Hello group, This might be best answered by Matus since it regards NAT, but I'll throw it out there for the whole group.
The endpoint-dependent feature of the NAT plugin – Endpoint address AND port dependent I presume from the 6-tuple description of it – allows us to map the same internal source IP and port to the same external IP when targeting a certain past destination IP AND port, correct? My concern is more of the situations where services initially create a connection to one endpoint address, and then create another session to another endpoint address, expecting the same source address to match the client. Client opens a connection to endpoint X using external IP A, which proceeds to instruct client to open a session to endpoint Y, both endpoints share the same backend and expect the client to have IP A but since it's a new session and we're doing dynamic NAT, the client ends up with external IP B, breaking the chain. Many services depend on this. The idea is that when a new NAT source IP is seen, that we reserve a certain number of internal ports for that IP to the same number of external ports on a single IP, so all connections originating from that NAT source IP will always have the same external IP, thus allowing for endpoint services to not lose track of client due to IP mismatch, which breaks service. This differs from deterministic NAT in that we don't preallocate entire subnets and match them to external addresses from the start, but rather only individual adresses when needed. Is this feature reasoning sound, or is there a better solution suggested?
-=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#11637): https://lists.fd.io/g/vpp-dev/message/11637 Mute This Topic: https://lists.fd.io/mt/28785710/21656 Group Owner: vpp-dev+ow...@lists.fd.io Unsubscribe: https://lists.fd.io/g/vpp-dev/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
