Hi, I've added support to the NAT plugin for Paired-Address-Pooling (PAP) and wanted to see if there is interest for me to submit it as a patch for review?
The changes modify the behaviour of user creation, address allocation, and address management. Fundamentally it pairs a NAT user with an external IP when the user is created. The plugin will then only hand out ports within that external IP to that NAT user. The ceiling for max translations is overridden by (ports per IP / max_users_per_IP), but one can manually set a lower number of max translations. The max number of users per external IP is also configurable. When a new user is seen, the system will pick the external IP with the lowest number of paired addresses. This ensures that if we have a lot of external addresses, we spread usage across them. I've so far tested this in a lab with a few thousand simulated clients and it has worked as intended. This fixes issues for services that require all user connections to originate from the same source IP otherwise authentication breaks, such as banks. Sincerely, John
-=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#12446): https://lists.fd.io/g/vpp-dev/message/12446 Mute This Topic: https://lists.fd.io/mt/30286653/21656 Group Owner: vpp-dev+ow...@lists.fd.io Unsubscribe: https://lists.fd.io/g/vpp-dev/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
