Hi Ole, we have a bridge(loop0) with a private ip say 192.168.100.2/24. a TAP is also connected to this bridge and other end of TAP is on host side.
we have one physical interface connected to another bridge (loop1) with outside network ip of say 192.168.10.1/24 and a GRE tunnel is created having source as 192.168.10.1. Host has requirement to initiate sessions(tcp/udp) to outside network. so we have applied NAT as below. nat44 add interface address loop1 set interface nat44 in loop0 out loop1 with this host can initiate session with outside network and SNAT works fine. But GRE does not work. we looked into traces and found that packet comming to GRE tunnels are getting dropped with trace showing "unknown protocol". if we enable forwarding then GRE packets are getting forwarded to destination but now host is not able to initiate session to outside network because SNAT stops -Shahid. On Wed, Apr 10, 2019 at 2:33 PM Ole Troan <otr...@employees.org> wrote: > Hi Shahid, > > What are you trying to achieve? > https://wiki.fd.io/view/VPP/NAT#Enable_or_disable_forwarding > > You do not typically enable the “forwarding” feature. > > Cheers, > Ole > > > On 8 Apr 2019, at 07:52, Shahid Khan <shahidnasimk...@gmail.com> wrote: > > > > can someone look into below query ? > > > > -Shahid. > > > > On Wed, Apr 3, 2019 at 12:56 PM Shahid Khan via Lists.Fd.Io > <shahidnasimkhan=gmail....@lists.fd.io> wrote: > > Hi, > > > > can someone help us on below query ? > > > > -Shahid. > > > > On Mon, Apr 1, 2019 at 11:45 AM Shahid Khan via Lists.Fd.Io > <shahidnasimkhan=gmail....@lists.fd.io> wrote: > > > > I have following query related to SNAT on VPP Release 19.0.1.02 > > > > following is the code from vpp/src/plugins/nat/in2out.c > > > > static inline int > > snat_not_translate (snat_main_t * sm, vlib_node_runtime_t * node, > > u32 sw_if_index0, ip4_header_t * ip0, u32 proto0, > > u32 rx_fib_index0, u32 thread_index) > > { > > udp_header_t *udp0 = ip4_next_header (ip0); > > snat_session_key_t key0, sm0; > > clib_bihash_kv_8_8_t kv0, value0; > > > > key0.addr = ip0->dst_address; > > key0.port = udp0->dst_port; > > key0.protocol = proto0; > > key0.fib_index = sm->outside_fib_index; > > kv0.key = key0.as_u64; > > > > /* NAT packet aimed at external address if */ > > /* has active sessions */ > > if (clib_bihash_search_8_8 (&sm->per_thread_data[thread_index].out2in, > &kv0, > > &value0)) > > { > > /* or is static mappings */ > > if (!snat_static_mapping_match (sm, key0, &sm0, 1, 0, 0, 0, 0, 0)) > > return 0; > > } > > else > > return 0; > > > > if (sm->forwarding_enabled) > > return 1; > > > > > > return snat_not_translate_fast (sm, node, sw_if_index0, ip0, proto0, > > rx_fib_index0); > > } > > > > want to understand why above highlighted condition is there in code ? > > > > this is causing SNAT to stop working the moment we enable forwarding. > > what will be impact we comment this condition ? > > > > -Shahid. > > > > > > > > > > > > > > > > -=-=-=-=-=-=-=-=-=-=-=- > > Links: You receive all messages sent to this group. > > > > View/Reply Online (#12680): https://lists.fd.io/g/vpp-dev/message/12680 > > Mute This Topic: https://lists.fd.io/mt/30851776/1713129 > > Group Owner: vpp-dev+ow...@lists.fd.io > > Unsubscribe: https://lists.fd.io/g/vpp-dev/unsub [ > shahidnasimk...@gmail.com] > > -=-=-=-=-=-=-=-=-=-=-=- > > -=-=-=-=-=-=-=-=-=-=-=- > > Links: You receive all messages sent to this group. > > > > View/Reply Online (#12691): https://lists.fd.io/g/vpp-dev/message/12691 > > Mute This Topic: https://lists.fd.io/mt/30851776/1713129 > > Group Owner: vpp-dev+ow...@lists.fd.io > > Unsubscribe: https://lists.fd.io/g/vpp-dev/unsub [ > shahidnasimk...@gmail.com] > > -=-=-=-=-=-=-=-=-=-=-=- > > -=-=-=-=-=-=-=-=-=-=-=- > > Links: You receive all messages sent to this group. > > > > View/Reply Online (#12723): https://lists.fd.io/g/vpp-dev/message/12723 > > Mute This Topic: https://lists.fd.io/mt/30851776/675193 > > Group Owner: vpp-dev+ow...@lists.fd.io > > Unsubscribe: https://lists.fd.io/g/vpp-dev/unsub [otr...@employees.org] > > -=-=-=-=-=-=-=-=-=-=-=- > >
-=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#12743): https://lists.fd.io/g/vpp-dev/message/12743 Mute This Topic: https://lists.fd.io/mt/30851776/21656 Group Owner: vpp-dev+ow...@lists.fd.io Unsubscribe: https://lists.fd.io/g/vpp-dev/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
