Hi, I will do some testing and let you know.
For now: There is one solution you can try at this moment: 1. configure both interfaces as inside (management traffic and business traffic) 2. configure G0 as outside interface 3. enable forwarding 4. add G0 as nat interface address 5. add static mappings for management IP addresses The problem here is that when an interface is configured as outside all incomming traffic to G0 (reply to outgoing traffic from business traffic) get’s dropped because of default DENY policy. This is not yet configurable but it will be in a near future. Best regards, Filip From: [email protected] <[email protected]> On Behalf Of [email protected] Sent: Monday, March 14, 2022 10:34 PM To: Filip Varga -X (fivarga - PANTHEON TECH SRO at Cisco) <[email protected]>; vpp-dev <[email protected]> Subject: Re: [vpp-dev] about in/out arguments in "set interface nat44 .."command Importance: High Hi Filip, There are two kinds of traffic in my test. one is managing traffic, which will comes into vpp only from a tap interfaces, for example tap's ip address is 10.10.1.1/24. we need these traffic to do snat and out from G0 one is business traffic, which are gererated interlanfrom vpp, these traffic will not do snat and out from G0 Both the two kinds of traffic share the same outside interface G0 which could access the internet. I have tried: 1. seperate managing traffic into different vrf, ... 2. add static mapping for local 10.10.1.x/24 external <G0's ip>, ... but both did not work. can vpp achieve this goal? any suggestions will be appreciated. ________________________________ [email protected]<mailto:[email protected]> From: Filip Varga -X (fivarga - PANTHEON TECH SRO at Cisco)<mailto:[email protected]> Date: 2022-03-12 02:27 To: [email protected]<mailto:[email protected]>; vpp-dev<mailto:[email protected]> Subject: RE: [vpp-dev] about in/out arguments in "set interface nat44 .."command Hi Haiyan, Can you please be more specific. For example what other traffic except from interface A and B will be passing (are there other interfaces involved) ? Using nat44-ed forwarding is a bit tricky. It let’s pass traffic without translation if a preexisting session isn’t found so this would mean only static mapping get’s translated. Forwarding feature is used for specific purposes when in mixed environments you have A configured as inside and also outside and B configured as inside and outside also. Best regards, Filip Varga From: [email protected]<mailto:[email protected]> <[email protected]<mailto:[email protected]>> On Behalf Of [email protected]<mailto:[email protected]> Sent: Thursday, March 10, 2022 12:54 AM To: vpp-dev <[email protected]<mailto:[email protected]>> Subject: [vpp-dev] about in/out arguments in "set interface nat44 .."command Dear all if only want traffic from interface A to interface B done with nat44, others will be directly out from interface B, is this possible? I did the following command in vpp, but did not work nat44 forwarding enable nat44 add address <B'ip> set interface nat44 in A out B Thanks ________________________________ [email protected]<mailto:[email protected]>
-=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#21030): https://lists.fd.io/g/vpp-dev/message/21030 Mute This Topic: https://lists.fd.io/mt/89682456/21656 Group Owner: [email protected] Unsubscribe: https://lists.fd.io/g/vpp-dev/unsub [[email protected]] -=-=-=-=-=-=-=-=-=-=-=-
