Hi, I will do some testing and let you know.
For now: There is one solution you can try at this moment: 1. configure both interfaces as inside (management traffic and business traffic) 2. configure G0 as outside interface 3. enable forwarding 4. add G0 as nat interface address 5. add static mappings for management IP addresses The problem here is that when an interface is configured as outside all incomming traffic to G0 (reply to outgoing traffic from business traffic) get’s dropped because of default DENY policy. This is not yet configurable but it will be in a near future. Best regards, Filip From: vpp-dev@lists.fd.io <vpp-dev@lists.fd.io> On Behalf Of haiyan...@ilinkall.cn Sent: Monday, March 14, 2022 10:34 PM To: Filip Varga -X (fivarga - PANTHEON TECH SRO at Cisco) <fiva...@cisco.com>; vpp-dev <vpp-dev@lists.fd.io> Subject: Re: [vpp-dev] about in/out arguments in "set interface nat44 .."command Importance: High Hi Filip, There are two kinds of traffic in my test. one is managing traffic, which will comes into vpp only from a tap interfaces, for example tap's ip address is 10.10.1.1/24. we need these traffic to do snat and out from G0 one is business traffic, which are gererated interlanfrom vpp, these traffic will not do snat and out from G0 Both the two kinds of traffic share the same outside interface G0 which could access the internet. I have tried: 1. seperate managing traffic into different vrf, ... 2. add static mapping for local 10.10.1.x/24 external <G0's ip>, ... but both did not work. can vpp achieve this goal? any suggestions will be appreciated. ________________________________ haiyan...@ilinkall.cn<mailto:haiyan...@ilinkall.cn> From: Filip Varga -X (fivarga - PANTHEON TECH SRO at Cisco)<mailto:fiva...@cisco.com> Date: 2022-03-12 02:27 To: haiyan...@ilinkall.cn<mailto:haiyan...@ilinkall.cn>; vpp-dev<mailto:vpp-dev@lists.fd.io> Subject: RE: [vpp-dev] about in/out arguments in "set interface nat44 .."command Hi Haiyan, Can you please be more specific. For example what other traffic except from interface A and B will be passing (are there other interfaces involved) ? Using nat44-ed forwarding is a bit tricky. It let’s pass traffic without translation if a preexisting session isn’t found so this would mean only static mapping get’s translated. Forwarding feature is used for specific purposes when in mixed environments you have A configured as inside and also outside and B configured as inside and outside also. Best regards, Filip Varga From: vpp-dev@lists.fd.io<mailto:vpp-dev@lists.fd.io> <vpp-dev@lists.fd.io<mailto:vpp-dev@lists.fd.io>> On Behalf Of haiyan...@ilinkall.cn<mailto:haiyan...@ilinkall.cn> Sent: Thursday, March 10, 2022 12:54 AM To: vpp-dev <vpp-dev@lists.fd.io<mailto:vpp-dev@lists.fd.io>> Subject: [vpp-dev] about in/out arguments in "set interface nat44 .."command Dear all if only want traffic from interface A to interface B done with nat44, others will be directly out from interface B, is this possible? I did the following command in vpp, but did not work nat44 forwarding enable nat44 add address <B'ip> set interface nat44 in A out B Thanks ________________________________ haiyan...@ilinkall.cn<mailto:haiyan...@ilinkall.cn>
-=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#21030): https://lists.fd.io/g/vpp-dev/message/21030 Mute This Topic: https://lists.fd.io/mt/89682456/21656 Group Owner: vpp-dev+ow...@lists.fd.io Unsubscribe: https://lists.fd.io/g/vpp-dev/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
