Thanks Matus for clarification. We have fixed our configs accordingly, but as it was a bug that we encountered so I posted in the forum.
A similar crash also occur sometimes using 'nat44 deterministic add in <addr>/<plen> out <addr>/<plen>' command as well. For cases in which subnet for inside address is set low (e.g. 16) and the outside subnet (e.g. 28), a similar crash is occured, without warning. vpp#nat44 deterministic add in 10.10.0.0/16 out 192.168.10.64/28 root@xflow:~# On Tue, Apr 10, 2018 at 7:09 PM, Matus Fabian -X (matfabia - PANTHEON TECHNOLOGIES at Cisco) <matfa...@cisco.com> wrote: > Hi, > > > > When NAT plugin is running in deterministic mode you should use only CLI > commands from list here https://wiki.fd.io/view/VPP/NAT#CLI_2 (for 1801 > works only “show nat44” instead of all “show nat44 deterministic …” > commands”) > > You should not use “nat44 add interface address” or “nat44 add address”. > Currently there is no check for NAT plugin mode in CLI or API, so wrong > commands may cause crash. > > I will fix this to avoid using of wrong configuration. > > > > Matus > > > > *From:* vpp-dev@lists.fd.io <vpp-dev@lists.fd.io> *On Behalf Of *Hamid > via Lists.Fd.Io > *Sent:* Tuesday, April 10, 2018 3:55 PM > *To:* vpp-dev@lists.fd.io > *Cc:* vpp-dev@lists.fd.io > *Subject:* [vpp-dev] VPP crash bug in CGNAT module > > > > Hi, > > I am using stable/1801 source build and have encountered a bug due to the > CGNAT plugin. When using deterministic CGN and using the nat { > deterministic } option in the startup.conf, if you apply normal nat44 > rules, the interfaces do not work as expected. And by initiating a ping > command, vppctl crashes and exits and with it, removes all its applied > previous configuration from the CLI. > > Here is a sample setup (loop0 and loop1 have been configured): > > vpp# nat44 add interface address loop0 > > vpp# set interface nat44 in loop1 out loop0 > > vpp# nat44 add address 192.168.10.20 - 192.168.10.30 > > > Now, when the ping command is run (IP address is of a tap interface > initialized in vpp), vpp crashes and all CLI configuration resets: > > vpp# ping 192.168.100.2 > > root@xflow:~# > > > When the 'nat { deterministic }' statement is removed from the startup > conf, the issue is resolved and the setup behaves as intended. > > >
