Re: [vpp-dev] SNAT and tap for SSH problem

[Denis Lotarev via vpp-dev]

So sorry for my formatting... 


"Machine A" 1.1.2.10/24 with default route 1.1.2.1
"VPP host" (linux machine) 1.1.1.10/24 with static route 1.1.2.0/24 via 1.1.1.1
On VPP side GigabitEthernet2/0/0 with ip 1.1.2.1/24 looking to Machine "A", 
tap-0 with ip 1.1.1.1/24 looking to "VPP host", and GigabitEthernet2/0/1.871 
with 2.2.2.2/24 looking to Internet


# cat /etc/vpp/startup.confunix {
nodaemon
log /tmp/vpp.log
full-coredump
cli-listen localhost:5002
exec /etc/vpp/111
} dpdk {
dev 0000:02:00.0
dev 0000:02:00.1
}
snat {
translation hash buckets 20971520
translation hash memory 1073741824
user hash buckets 12288
user hash memory 20971520
max translations per user 50000
}
api-trace {
on
} api-segment {
gid vpp

}


# cat /etc/vpp/111create sub-interfaces GigabitEthernet2/0/1 871
set int state GigabitEthernet2/0/1 up
set int state GigabitEthernet2/0/0 up
set int state GigabitEthernet2/0/1.871 up
set int ip address GigabitEthernet2/0/1.871 2.2.2.2/24
set int ip address GigabitEthernet2/0/0 1.1.2.1/24
set int snat out GigabitEthernet2/0/1.871
ip route add 0.0.0.0/0 via 2.2.2.1 GigabitEthernet2/0/1.871
set int snat in GigabitEthernet2/0/0 out GigabitEthernet2/0/1.871
snat add address 2.2.2.3
tap connect vppctl
set int state tap-0 up

set int ip address tap-0 1.1.1.1/24


With this configuration SNAT working very good from Machine A, but i cannot 
ping from Machine A (1.1.2.10) to VPP host (1.1.1.10).

When i delete only one rule set int snat in GigabitEthernet2/0/0 out 
GigabitEthernet2/0/1.871 then i can ping VPP host, but SNAT lost.

How to get working both SNAT and SSH via tap device?

I can send additional information if needed. Thank you for your help! 
--
Yours sincerely,
Denis Lotarev



________________________________
From: Denis Lotarev <dlota...@yahoo.com>
To: "vpp-dev@lists.fd.io" <vpp-dev@lists.fd.io> 
Sent: Tuesday, January 24, 2017 5:01 PM
Subject: SNAT and tap for SSH problem



Hi all!

I have a problem when SNAT enable on VPP side.

"Machine A" 1.1.2.10/24 with default route 10.2.1.1
"VPP host" (linux machine) 1.1.1.10/24 with static route 1.1.2.0/24 via 1.1.1.1
On VPP side GigabitEthernet2/0/0 with ip 1.1.2.1/24 looking to Machine "A", 
tap-0 with ip 1.1.1.1/24 looking to "VPP host", and GigabitEthernet2/0/1.871 
with 2.2.2.2/24 looking to Internet

# cat /etc/vpp/startup.conf 
unix {
  nodaemon
  log /tmp/vpp.log
  full-coredump
  cli-listen localhost:5002
  exec /etc/vpp/111
}

dpdk {
    dev 0000:02:00.0
    dev 0000:02:00.1
}
snat {
  translation hash buckets 20971520
  translation hash memory 1073741824
  user hash buckets 12288
  user hash memory 20971520
  max translations per user 50000
}
api-trace {
  on
}

api-segment {
  gid vpp
}

# cat /etc/vpp/111 
create sub-interfaces GigabitEthernet2/0/1 871
set int state GigabitEthernet2/0/1 up
set int state GigabitEthernet2/0/0 up
set int state GigabitEthernet2/0/1.871 up
set int ip address GigabitEthernet2/0/1.871 2.2.2.2/24
set int ip address GigabitEthernet2/0/0 1.1.2.1/24
set int snat out GigabitEthernet2/0/1.871
ip route add 0.0.0.0/0 via 2.2.2.1 GigabitEthernet2/0/1.871
set int snat in GigabitEthernet2/0/0 out GigabitEthernet2/0/1.871
snat add address 2.2.2.3
tap connect vppctl
set int state tap-0 up
set int ip address tap-0 1.1.1.1/24



With this configuration SNAT working very good from Machine A, but i cannot 
ping from Machine A (1.1.2.10) to VPP host (1.1.1.10).
When i delete only one rule set int snat in GigabitEthernet2/0/0 out 
GigabitEthernet2/0/1.871 then i can ping VPP host, but SNAT lost.

How to get working both SNAT and SSH via tap device?
I can send additional information if needed.



Thank you for your help!



 
--
Yours sincerely,
Denis Lotarev
_______________________________________________
vpp-dev mailing list
vpp-dev@lists.fd.io
https://lists.fd.io/mailman/listinfo/vpp-dev