Hi, please try latest VPP code, https://gerrit.fd.io/r/#/c/4751/ should fix your problem.
Regards, [banner3a1] Matus Fabian Engineer - Software matfa...@cisco.com<mailto:matfa...@cisco.com> Tel: Cisco Systems, Inc. Slovakia cisco.com [http://www.cisco.com/assets/swa/img/thinkbeforeyouprint.gif]Think before you print. This email may contain confidential and privileged material for the sole use of the intended recipient. Any review, use, distribution or disclosure by others is strictly prohibited. If you are not the intended recipient (or authorized to receive for the recipient), please contact the sender by reply email and delete all copies of this message. Please click here<http://www.cisco.com/web/about/doing_business/legal/cri/index.html> for Company Registration Information. From: vpp-dev-boun...@lists.fd.io [mailto:vpp-dev-boun...@lists.fd.io] On Behalf Of Denis Lotarev via vpp-dev Sent: Tuesday, January 24, 2017 1:02 PM To: vpp-dev@lists.fd.io Subject: [vpp-dev] SNAT and tap for SSH problem Hi all! I have a problem when SNAT enable on VPP side. "Machine A" 1.1.2.10/24 with default route 10.2.1.1 "VPP host" (linux machine) 1.1.1.10/24 with static route 1.1.2.0/24 via 1.1.1.1 On VPP side GigabitEthernet2/0/0 with ip 1.1.2.1/24 looking to Machine "A", tap-0 with ip 1.1.1.1/24 looking to "VPP host", and GigabitEthernet2/0/1.871 with 2.2.2.2/24 looking to Internet # cat /etc/vpp/startup.conf unix { nodaemon log /tmp/vpp.log full-coredump cli-listen localhost:5002 exec /etc/vpp/111 } dpdk { dev 0000:02:00.0 dev 0000:02:00.1 } snat { translation hash buckets 20971520 translation hash memory 1073741824 user hash buckets 12288 user hash memory 20971520 max translations per user 50000 } api-trace { on } api-segment { gid vpp } # cat /etc/vpp/111 create sub-interfaces GigabitEthernet2/0/1 871 set int state GigabitEthernet2/0/1 up set int state GigabitEthernet2/0/0 up set int state GigabitEthernet2/0/1.871 up set int ip address GigabitEthernet2/0/1.871 2.2.2.2/24 set int ip address GigabitEthernet2/0/0 1.1.2.1/24 set int snat out GigabitEthernet2/0/1.871 ip route add 0.0.0.0/0 via 2.2.2.1 GigabitEthernet2/0/1.871 set int snat in GigabitEthernet2/0/0 out GigabitEthernet2/0/1.871 snat add address 2.2.2.3 tap connect vppctl set int state tap-0 up set int ip address tap-0 1.1.1.1/24 With this configuration SNAT working very good from Machine A, but i cannot ping from Machine A (1.1.2.10) to VPP host (1.1.1.10). When i delete only one rule set int snat in GigabitEthernet2/0/0 out GigabitEthernet2/0/1.871 then i can ping VPP host, but SNAT lost. How to get working both SNAT and SSH via tap device? I can send additional information if needed. Thank you for your help! -- Yours sincerely, Denis Lotarev
_______________________________________________ vpp-dev mailing list vpp-dev@lists.fd.io https://lists.fd.io/mailman/listinfo/vpp-dev
![http://www.cisco.com/assets/swa/img/thinkbeforeyouprint.gif]Think](http://www.cisco.com/assets/swa/img/thinkbeforeyouprint.gif]Think){kind=link}