Hi,
When NAT plugin is running in deterministic mode you should use only CLI
commands from list here https://wiki.fd.io/view/VPP/NAT#CLI_2 (for 1801 works
only “show nat44” instead of all “show nat44 deterministic …” commands”)
You should not use “nat44 add interface address” or “nat44 add address”.
Currently there is no check for NAT plugin mode in CLI or API, so wrong
commands may cause crash.
I will fix this to avoid using of wrong configuration.
Matus
From: vpp-dev@lists.fd.io <vpp-dev@lists.fd.io> On Behalf Of Hamid via
Lists.Fd.Io
Sent: Tuesday, April 10, 2018 3:55 PM
To: vpp-dev@lists.fd.io
Cc: vpp-dev@lists.fd.io
Subject: [vpp-dev] VPP crash bug in CGNAT module
Hi,
I am using stable/1801 source build and have encountered a bug due to the CGNAT
plugin. When using deterministic CGN and using the nat { deterministic } option
in the startup.conf, if you apply normal nat44 rules, the interfaces do not
work as expected. And by initiating a ping command, vppctl crashes and exits
and with it, removes all its applied previous configuration from the CLI.
Here is a sample setup (loop0 and loop1 have been configured):
vpp# nat44 add interface address loop0
vpp# set interface nat44 in loop1 out loop0
vpp# nat44 add address 192.168.10.20 - 192.168.10.30
Now, when the ping command is run (IP address is of a tap interface initialized
in vpp), vpp crashes and all CLI configuration resets:
vpp# ping 192.168.100.2
root@xflow:~#
When the 'nat { deterministic }' statement is removed from the startup conf,
the issue is resolved and the setup behaves as intended.
