Hi Ashwini,
Can you also please send me a packet trace from VPP ?
Thank you.
Best regards,
Filip Varga
ut 9. 8. 2022 o 23:50 Ashwini Kadam <a.ka...@cablelabs.com> napĂsal(a):
> Hi Filip,
>
> I did try your recommendations . Updated NAT config to as below
>
> Test Case 1
> nat44 plugin enable sessions 63000
> nat44 forwarding enable
> set nat timeout udp 3000 tcp-established 7440 tcp-transitory 2400 icmp 600
> set interface nat44 in lan
> set interface nat44 out wan1
> set interface nat44 out wan2
> nat44 add static mapping tcp local 192.168.1.20 external 4.4.4.4
>
> Test Case 2
>
> nat44 plugin enable sessions 63000
> nat44 forwarding enable
> set nat timeout udp 3000 tcp-established 7440 tcp-transitory 2400 icmp 600
> set interface nat44 out wan1 output-feature
> set interface nat44 out wan2 output-feature
> nat44 add static mapping tcp local 192.168.1.20 external 4.4.4.4
>
>
>
> However in both cases i see the same result as below
>
> vpp# show nat44 sessions
> NAT44 ED sessions:
> -------- thread 0 vpp_main: 2 sessions --------
> i2o 192.168.1.20 proto TCP port 5201 fib 0
> o2i 192.168.1.20 proto TCP port 5201 fib 0
> external host 10.197.61.30:42280
> i2o flow: match: saddr 192.168.1.20 sport 5201 daddr 10.197.61.30
> dport 42280 proto TCP fib_idx 0 rewrite: txfib 0
> o2i flow: match: saddr 0.0.0.0 sport 0 daddr 0.0.0.0 dport 0 proto
> IP6_HOP_BY_HOP_OPTIONS fib_idx 0
> index 0
> last heard 287.92
> timeout in 2396.83
> total pkts 30, total bytes 985
> dynamic translation
> forwarding-bypass
>
> i2o 192.168.1.20 proto TCP port 5201 fib 0
> o2i 192.168.1.20 proto TCP port 5201 fib 0
> external host 10.197.61.30:42284
> i2o flow: match: saddr 192.168.1.20 sport 5201 daddr 10.197.61.30
> dport 42284 proto TCP fib_idx 0 rewrite: txfib 0
> o2i flow: match: saddr 0.0.0.0 sport 0 daddr 0.0.0.0 dport 0 proto
> IP6_HOP_BY_HOP_OPTIONS fib_idx 0
> index 1
> last heard 287.84
> timeout in 2396.75
> total pkts 4720516, total bytes 5249440
> dynamic translation
> forwarding-bypass
>
> The other thing I noticed was the output says dynamic translations instead
> of static translations.
> In ICMP nat44 sessions i can see that it shows static translations. Below
> is an ICMP NAT44 session
>
> vpp# show nat44 sessions
> NAT44 ED sessions:
> -------- thread 0 vpp_main: 1 sessions --------
> i2o 192.168.1.20 proto ICMP port 141 fib 0
> o2i 4.4.4.4 proto ICMP port 141 fib 0
> external host 10.197.61.30:141
> i2o flow: match: saddr 192.168.1.20 sport 141 daddr 10.197.61.30
> dport 141 proto ICMP fib_idx 0 rewrite: saddr 4.4.4.4 daddr 10.197.61.30
> icmp-id 141 txfib 0
> o2i flow: match: saddr 10.197.61.30 sport 141 daddr 4.4.4.4 dport
> 141 proto ICMP fib_idx 0 rewrite: daddr 192.168.1.20 icmp-id 141 txfib 0
> index 0
> last heard 127.02
> timeout in -26.69
> total pkts 40, total bytes 3360
> static translation
>
>
> Also have a couple of questions. MY VPP has 3 dpdk interfaces each for
> lan, wan1, wan2 . The lan interface IP is 192.168.1.1.
> In my static mapping i am creating a rule as below
>
> nat44 add static mapping tcp local 192.168.1.20 external 4.4.4.4
>
> While creating static mapping rules what should the local correspond to (
> here i am setting it to IP of Host C and not the VPP dpdk interface IP )
> and what should the external correspond to ( here i am setting it to a fake
> external IP and not wan1 or wan2 IP ).
>
> I aso tried to det44 nat however ran into the following issues.
>
> In startup config if i add the nat { deterministic } or just nat {} config
> it fails to run. Run into an error saying unkown nat configuration.
>
> Tried the below det44 nat however dint see any translations in sessions.
>
> det44 plugin enable
> set nat timeout udp 300 tcp-established 7440 tcp-transitory 240 icmp 6000
> set interface det44 inside lan outside wan
> det44 add in 192.168.1.0/24 out 4.4.4.0/24
>
> I see a deubg message saying and dont see any det44 sessions.
>
> vpp# det44 [info ]: unknown dst address: 192.168.1.20
> det44 [info ]: unknown dst address: 192.168.1.20
> det44 [info ]: unknown dst address: 192.168.1.20
>
> Do let me know what I am missing. Is a different VPP version i should use
> ? My current one is build from master branch 22.10. Thanks
>
> Regards,
> Ashwini Kadam
>
>
>
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#21785): https://lists.fd.io/g/vpp-dev/message/21785
Mute This Topic: https://lists.fd.io/mt/92906473/21656
Group Owner: vpp-dev+ow...@lists.fd.io
Unsubscribe: https://lists.fd.io/g/vpp-dev/leave/1480452/21656/631435203/xyzzy
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-
