Hi Filip,
I did try your recommendations . Updated NAT config to as below
Test Case 1
nat44 plugin enable sessions 63000
nat44 forwarding enable
set nat timeout udp 3000 tcp-established 7440 tcp-transitory 2400 icmp 600
set interface nat44 in lan
set interface nat44 out wan1
set interface nat44 out wan2
nat44 add static mapping tcp local 192.168.1.20 external 4.4.4.4
Test Case 2
nat44 plugin enable sessions 63000
nat44 forwarding enable
set nat timeout udp 3000 tcp-established 7440 tcp-transitory 2400 icmp 600
set interface nat44 out wan1 output-feature
set interface nat44 out wan2 output-feature
nat44 add static mapping tcp local 192.168.1.20 external 4.4.4.4
However in both cases i see the same result as below
vpp# show nat44 sessions
NAT44 ED sessions:
-------- thread 0 vpp_main: 2 sessions --------
i2o 192.168.1.20 proto TCP port 5201 fib 0
o2i 192.168.1.20 proto TCP port 5201 fib 0
external host 10.197.61.30:42280
i2o flow: match: saddr 192.168.1.20 sport 5201 daddr 10.197.61.30 dport 42280
proto TCP fib_idx 0 rewrite: txfib 0
o2i flow: match: saddr 0.0.0.0 sport 0 daddr 0.0.0.0 dport 0 proto
IP6_HOP_BY_HOP_OPTIONS fib_idx 0
index 0
last heard 287.92
timeout in 2396.83
total pkts 30, total bytes 985
dynamic translation
forwarding-bypass
i2o 192.168.1.20 proto TCP port 5201 fib 0
o2i 192.168.1.20 proto TCP port 5201 fib 0
external host 10.197.61.30:42284
i2o flow: match: saddr 192.168.1.20 sport 5201 daddr 10.197.61.30 dport 42284
proto TCP fib_idx 0 rewrite: txfib 0
o2i flow: match: saddr 0.0.0.0 sport 0 daddr 0.0.0.0 dport 0 proto
IP6_HOP_BY_HOP_OPTIONS fib_idx 0
index 1
last heard 287.84
timeout in 2396.75
total pkts 4720516, total bytes 5249440
dynamic translation
forwarding-bypass
The other thing I noticed was the output says dynamic translations instead of
static translations.
In ICMP nat44 sessions i can see that it shows static translations. Below is an
ICMP NAT44 session
vpp# show nat44 sessions
NAT44 ED sessions:
-------- thread 0 vpp_main: 1 sessions --------
i2o 192.168.1.20 proto ICMP port 141 fib 0
o2i 4.4.4.4 proto ICMP port 141 fib 0
external host 10.197.61.30:141
i2o flow: match: saddr 192.168.1.20 sport 141 daddr 10.197.61.30 dport 141
proto ICMP fib_idx 0 rewrite: saddr 4.4.4.4 daddr 10.197.61.30 icmp-id 141
txfib 0
o2i flow: match: saddr 10.197.61.30 sport 141 daddr 4.4.4.4 dport 141 proto
ICMP fib_idx 0 rewrite: daddr 192.168.1.20 icmp-id 141 txfib 0
index 0
last heard 127.02
timeout in -26.69
total pkts 40, total bytes 3360
static translation
Also have a couple of questions. MY VPP has 3 dpdk interfaces each for lan,
wan1, wan2 . The lan interface IP is 192.168.1.1.
In my static mapping i am creating a rule as below
nat44 add static mapping tcp local 192.168.1.20 external 4.4.4.4
While creating static mapping rules what should the local correspond to ( here
i am setting it to IP of Host C and not the VPP dpdk interface IP ) and what
should the external correspond to ( here i am setting it to a fake external IP
and not wan1 or wan2 IP ).
I aso tried to det44 nat however ran into the following issues.
In startup config if i add the nat { deterministic } or just nat {} config it
fails to run. Run into an error saying unkown nat configuration.
Tried the below det44 nat however dint see any translations in sessions.
det44 plugin enable
set nat timeout udp 300 tcp-established 7440 tcp-transitory 240 icmp 6000
set interface det44 inside lan outside wan
det44 add in 192.168.1.0/24 out 4.4.4.0/24
I see a deubg message saying and dont see any det44 sessions.
vpp# det44 [info ]: unknown dst address: 192.168.1.20
det44 [info ]: unknown dst address: 192.168.1.20
det44 [info ]: unknown dst address: 192.168.1.20
Do let me know what I am missing. Is a different VPP version i should use ? My
current one is build from master branch 22.10. Thanks
Regards,
Ashwini Kadam
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#21784): https://lists.fd.io/g/vpp-dev/message/21784
Mute This Topic: https://lists.fd.io/mt/92906473/21656
Group Owner: vpp-dev+ow...@lists.fd.io
Unsubscribe: https://lists.fd.io/g/vpp-dev/leave/1480452/21656/631435203/xyzzy
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-
