Commands looks good to me, please provide us more details (another CLI commands
used, nat startup configuration, …)
Matus
From: vpp-dev@lists.fd.io On Behalf Of Shahid Khan
Sent: Wednesday, February 20, 2019 4:54 PM
To: Ole Troan
Cc: vpp-dev@lists.fd.io
Subject: Re: [vpp-dev] error: static ma
Hi,
I try something similar with 19.01 release and no error.
Matus
From: vpp-dev@lists.fd.io On Behalf Of Shahid Khan
Sent: Wednesday, February 20, 2019 8:58 AM
To: vpp-dev@lists.fd.io
Subject: [vpp-dev] error: static mapping: Mapping already exist
I'm new to VPP and just pulled 19.01 release
Hi,
There is no plan to implement PAP.
There is one solution in my mind “port block allocation”. When creating user
(first session), instead of allocating single port multiple ports of single IP
address are allocated for given user. Block size should be configurable and
will be free when deleti
Hi,
There is no guarantee that user always get same external address if you have
multiple external addresses. What you are referring to mean standard/vanilla
NAT use endpoint-independent mapping (RFC4787 section 4.1.) and filtering
(RFC4787 section 5.), something different. What you want is add
Hi,
Default assignment algorithm support address per fib (tenant)
https://wiki.fd.io/view/VPP/NAT#NAT44_add_pool_address_for_specific_tenant
It just pick random port (per protocol) from first address with some available
ports. In case of multithread ports a divided between worker threads.
Matus
Hi,
You need to update next_nodes in VLIB_REGISTER_NODE (snat_out2in_node) too
Matus
-Original Message-
From: vpp-dev@lists.fd.io On Behalf Of Raj
Sent: Tuesday, February 5, 2019 4:02 PM
To: vpp-dev@lists.fd.io
Subject: Re: [vpp-dev] Configuring NAT and Policing together
Hello all,
I
Hi,
You should go from nat44-out2in to ip4-policer-classify only if it is
configured on given interface (check if sw_if_index0 in nat44-out2in has
configured/enabled policer), I think this may be reason of ASSERT.
Matus
-Original Message-
From: vpp-dev@lists.fd.io On Behalf Of Raj
Se
nat44-out2in node:
u32 next0 = SNAT_OUT2IN_NEXT_LOOKUP;
<...>
vlib_validate_buffer_enqueue_x1 (vm, node, next_index, to_next, n_left_to_next,
bi0, next0);
whatever you specify in VNET_FEATURE_INIT runs_before is ignored for
nat44-out2in, normally when you want continue to nex node in feature a
Hi,
I don't think it is working way you wanted since nat44-out2in goes directly to
ip4-lookup instead of continue in feature arc to ip4-policer-classify.
Matus
-Original Message-
From: Raj
Sent: Tuesday, January 22, 2019 3:00 PM
To: Matus Fabian -X (matfabia - PANTHEON TECHNOLOGIES at
comments inline
Matus
-Original Message-
From: vpp-dev@lists.fd.io On Behalf Of Raj
Sent: Tuesday, January 22, 2019 1:06 PM
To: vpp-dev@lists.fd.io
Subject: Re: [vpp-dev] Configuring NAT and Policing together
Hi Matus,
We were looking to modify the flow so that the south->north path l
Hi,
You can use ip4-policer-classify before NAT node. Add nat44-in2out or
nat44-out2in to ip4_policer_classify runs_before list
VNET_FEATURE_INIT (ip4_policer_classify, static) =
{
.arc_name = "ip4-unicast",
.node_name = "ip4-policer-classify",
.runs_before = VNET_FEATURES ("ipsec4-input-fe
Hi,
For endpoint dependent NAT oldest session per user is recycled only when
expired (classic/vanilla NAT recycle always).
Matus
From: vpp-dev@lists.fd.io On Behalf Of carlito nueno
Sent: Friday, January 18, 2019 7:45 AM
To: vpp-dev@lists.fd.io
Subject: [vpp-dev] nat: create NAT session faile
feature?
saint_sun
From: Matus Fabian -X (matfabia - PANTHEON TECHNOLOGIES@Cisco) via
Lists.Fd.Io<mailto:matfabia=cisco@lists.fd.io>
Date: 2019-01-15 18:00
To: saint_...@aliyun.com<mailto:saint_...@aliyun.com>;
vpp-dev<mailto:vpp-dev@lists.fd.
Hi,
twice NAT is currently supported only for TCP and UDP
Matus
From: vpp-dev@lists.fd.io On Behalf Of saint_sun ? via
Lists.Fd.Io
Sent: Tuesday, January 15, 2019 10:47 AM
To: vpp-dev
Cc: vpp-dev@lists.fd.io
Subject: [vpp-dev] nat44:twice nat
hi all,
I want to use twice-nat,but when I send
Hi,
VPP configuration look good to me, I am not sure what is wrong. Maybe try to
check “show interface” output, IPfix should add 9 additional tx packets for
GigabitEthernet3/0/0 after ping and “ipfix flush” command.
Matus
From: vpp-dev@lists.fd.io On Behalf Of emma sdi
Sent: Wednesday, Janua
https://wiki.fd.io/view/VPP/NAT#Enable_NAT_plugin_IPFIX_logging_example
You can also take a look at NAT plugin test
https://gerrit.fd.io/r/gitweb?p=vpp.git;a=blob;f=test/test_nat.py;h=c64359a4db743ebf187c4198a12b2e3c80f5433d;hb=HEAD#l2646
Matus
From: khers
Sent: Wednesday, January 9, 2019 9:4
Address and port allocation function example https://gerrit.fd.io/r/#/c/14643/
Matus
From: khers
Sent: Monday, January 7, 2019 4:13 PM
To: Matus Fabian -X (matfabia - PANTHEON TECHNOLOGIES at Cisco)
Cc: vpp-dev
Subject: Re: [vpp-dev] nat: specify a pool for an outgoing interface
Dear Matue,
Hi,
Do you receive at least IPfix templates on collector?
Matus
From: khers
Sent: Sunday, January 6, 2019 8:58 AM
To: Matus Fabian -X (matfabia - PANTHEON TECHNOLOGIES at Cisco)
Cc: vpp-dev
Subject: Re: [SUSPECTED SPAM] [vpp-dev] IPFIX Nat Logging
Hi,
I tried that but I didn't get any log
Hi,
Could you please provide packet trace?
Matus
-Original Message-
From: Carlito Nueno
Sent: Friday, January 4, 2019 10:34 PM
To: Matus Fabian -X (matfabia - PANTHEON TECHNOLOGIES at Cisco)
Cc: vpp-dev@lists.fd.io
Subject: Re: [vpp-dev] Question regarding captive portal
Hi Matus,
Hi,
Your requirement is not supported currently. Maybe you can implement it using
NAT as output feature and write your own address and port allocation function.
Matus
From: khers
Sent: Sunday, January 6, 2019 3:35 PM
To: Matus Fabian -X (matfabia - PANTHEON TECHNOLOGIES at Cisco)
Cc: vpp-de
Hi,
You can translate to different addresses only packets from different VRF
https://wiki.fd.io/view/VPP/NAT#NAT44_add_pool_address_for_specific_tenant
Matus
From: vpp-dev@lists.fd.io On Behalf Of emma sdi
Sent: Tuesday, January 1, 2019 9:10 AM
To: vpp-dev
Subject: [vpp-dev] nat: specify a p
Hi,
Run NAT plugin in endpoint-dependent mode (add following to startup config “nat
{ endpoint-dependent }”), enable NAT feature “set interface nat44 in tap3 out
GigabitEthernet4/0/0” and create static mapping “nat44 add static mapping tcp
local 192.168.1.2 80 external GigabitEthernet4/0/0 80 o
Hi,
IPfix events are aggregated, to send it immediately use “ipfix flush"
Matus
From: vpp-dev@lists.fd.io On Behalf Of emma sdi
Sent: Tuesday, December 25, 2018 1:49 PM
To: vpp-dev
Subject: [SUSPECTED SPAM] [vpp-dev] IPFIX Nat Logging
Dear Vpp,
I'd just configured a simple snat to check logg
Is worker distribution same in case of multiple clients (you ca see this with
same “show run” exercise, take a look at number of interface and nat44-in2out
calls for each core)? Maybe you should try to play with interface rx queue
placement (you can see it in “show interface rx-placement” output
Hi,
in your case most of NAT translations are done in one core. With 4 cores you
are lucky and flows arrive at same core where translations are processing (no
worker handoff) and with 10 cores there is worker handoff between two workers
and it is reason of performance drop. Basically your flows
sessions over two
different ports?
John
Sent from my phone
On Tue, Dec 18, 2018 at 10:28 AM +, "Matus Fabian -X (matfabia - PANTHEON
TECHNOLOGIES@Cisco) via Lists.Fd.Io"
mailto:matfabia=cisco@lists.fd.io>> wrote:
Session/mapping key is 4-tuple (client address, port,
Hi,
NAT code should be rewritten
Matus
From: vpp-dev@lists.fd.io On Behalf Of
david.leitch@gmail.com
Sent: Wednesday, December 19, 2018 4:56 PM
To: vpp-dev@lists.fd.io
Subject: Re: [vpp-dev] Worker Thread Dead Lock on NAT44 IPFIX
hi Matus
Thanks for your answer, can you explain more about
Hi,
NAT process all ipfix events in main thread. I think this should be reworked to
per worker thread processing like flowprobe plugin
Matus
From: vpp-dev@lists.fd.io On Behalf Of
david.leitch@gmail.com
Sent: Wednesday, December 19, 2018 8:29 AM
To: vpp-dev@lists.fd.io
Subject: Re: [vpp-
g two different
external IPs to an endpoint if the client opens two separate sessions over two
different ports?
John
Sent from my phone
On Tue, Dec 18, 2018 at 10:28 AM +0000, "Matus Fabian -X (matfabia - PANTHEON
TECHNOLOGIES@Cisco) via Lists.Fd.Io"
mailto:matfabia=cisco@list
Session/mapping key is 4-tuple (client address, port, fib index and protocol),
internal address and port is mapped always to same external address and port no
matter what is the endpoint
https://gerrit.fd.io/r/gitweb?p=vpp.git;a=blob;f=src/plugins/nat/nat.h;h=3ce83ea26022fac43045fc88bfb37466c78c
I think this is issue when handoff queue is congested (multiple workers), this
was fixed in 18.10
Matus
From: vpp-dev@lists.fd.io On Behalf Of
david.leitch@gmail.com
Sent: Tuesday, December 18, 2018 10:36 AM
To: vpp-dev@lists.fd.io
Subject: Re: [vpp-dev] Config NAT plugin for with dynamic
Endpoint independent mapping is default behaviour
Matus
From: John Biscevic
Sent: Tuesday, December 18, 2018 10:03 AM
To: Ole Troan ; Matus Fabian -X (matfabia - PANTHEON
TECHNOLOGIES at Cisco)
Cc: vpp-dev@lists.fd.io
Subject: Re: [vpp-dev] Sanity check re: NAT for same-service mapping
Hi Ma
Please try to use 18.10
Matus
From: vpp-dev@lists.fd.io On Behalf Of
david.leitch@gmail.com
Sent: Tuesday, December 18, 2018 9:43 AM
To: vpp-dev@lists.fd.io
Subject: Re: [vpp-dev] Config NAT plugin for with dynamic translations
I used VPP18.04
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive al
What is your VPP version?
Matus
From: vpp-dev@lists.fd.io On Behalf Of
david.leitch@gmail.com
Sent: Tuesday, December 18, 2018 9:26 AM
To: vpp-dev@lists.fd.io
Subject: Re: [vpp-dev] Config NAT plugin for with dynamic translations
vpp# show interface rx-placement
Thread 1 (vpp_wk_0):
nod
And no tx packets form the beginning?
Matus
From: vpp-dev@lists.fd.io On Behalf Of
david.leitch@gmail.com
Sent: Tuesday, December 18, 2018 8:57 AM
To: vpp-dev@lists.fd.io
Subject: Re: [vpp-dev] Config NAT plugin for with dynamic translations
yes, When ipfix disabled i have rx-miss
-=-=-=-
Hi,
Endpoint-dependent NAT is not default behaviour, when you want to use
endpoint-dependent NAT you need to adjust startup config
https://wiki.fd.io/view/VPP/NAT#NAT44
Matus
-Original Message-
From: vpp-dev@lists.fd.io On Behalf Of JB
Sent: Tuesday, December 18, 2018 12:02 AM
To: Ole
even without ipfix enabled?
Matus
From: vpp-dev@lists.fd.io On Behalf Of
david.leitch@gmail.com
Sent: Tuesday, December 18, 2018 8:47 AM
To: vpp-dev@lists.fd.io
Subject: Re: [vpp-dev] Config NAT plugin for with dynamic translations
if I config vpp without NAT (just routing) it works , but
Hi,
NAT plugin configuration look good for me.
Matus
From: vpp-dev@lists.fd.io On Behalf Of
david.leitch@gmail.com
Sent: Tuesday, December 18, 2018 8:27 AM
To: vpp-dev@lists.fd.io
Subject: [vpp-dev] Config NAT plugin for with dynamic translations
[Edited Message Follows]
Hi,
I want to t
Hi,
It is yet-to-be-implemented feature, deterministic mode is PoC code, it has
only some basic functionality
Matus
From: John Biscevic
Sent: Monday, December 10, 2018 12:40 PM
To: Matus Fabian -X (matfabia - PANTHEON TECHNOLOGIES at Cisco)
; vpp-dev@lists.fd.io
Subject: Re: [vpp-dev] Packe
Hi,
Deterministic mode doesn’t support fragments.
Matus
From: John Biscevic
Sent: Monday, December 10, 2018 10:36 AM
To: Matus Fabian -X (matfabia - PANTHEON TECHNOLOGIES at Cisco)
; vpp-dev@lists.fd.io
Subject: Re: [vpp-dev] Packet error-drop with fragmented packets through NAT
#vpp_stabili
Hi,
https://wiki.fd.io/view/VPP/NAT
NAT44 (vanilla/simple and endpoint-dependent mode) lazily delete expired
sessions. When inserting to session lookup hash and bucket is full, expired
session is overwritten.
Matus
-Original Message-
From: vpp-dev@lists.fd.io On Behalf Of Yuan Fan
Se
https://gerrit.fd.io/r/#/c/16048/
Matus
From: 王传国
Sent: Tuesday, November 20, 2018 9:41 AM
To: Matus Fabian -X (matfabia - PANTHEON TECHNOLOGIES at Cisco)
; vpp-dev
Subject: 回复: RE: [vpp-dev] NAT44 && VXLAN tunnel && ip reassembly && ip frag
can not work correctly at vpp stable/1810
I am lo
Hi,
There is bug in NAT fragment processing code when “nat44 forwarding enable” is
used. I will fix it.
Matus
From: vpp-dev@lists.fd.io On Behalf Of ???
Sent: Tuesday, November 20, 2018 3:43 AM
To: Matus Fabian -X (matfabia - PANTHEON TECHNOLOGIES at Cisco)
; vpp-dev
Subject: 回复: RE: [vpp-d
Hi,
In packet trace is missing second fragment for “Packet 2” fragment id 0x047f
(VXLAN packet fragment), probably “Packet 3”. “Packet 4” contain second
fragment of ICMP packet. First ICMP fragment is encapsulated but VXLAN packet
is too big and is fragmented too.
Matus
From: 王传国
Sent: Mond
Hi,
Could you please provide packet trace?
Matus
From: vpp-dev@lists.fd.io On Behalf Of ???
Sent: Friday, November 16, 2018 9:54 AM
To: vpp-dev
Subject: [vpp-dev] NAT44 && VXLAN tunnel && ip reassembly && ip frag can not
work correctly at vpp stable/1810
Hi all,
ping 192.168.123.2 -s 60
probably some API changes, maybe add NAT traversal support, there are some ugly
hacks in code and so on...
Matus
From: tianye@sina
Sent: Tuesday, November 6, 2018 10:38 AM
To: Matus Fabian -X (matfabia - PANTHEON TECHNOLOGIES at Cisco)
; vpp-dev@lists.fd.io
Subject: RE: About Strongswan on VPP
Hi,
Currently I don't have any plan to upstream my strongswan patches. I guess code
is little bit outdated now since I tested it with VPP 18.04 and keep in mind
that code is PoC quality. There are two plugins for VPP in strongswan
kernel_vpp (IPSec and networking backend for VPP) and socket_vpp
Hi,
Deterministic NAT preallocate vector with 1000 session slots for each host from
inside network range, so it will take some time
https://wiki.fd.io/view/VPP/NAT#Memory_requirements
Matus
From: vpp-dev@lists.fd.io On Behalf Of
david.leitch@gmail.com
Sent: Wednesday, October 24, 2018
Hi John,
Fix in master and stable/1810 branch
Matus
From: vpp-dev@lists.fd.io On Behalf Of JB
Sent: Friday, October 19, 2018 9:14 AM
To: Matus Fabian -X (matfabia - PANTHEON TECHNOLOGIES at Cisco)
; vpp-dev@lists.fd.io
Subject: Re: [vpp-dev] Packet error-drop with fragmented packets through N
Hi John,
There is bug in NAT code for ICMP fragments. I will fix it as soon as possible.
Thanks,
Matus
From: vpp-dev@lists.fd.io On Behalf Of JB
Sent: Thursday, October 18, 2018 12:48 PM
To: vpp-dev@lists.fd.io
Subject: Re: [vpp-dev] Packet error-drop with fragmented packets through NAT
#vpp_s
Hi Martin,
DSCP value is currently copied to outer IP header
https://gerrit.fd.io/r/gitweb?p=vpp.git;a=blob;f=src/vnet/ipsec/esp_encrypt.c;h=4291e946b3644f9d85a0998359799103d25a52f2;hb=HEAD#l253
Based on RFC4301 (section 4.1) DSCP is not traffic selector parameter of SPD
entry/policy and should
Hi,
Actually VPP can be IKE initiator, wiki is little bit outdated, see
https://gerrit.fd.io/r/#/c/5401/
Matus
From: vpp-dev@lists.fd.io On Behalf Of xulang
Sent: Wednesday, August 29, 2018 8:45 AM
To: vpp-dev@lists.fd.io
Subject: [vpp-dev] ipsec vpn(site to site)
Hi all,
I'd like to build a
Hi Jon,
I’ve updated nat_show_config_reply https://gerrit.fd.io/r/#/c/14411/, hope it
is all here now
Matus
From: vpp-dev@lists.fd.io On Behalf Of Matus Fabian -X
(matfabia - PANTHEON TECHNOLOGIES@Cisco) via Lists.Fd.Io
Sent: Thursday, August 16, 2018 7:45 AM
To: Jon Loeliger ; vpp-dev
Cc
I think nat_show_config_reply should be augmented with some fields reflecting
newer features.
You are correct deterministic and endpoint-dependent are mutually exclusive.
Matus
From: vpp-dev@lists.fd.io On Behalf Of Jon Loeliger
Sent: Wednesday, August 15, 2018 10:39 PM
To: vpp-dev
Subject: [
Max_frag value is applied when fragments arrived out of order (non-initial
fragments arrive before first fragment which contains L4 header), fragments are
stored and waiting for first fragment (max_frag is limit for number of stored
fragments). Fragments are dropped in nat44-in2out-reass or nat4
Hi Jon,
NAT plugin does virtual fragment reassembly – it enables to translate
non-initial fragments without L4 header otherwise NAT is unable to gather port
information from the non-initial fragment, packet is still broken into several
fragments after NAT translation.
Matus
From: vpp-dev@lis
Hi,
Fix for TCP expire issue https://gerrit.fd.io/r/#/c/14207/
Matus
From: vpp-dev@lists.fd.io On Behalf Of xuliang
Sent: Monday, August 13, 2018 6:32 AM
To: vpp-dev@lists.fd.io
Cc: mocan ; wenxu ; 'houzhiyuan'
Subject: [vpp-dev] NAT64 TCP Session never expire
Hi Dear VPP,
I did some te
Hi,
You are right there is bug.
For multiple thread there is handoff node which send packet to correct thread.
Matus
From: vpp-dev@lists.fd.io On Behalf Of xuliang
Sent: Monday, August 13, 2018 6:32 AM
To: vpp-dev@lists.fd.io
Cc: mocan ; wenxu ; 'houzhiyuan'
Subject: [vpp-dev] NAT64 TCP Se
mit a patch myself to no avail.
Thanks.
On Sun, Apr 8, 2018 at 11:44 PM, Matus Fabian -X (matfabia - PANTHEON
TECHNOLOGIES@Cisco) mailto:matfa...@cisco.com>> wrote:
Deterministic NAT is dedicated to CGN so no logging of sessions planed.
Syslog is still in todo list, but contributi
iencing the crash when VM connects with VPP in deterministic
mode.
Kindly, provide an explanation for the crash or a workaround for this.
From: vpp-dev@lists.fd.io<mailto:vpp-dev@lists.fd.io>
[mailto:vpp-dev@lists.fd.io] On Behalf Of Matus Fabian -X (matfabia - PANTHEON
TECHNOLOGIES@Cisco)
There is fix https://gerrit.fd.io/r/#/c/14106/
Matus
From: vpp-dev@lists.fd.io On Behalf Of Matus Fabian -X
(matfabia - PANTHEON TECHNOLOGIES@Cisco) via Lists.Fd.Io
Sent: Thursday, August 9, 2018 1:51 PM
To: arsalan.sag...@xflowresearch.com; vpp-dev@lists.fd.io
Cc: vpp-dev@lists.fd.io
Subject
Hi,
There is bug in snat_interface_add_del, it should not enable nat44-hairpinning
node, I will fix it
Matus
From: vpp-dev@lists.fd.io On Behalf Of
arsalan.sag...@xflowresearch.com
Sent: Thursday, August 9, 2018 1:16 PM
To: vpp-dev@lists.fd.io
Cc: 'Fazal-e-Rehman Khan'
Subject: [vpp-dev] [Bu
Hi George,
I don’t have any issue with “show nat44 sessions” under heavy load (it just
print number of session for each NAT user/internal network IP, no sessions
details). Without core file analysis hard to say where is the issue.
Regards,
Matus
From: vpp-dev@lists.fd.io On Behalf Of Geoge
S
Subject: Re: [vpp-dev] syslog in snat
Hi all,
I'm just checking in to see if anyone made progress on syslog? I've tried to
look at the code and submit a patch myself to no avail.
Thanks.
On Sun, Apr 8, 2018 at 11:44 PM, Matus Fabian -X (matfabia - PANTHEON
TECHNOLOGIES@Cisco) ma
Hi,
Only difference is that nat44-in2out-output send packet to interface-output
instead of ip4-lookup
Instead of "set interface nat44 in GigabitEthernet0/8/0 out
GigabitEthernet0/a/0" use "set interface nat44 out GigabitEthernet0/a/0
output-feature" and if you need hairpining use "set interface
https://gerrit.fd.io/r/#/c/12309/
Matus
From: Hamid Rasool <14mseesras...@seecs.edu.pk>
Sent: Wednesday, May 2, 2018 7:24 AM
To: Matus Fabian -X (matfabia - PANTHEON TECHNOLOGIES at Cisco)
Cc: vpp-dev@lists.fd.io
Subject: Re: [vpp-dev] Figure out u16 mapping in NAT API output
Dear Matus,
Than
There is bug, fields are decoded wrong way in
vl_api_nat44_user_session_details_t_handler (nat_test.c)
Just note, nat44_user_session_dump works only with non-deterministic NAT.
Matus
From: vpp-dev@lists.fd.io On Behalf Of Hamid via
Lists.Fd.Io
Sent: Wednesday, May 2, 2018 6:50 AM
To: vpp-dev@
You can use vat console
Matus
From: Hamid Rasool <14mseesras...@seecs.edu.pk>
Sent: Tuesday, April 24, 2018 12:52 PM
To: Matus Fabian -X (matfabia - PANTHEON TECHNOLOGIES at Cisco)
Cc: vpp-dev@lists.fd.io
Subject: Re: [vpp-dev] #vpp CGNAT implementation in VPP
Thanks.
I dont know if it is a b
Hi,
You can’t use deterministic and non-deterministic NAT commands at same time.
When you want to store active deterministic sessions somewhere you can use API
nat_det_session_dump (https://wiki.fd.io/view/VPP/NAT#API_2), just call this
API periodically.
Matus
From: Hamid Rasool <14mseesras..
Hi,
Are internal addresses you used sequence or are randomly selected from internal
network range?
Deterministic NAT use sequential outside address and port range assignment
(first block of external address goes to first address from inside network
range, second block of external address goes t
Src address is mandatory parameter
Matus
From: Hamid Rasool <14mseesras...@seecs.edu.pk>
Sent: Monday, April 23, 2018 7:31 AM
To: Matus Fabian -X (matfabia - PANTHEON TECHNOLOGIES at Cisco)
Cc: vpp-dev@lists.fd.io
Subject: Re: [vpp-dev] #vpp CGNAT implementation in VPP
Is the src necessary in
This should send some IPfix NAT44 session create events. Do you observe any
traffic in tcpdump at the collector machine when use “ipfix flush”? This
command should at least send IPfix templates.
Matus
From: vpp-dev@lists.fd.io On Behalf Of Hamid via
Lists.Fd.Io
Sent: Monday, April 16, 2018 1
How many NAT session client create? IPfix should send at least templates each
20 seconds if there is no data. You can manually send cached IPfix data and
templates by “ipfix flush”. Could you please provide your VPP config (all used
CLI config commands)? There are couple of NAT IPfix tests and a
Hi,
What is your NAT plugin config and what NAT IPfix event do you want trigger?
Matus
From: Hamid Rasool
Sent: Monday, April 16, 2018 9:12 AM
To: Matus Fabian -X (matfabia - PANTHEON TECHNOLOGIES at Cisco)
Cc: vpp-dev
Subject: Re: [vpp-dev] #vpp CGNAT implementation in VPP
Hi Matus,
I ha
Hi,
Larger inside address set require more heap size memory, see
https://wiki.fd.io/view/VPP/NAT#Memory_requirements
Matus
From: Hamid Rasool <14mseesras...@seecs.edu.pk>
Sent: Tuesday, April 10, 2018 6:47 PM
To: Matus Fabian -X (matfabia - PANTHEON TECHNOLOGIES at Cisco)
Cc: vpp-dev@lists.f
Hi,
When NAT plugin is running in deterministic mode you should use only CLI
commands from list here https://wiki.fd.io/view/VPP/NAT#CLI_2 (for 1801 works
only “show nat44” instead of all “show nat44 deterministic …” commands”)
You should not use “nat44 add interface address” or “nat44 add addre
Deterministic NAT is dedicated to CGN so no logging of sessions planed.
Syslog is still in todo list, but contribution of patch is welcome.
Matus
From: vpp-dev@lists.fd.io On Behalf Of Hamid via
Lists.Fd.Io
Sent: Monday, April 9, 2018 7:53 AM
To: vpp-dev@lists.fd.io
Cc: vpp-dev@lists.fd.io
Subj
Only CLI commands, no startup config changes required
Matus
From: Hamid Rasool <14mseesras...@seecs.edu.pk>
Sent: Monday, April 9, 2018 8:06 AM
To: Matus Fabian -X (matfabia - PANTHEON TECHNOLOGIES at Cisco)
; vpp-dev
Subject: Re: [vpp-dev] #vpp CGNAT implementation in VPP
Thanks again Matus.
Hi,
Protected is only traffic which match SPD entry with action protect, action
bypass skip IPsec encapsulation
https://wiki.fd.io/view/VPP/IPSec_and_IKEv2#SPD_entry_creation
You can specify traffic selectors parameters and priority of entry
Matus
From: vpp-dev@lists.fd.io On Behalf Of xulan
Supported templates for deterministic NAT
https://wiki.fd.io/view/VPP/NAT#IPFIX_templates
Supported templates for standard NAT
https://wiki.fd.io/view/VPP/NAT#NAT_IPFIX_logging
IPFix data and template records are transmitted over UDP
(https://tools.ietf.org/html/rfc7011, https://tools.ietf.org/h
“show nat44 deterministic mappings” probably doesn’t work because you use older
version of the VPP (this was changed in 1804)
To delete NAT deterministic mapping use “nat44 deterministic add in
/ out / del”
Currently you can’t alocate specific number of ports of the external address to
the inter
vpp-dev] Multiple Static Mappings
On Wed, Apr 4, 2018 at 11:24 PM, Matus Fabian -X (matfabia - PANTHEON
TECHNOLOGIES@Cisco) mailto:matfa...@cisco.com>> wrote:
When using static mapping with port number external address/interface must be
added to NAT pool otherwise static mapping won’t be reso
added it won’t be resolved.
Matus
From: vpp-dev@lists.fd.io On Behalf Of Jon Loeliger
Sent: Thursday, April 5, 2018 6:13 PM
To: vpp-dev@lists.fd.io
Cc: vpp-dev
Subject: Re: [vpp-dev] Multiple Static Mappings
On Wed, Apr 4, 2018 at 11:24 PM, Matus Fabian -X (matfabia - PANTHEON
TECHNOLOGIES@Cisco
, April 4, 2018 5:41 PM
To: Matus Fabian -X (matfabia - PANTHEON TECHNOLOGIES at Cisco)
Cc: vpp-dev
Subject: Re: [vpp-dev] Multiple Static Mappings
On Wed, Apr 4, 2018 at 5:34 AM, Matus Fabian -X (matfabia - PANTHEON
TECHNOLOGIES@Cisco) mailto:matfa...@cisco.com>> wrote:
Fixed
Fixed https://gerrit.fd.io/r/#/c/11505/
Matus
From: Matus Fabian -X (matfabia - PANTHEON TECHNOLOGIES at Cisco)
Sent: Wednesday, April 4, 2018 7:29 AM
To: 'Jon Loeliger' ; vpp-dev
Subject: RE: Multiple Static Mappings
Hi Jon,
This does not work properly, should be prohibited. I will fix issue.
Hi Jon,
My bad I use wrong interface, so issue is something different.
Issue fixed https://gerrit.fd.io/r/#/c/11503/
DBGvpp# show interface GigabitEthernet0/8/0 addr
GigabitEthernet0/8/0 (dn):
L3 172.16.2.1/24
DBGvpp# show nat44 static mappings
NAT44 static mappings:
DBGvpp# nat44 add static map
Hi Jon,
This does not work properly, should be prohibited. I will fix issue.
Thanks,
Matus
From: Jon Loeliger
Sent: Tuesday, April 3, 2018 6:52 PM
To: vpp-dev ; Matus Fabian -X (matfabia - PANTHEON
TECHNOLOGIES at Cisco)
Subject: Multiple Static Mappings
Matus,
Are multiple static mappings
Hi Jon,
For static mapping without port(icmp id) protocol should be ignored, but looks
like there is some bug. I will fix issue. When I don’t specify protocol it
works:
DBGvpp# sh interface GigabitEthernet0/8/0 addr
GigabitEthernet0/8/0 (dn):
L3 10.0.0.1/24
DBGvpp# sh nat44 static mappings
NAT
This will not work properly
Matus
From: vpp-dev@lists.fd.io On Behalf Of Jon Loeliger
Sent: Friday, March 30, 2018 3:08 PM
To: vpp-dev@lists.fd.io
Subject: Re: [vpp-dev] Some DS Lite Questions
On Thu, Mar 29, 2018 at 2:58 PM, Jon Loeliger
mailto:j...@netgate.com>> wrote:
Matus, et al,
Is the
Hi Jon,
Currently there is no way to remove B4/AFTR tunnel endpoint address.
You are right ip4_addr fields are not used now, for example this can be used to
report ICMP problems in future.
There is no plan to make any of the NAT startup config parameters available via
API now, patches are welco
Hi Dave,
Static mapping entry is deleted from resolution vector after address is set on
interface
snat_ip4_add_del_interface_address_cb:
/* If we resolved any of the outstanding static mappings */
if (vec_len(indices_to_delete))
{
/* Delete them */
for (j =
Hi,
There is example of CGNAT configuration for currently supported feature set
https://wiki.fd.io/view/VPP/NAT#Example_configuration
Basically you need do following 3 steps:
To enable CGNAT mode of NAT plugin add following to startup config: “nat {
deterministic }”
Set inside and outside inter
https://jenkins.fd.io/job/vpp-verify-1801-opensuse/166/console
05:49:33 make[2]: Leaving directory '/w/workspace/vpp-verify-1801-opensuse/dpdk'
05:49:33 sudo rpm -Uih vpp-dpdk-devel-17.11-vpp1.x86_64.rpm
05:49:33
05:49:34 package vpp-dpdk-devel-18.02-vpp
Hi Ed,
Works fine for centos now. Remove of dpdk packages for opensuse is missing in
patch.
Thanks,
Matus
From: Ed Kern (ejk)
Sent: Tuesday, March 13, 2018 7:00 PM
To: Matus Fabian -X (matfabia - PANTHEON TECHNOLOGIES at Cisco)
Cc: vpp-dev@lists.fd.io
Subject: Re: [vpp-dev] issues with opensu
Hi,
I see issues with opensuse and centos verify jobs for stable/1801 branch.
The error is same for both jobs:
11:39:26
11:39:27 package vpp-dpdk-devel-18.02-vpp1.x86_64 (which is newer than
vpp-dpdk-devel-17.11-vpp1.x86_64) is already installed
11:39:
95 matches
Mail list logo
