> wrote: If external_sw_if_index value is ~0 (-1) external_ip_address is ussed from API (snat.c line 363). OK, I see that in the code, but it is nowhere described in the API itself. That is my issue here. Magic values like this *are* part of the API as they will affect changes on the VPP-side of the API interface. snat_add_address_range – add address range to SNAT address pool snat_add_del_interface_addr – add address of the interface to SNAT address pool (address is added/removed automatically when interface address is changed by configuration or DHCP) So one could use either or both, as they wish? [mf:] yes you could use both I guess I'm having a bit of hard time trying to figure out what the canonical API call sequence would be to set up various useful and standard NAT situations. Yes, I've read the Wiki page; No it isn't clear on the proper, expected sequence of the API calls. [mf:] I can add something like this to wiki, please provide some example NAT situations How does those API sequences change for the different values of the config variables "static_mapping_only" and "static_mapping_connection_tracking"? [mf:] in both cases only static mappings (1:1 NAT) are enabled, static_mapping_only do not create dynamic state data (no session data, so packets for specific user can be processed on each worker thread otherwise user’s traffic is processed always by same worker) just only translate packets based on configured static mappings, second mode create session data And on that note -- How do you change the value of those config varaibles at run time? I know how to alter the config file and re-read them in VAT. I'm not using VAT. I'm writing a totally different system. Can those values be changed at run-time? There is no API to do so, so at this point in time the answer must be "no." Is it expected that the sequence to change these configuration values at run time is to: 1) Stop VPP, 2) write a new config file with the new desired values, 3) restart VPP? That seems bad to me. [mf:] You can’t switch between SNAT modes at run-time. I think this is not something you need to change at runtime and at the moment there is no plan to do it at runtime using API. I think 1024 is not significant, it's just a warning that you add a lot of addresses to SNAT address pool, it was here before I started work on SNAT plugin. Well, 1024 is arbitrary. Who is to say that I don't need 2048 and don't care about the warning in my environment? To be clear, I'm not blaming you (Matus), or anyone for that matter. I'm merely pointing out that it is an arbitrary and undocumented limit in the current system. Matus Thanks, jdl
_______________________________________________ vpp-dev mailing list vpp-dev@lists.fd.io https://lists.fd.io/mailman/listinfo/vpp-dev
