Hi Ashwini,
I will look into your issue. But for reference I would advise against using
a combination of inside interface and output-feature.
OUTPUT-FEATURE or in other words output interface already contains
nat44-inside node. Output-feature does postrouting - after ip4-lookup node
decides which interface the packet is supposed to go to - in your config it
would be wan1 or wan2 then the translation occurs. Either use combination
of
nat44 in lan
nat44 out wan1
nat44 out wan2
or
nat44 out wan1 output-feature
nat44 out wan2 output-feature
.
The CLI is not very user friendly. Specifically in configuring
output-feature because it looks like you are actually configuring the
outside interface but you are not; instead the wan1 or wan2 contain both
nat44 inside (output-feature) and nat44 outside nodes.
I will do some testing and get back to you.
Best regards,
Filip Varga
ut 9. 8. 2022 o 2:49 Ashwini Kadam <a.ka...@cablelabs.com> napísal(a):
> Hi All,
>
>
>
> I am trying to make NAT44 ed work for TCP/UDP traffic on my setup. My
> setup is as follows
>
>
>
> Host A, Host B <- VPP <- Host C
>
>
>
> Host A , Host B and Host C can communicate to each other via VPP. The VPP
> container has two interfaces. My current version of VPP is 22.10 . The
> startup config is as follows
>
>
>
> unix {
>
> nodaemon
>
> log /var/log/vpp/vpp.log
>
> interactive
>
> full-coredump
>
> cli-listen /run/vpp/cli.sock
>
> poll-sleep-usec 100
>
> startup-config setup.tmpl
>
> gid vpp
>
> }
>
> api-trace { on }
>
> api-segment { gid vpp }
>
> socksvr { default }
>
> dpdk {
>
> log-level debug
>
> dev default {
>
> num-rx-desc 512
>
> num-tx-desc 512
>
> }
>
> # Replace PCIDEVICE once Pod is up
>
> dev 0000:07:13.2 {
>
> name lan
>
> }
>
> dev 0000:07:12.6 {
>
> name wan1
>
> }
>
> dev 0000:07:13.0 {
>
> name wan2
>
> }
>
> uio-driver vfio-pci
>
> }
>
> cpu {}
>
> memory {
>
> # main-heap-size 1G
>
> # main-heap-page-size 1G
>
> default-hugepage-size 1G
>
> }
>
> logging {
>
> default-log-level debug
>
> default-syslog-log-level debug
>
> }
>
>
>
> plugins {
>
>
>
> plugin dpdk_plugin.so { enable }
>
> plugin dhcp_plugin.so { enable }
>
> plugin nat_plugin.so { enable }
>
> plugin nat44_plugin.so { enable }
>
> plugin nat44_ei_plugin.so { enable }
>
> plugin cnat_plugin.so { enable }
>
> plugin ping_plugin.so { enable }
>
> plugin det44_plugin.so { enable }
>
> plugin map_plugin.so { enable }
>
> plugin dns_plugin.so { enable }
>
> plugin tracedump_plugin.so { enable }
>
> }
>
>
>
>
>
>
>
>
>
>
>
> VPP dpdk interface IP’s
>
>
>
> Lan : 192.168.1.x/24
>
> Wan1 : 10.x.x.x/24
>
> Wan2 : 10.x.x.x/24
>
>
>
> Host C has interface with IP : 192.168.1.20/24. Iperf3 is run on Host C
> as server and on Host A as a client
>
> My NAT configuration is as follows
>
>
>
> nat44 plugin enable sessions 63000
>
> nat44 forwarding enable
>
> set nat timeout udp 300 tcp-established 7440 tcp-transitory 240 icmp 60
>
> nat mss-clamping 1452
>
> set interface nat44 in lan
>
> set interface nat44 out wan1 output-feature
>
> set interface nat44 out wan2 output-feature
>
> nat44 add static mapping tcp local 192.168.1.20 external 4.4.4.4
>
>
>
>
>
> However when I look at my nat44 sessions I don’t see any re-writes
> happening. The rules don’t get applied. The same works for ICMP traffic but
> not for UDP or TCP . Also I see a lot of garbage data coming in. Below as
> an example of nat44 session I see for tcp traffic
>
>
>
> NAT44 ED sessions:
>
> -------- thread 0 vpp_main: 2 sessions --------
>
> i2o 192.168.1.20 proto TCP port 5201 fib 0
>
> o2i 192.168.1.20 proto TCP port 5201 fib 0
>
> external host 10.197.61.30:33702
>
> i2o flow: match: saddr 192.168.1.20 sport 5201 daddr 10.197.61.30
> dport 33702 proto TCP fib_idx 0 rewrite: txfib 0
>
> o2i flow: match: saddr 0.0.0.0 sport 0 daddr 0.0.0.0 dport 0 proto
> IP6_HOP_BY_HOP_OPTIONS fib_idx 0
>
> index 0
>
> last heard 216.03
>
> timeout in 239.92
>
> total pkts 43, total bytes 2148
>
> dynamic translation
>
> forwarding-bypass
>
>
>
> i2o 192.168.1.20 proto TCP port 5201 fib 0
>
> o2i 192.168.1.20 proto TCP port 5201 fib 0
>
> external host 10.197.61.30:33704
>
> i2o flow: match: saddr 192.168.1.20 sport 5201 daddr 10.197.61.30
> dport 33704 proto TCP fib_idx 0 rewrite: txfib 0
>
> o2i flow: match: saddr 0.0.0.0 sport 0 daddr 0.0.0.0 dport 0 proto
> IP6_HOP_BY_HOP_OPTIONS fib_idx 0
>
> index 1
>
> last heard 215.95
>
> timeout in 239.83
>
> total pkts 5395516, total bytes 21042010
>
> dynamic translation
>
> forwarding-bypass
>
>
>
> Below is output of nat44 summary
>
>
>
> vpp# show nat44 summary
>
> max translations per thread: 63000 fib 0
>
> transitory tcp LRU min session timeout 455 (now 262)
>
> total sessions: 2 (timed out: 0)
>
> tcp sessions:
>
> total: 2 (timed out: 0)
>
> established: 0 (timed out: 0)
>
> transitory: 2 (timed out: 0)
>
> udp sessions:
>
> total: 0 (timed out: 0)
>
> icmp sessions:
>
> total: 0 (timed out: 0)
>
> other sessions:
>
> total: 0 (timed out: 0)
>
>
>
> Please do let me know what I am missing.
>
>
>
> Regards,
>
> Ashwini Kadam
>
>
>
>
>
>
>
>
>
>
>
>
>
>
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#21782): https://lists.fd.io/g/vpp-dev/message/21782
Mute This Topic: https://lists.fd.io/mt/92906473/21656
Group Owner: vpp-dev+ow...@lists.fd.io
Unsubscribe: https://lists.fd.io/g/vpp-dev/leave/1480452/21656/631435203/xyzzy
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-
