Hi Matus, I have tried setting up NFSen and NFDump setup on a logically connected VM with my VPP instance. I have then used the 2 commands that you added in the Wiki:
vpp# set ipfix exporter collector 192.168.4.3 port 2055(listening port) src 192.168.10.1(outbound interface IP) vpp# nat ipfix logging The graphs did not show anything after I passed iperf and ping traffic from the CG-NAT host clients, and did not even observe any traffic in tcpdump at the collector machine. I have verified ping connectivity from VPP machine to the collector machine and conf files + netstat to verify the listening port. Does VPP maintain any local logs for the ipfix exports? Regards. On Mon, Apr 9, 2018 at 11:39 AM, Matus Fabian -X (matfabia - PANTHEON TECHNOLOGIES at Cisco) <matfa...@cisco.com> wrote: > Only CLI commands, no startup config changes required > > > > Matus > > > > *From:* Hamid Rasool <14mseesras...@seecs.edu.pk> > *Sent:* Monday, April 9, 2018 8:06 AM > *To:* Matus Fabian -X (matfabia - PANTHEON TECHNOLOGIES at Cisco) < > matfa...@cisco.com>; vpp-dev <vpp-dev@lists.fd.io> > > *Subject:* Re: [vpp-dev] #vpp CGNAT implementation in VPP > > > > Thanks again Matus. Specially for updating the Wiki! > > > > Do I need to change anything in the startup config to enable ipfix in NAT > or do the CLI commands in the example config work as standard? > > > > On Mon, Apr 9, 2018 at 10:20 AM, Matus Fabian -X (matfabia - PANTHEON > TECHNOLOGIES at Cisco) <matfa...@cisco.com> wrote: > > Supported templates for deterministic NAT https://wiki.fd.io/view/VPP/ > NAT#IPFIX_templates > > Supported templates for standard NAT https://wiki.fd.io/view/VPP/ > NAT#NAT_IPFIX_logging > > IPFix data and template records are transmitted over UDP ( > https://tools.ietf.org/html/rfc7011, https://tools.ietf.org/html/rfc8158) > > IPFix example configuration https://wiki.fd.io/view/VPP/ > NAT#Enable_NAT_plugin_IPFIX_logging_example > > > > Matus > > > > > > *From:* Hamid Rasool <14mseesras...@seecs.edu.pk> > *Sent:* Friday, April 6, 2018 4:23 PM > > > *To:* Matus Fabian -X (matfabia - PANTHEON TECHNOLOGIES at Cisco) < > matfa...@cisco.com> > *Cc:* vpp-dev@lists.fd.io > *Subject:* Re: [vpp-dev] #vpp CGNAT implementation in VPP > > > > Thanks Matus for the rapid response. The del command did the trick and I > will try to repeat the setup for 18.04-rc1 build. I also got some more info > through the command 'show nat44 detail' which did not show up by ? in the > CLI by default. > > > > About IPFIX logging, can you suggest an example template to perform the > logging: > > e.g. > > nat { > > NAT44 Addresses exhausted > > NAT44 Session create > > NAT44 Session delete > > } > > > > Also, any pointers to access these IPFIX logs for nat session details > without using deterministic NAT once the logging has been enable would also > be very helpful. > > > > Regards, > > Hamid > > > > On Fri, Apr 6, 2018 at 3:42 PM, Matus Fabian -X (matfabia - PANTHEON > TECHNOLOGIES at Cisco) <matfa...@cisco.com> wrote: > > “show nat44 deterministic mappings” probably doesn’t work because you use > older version of the VPP (this was changed in 1804) > > To delete NAT deterministic mapping use “nat44 deterministic add in > <addr>/<plen> out <addr>/<plen> del” > > Currently you can’t alocate specific number of ports of the external > address to the internal clients. It is possible to implenet this, patches > are welcome. > > NAT plugin use IPfix for logging events https://wiki.fd.io/view/VPP/ > NAT#IPFIX_templates. Deterministic NAT doesn’t log session since > internall address is statically mapped to set of external ports of the > address (purpose of deterministic NAT is to reduce logging > https://tools.ietf.org/html/rfc7422). > > > > Matus > > > > *From:* Hamid Rasool <14mseesras...@seecs.edu.pk> > *Sent:* Friday, April 6, 2018 12:16 PM > *To:* Matus Fabian -X (matfabia - PANTHEON TECHNOLOGIES at Cisco) < > matfa...@cisco.com> > *Cc:* vpp-dev@lists.fd.io > *Subject:* Re: [vpp-dev] #vpp CGNAT implementation in VPP > > > > Thanks Fabian. > > > > I have configured these steps and it seems to work (although some > variations of nat deterministic add command caused vpp to crash and reset > configurations though). However, there is another command in the VPP/NAT > wiki: "show nat44 deterministic mappings" which does not seem to work. > > The "show nat44" command only seem to work however: > > > > vpp# nat44 deterministic add in 10.10.3.0/25 out 192.168.100.64/28 > > vpp# show nat44 > > NAT plugin mode: deterministic mapping > > udp timeout: 300sec > > tcp-established timeout: 7440sec > > tcp-transitory timeout: 240sec > > icmp timeout: 60sec > > 1 deterministic mappings > > > > > > I want to ask how can we delete a pool mapping once we have set it or even > change it because there seems to be no options to do that. Another query is > about how can we allocate a specific number of ports of the external > address to the internal clients. Lets say I want to map 8 internal > addresses to 1 external for a pool of external addresses, which makes about > 8000 ports (out of 65000) for each internal address. Is there any way to > implement. > > Last question for now, where are the session logs stored for NAT for each > flow of packet. Does VPP provide syslog stats or any flow records for nat > sessions? > > > > Thanks again! > > > > > > > > [image: > https://ipmcdn.avast.com/images/icons/icon-envelope-tick-round-orange-animated-no-repeat-v1.gif] > <https://www.avast.com/sig-email?utm_medium=email&utm_source=link&utm_campaign=sig-email&utm_content=webmail&utm_term=icon> > > Virus-free. www.avast.com > <https://www.avast.com/sig-email?utm_medium=email&utm_source=link&utm_campaign=sig-email&utm_content=webmail&utm_term=link> > > > > On Mon, Mar 19, 2018 at 5:19 PM, Matus Fabian -X (matfabia - PANTHEON > TECHNOLOGIES at Cisco) <matfa...@cisco.com> wrote: > > Hi, > > > > There is example of CGNAT configuration for currently supported feature > set https://wiki.fd.io/view/VPP/NAT#Example_configuration > > > > Basically you need do following 3 steps: > > To enable CGNAT mode of NAT plugin add following to startup config: “nat { > deterministic }” > > Set inside and outside interfaces: set interface nat44 in <intfc> out > <intfc> > > Set pool address range for inside network range: nat44 deterministic add > in <addr>/<plen> out <addr>/<plen> > > > > That is all you can currently configure. > > > > Matus > > > > > > *From:* vpp-dev@lists.fd.io <vpp-dev@lists.fd.io> *On Behalf Of *Hamid > via Lists.Fd.Io > *Sent:* Monday, March 19, 2018 1:03 PM > *To:* vpp-dev@lists.fd.io > *Cc:* vpp-dev@lists.fd.io > *Subject:* [vpp-dev] #vpp CGNAT implementation in VPP > > > > Hi, > > I have a Ubuntu server machine having 32 cores and four 1 Gigabit NICs > with KVM hypervisor. I want to test VPP performance for CGNAT in NAT444 > mode while supporting routing protocols like BGP and IS-IS on VM topology > setup. Kindly direct me somewhere to get me started. The usage of CGNAT > with a pool of out address ranges and allocating port numbers is not > directly explained in the NAT plugin Wiki page. Any info regarding how to > generate packet traffic to check performance in terms of number of > concurrent sessions handled by CGNAT on my hardware will also be > appreciated. > > I have tried the progressive VPP tutorial but some of the switching > related exercises are not functioning as expected and there is no similar > tutorial or guide to apply CG-NAT along with routing as a PoC software > router would do. Integration with FRR as per FRR wiki was also outdated and > could not be achieved on my setup. > > Waiting for suggestions. Thanks! > > > > > > > > >
