Hi All,
I am trying to make NAT44 ed work for TCP/UDP traffic on my setup. My setup is
as follows
Host A, Host B <- VPP <- Host C
Host A , Host B and Host C can communicate to each other via VPP. The VPP
container has two interfaces. My current version of VPP is 22.10 . The startup
config is as follows
unix {
nodaemon
log /var/log/vpp/vpp.log
interactive
full-coredump
cli-listen /run/vpp/cli.sock
poll-sleep-usec 100
startup-config setup.tmpl
gid vpp
}
api-trace { on }
api-segment { gid vpp }
socksvr { default }
dpdk {
log-level debug
dev default {
num-rx-desc 512
num-tx-desc 512
}
# Replace PCIDEVICE once Pod is up
dev 0000:07:13.2 {
name lan
}
dev 0000:07:12.6 {
name wan1
}
dev 0000:07:13.0 {
name wan2
}
uio-driver vfio-pci
}
cpu {}
memory {
# main-heap-size 1G
# main-heap-page-size 1G
default-hugepage-size 1G
}
logging {
default-log-level debug
default-syslog-log-level debug
}
plugins {
plugin dpdk_plugin.so { enable }
plugin dhcp_plugin.so { enable }
plugin nat_plugin.so { enable }
plugin nat44_plugin.so { enable }
plugin nat44_ei_plugin.so { enable }
plugin cnat_plugin.so { enable }
plugin ping_plugin.so { enable }
plugin det44_plugin.so { enable }
plugin map_plugin.so { enable }
plugin dns_plugin.so { enable }
plugin tracedump_plugin.so { enable }
}
VPP dpdk interface IP’s
Lan : 192.168.1.x/24
Wan1 : 10.x.x.x/24
Wan2 : 10.x.x.x/24
Host C has interface with IP : 192.168.1.20/24. Iperf3 is run on Host C as
server and on Host A as a client
My NAT configuration is as follows
nat44 plugin enable sessions 63000
nat44 forwarding enable
set nat timeout udp 300 tcp-established 7440 tcp-transitory 240 icmp 60
nat mss-clamping 1452
set interface nat44 in lan
set interface nat44 out wan1 output-feature
set interface nat44 out wan2 output-feature
nat44 add static mapping tcp local 192.168.1.20 external 4.4.4.4
However when I look at my nat44 sessions I don’t see any re-writes happening.
The rules don’t get applied. The same works for ICMP traffic but not for UDP or
TCP . Also I see a lot of garbage data coming in. Below as an example of nat44
session I see for tcp traffic
NAT44 ED sessions:
-------- thread 0 vpp_main: 2 sessions --------
i2o 192.168.1.20 proto TCP port 5201 fib 0
o2i 192.168.1.20 proto TCP port 5201 fib 0
external host 10.197.61.30:33702
i2o flow: match: saddr 192.168.1.20 sport 5201 daddr 10.197.61.30 dport
33702 proto TCP fib_idx 0 rewrite: txfib 0
o2i flow: match: saddr 0.0.0.0 sport 0 daddr 0.0.0.0 dport 0 proto
IP6_HOP_BY_HOP_OPTIONS fib_idx 0
index 0
last heard 216.03
timeout in 239.92
total pkts 43, total bytes 2148
dynamic translation
forwarding-bypass
i2o 192.168.1.20 proto TCP port 5201 fib 0
o2i 192.168.1.20 proto TCP port 5201 fib 0
external host 10.197.61.30:33704
i2o flow: match: saddr 192.168.1.20 sport 5201 daddr 10.197.61.30 dport
33704 proto TCP fib_idx 0 rewrite: txfib 0
o2i flow: match: saddr 0.0.0.0 sport 0 daddr 0.0.0.0 dport 0 proto
IP6_HOP_BY_HOP_OPTIONS fib_idx 0
index 1
last heard 215.95
timeout in 239.83
total pkts 5395516, total bytes 21042010
dynamic translation
forwarding-bypass
Below is output of nat44 summary
vpp# show nat44 summary
max translations per thread: 63000 fib 0
transitory tcp LRU min session timeout 455 (now 262)
total sessions: 2 (timed out: 0)
tcp sessions:
total: 2 (timed out: 0)
established: 0 (timed out: 0)
transitory: 2 (timed out: 0)
udp sessions:
total: 0 (timed out: 0)
icmp sessions:
total: 0 (timed out: 0)
other sessions:
total: 0 (timed out: 0)
Please do let me know what I am missing.
Regards,
Ashwini Kadam
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#21779): https://lists.fd.io/g/vpp-dev/message/21779
Mute This Topic: https://lists.fd.io/mt/92906473/21656
Group Owner: vpp-dev+ow...@lists.fd.io
Unsubscribe: https://lists.fd.io/g/vpp-dev/leave/1480452/21656/631435203/xyzzy
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-
