Hi, Found another issue in logging. When we connect to HTTP server via a web browser, the 'show nat44 deterministic sessions' command shows the result of the translation. However, when we use curl or wget to fetch the same page, the translation does not show up in the CLI command. After repeating curl command multiple times and quickly rechecking the show sessions command, we were able to capture the translation once out of 10 times.
So, to further check I wrote a script on the inside address to curl the webserver multiple times and another on VPP machine to call "vppctl show nat44 deterministic sessions" repeatedly (after every 10 milliseconds) so I was able to gather the following results: vpp# NAT44 deterministic sessions: in 100.64.0.5:53696 out 192.168.10.128:22464 external host 192.168.4.2:80 state: tcp-fin-wait expire: 3883 NAT44 deterministic sessions: NAT44 deterministic sessions: in 100.64.0.5:53698 out 192.168.10.128:22466 external host 192.168.4.2:80 state: tcp-established expire: 3903 NAT44 deterministic sessions: NAT44 deterministic sessions: NAT44 deterministic sessions: in 100.64.0.5:53700 out 192.168.10.128:22468 external host 192.168.4.2:80 state: tcp-established expire: 3903 NAT44 deterministic sessions: NAT44 deterministic sessions: in 100.64.0.5:53702 out 192.168.10.128:22470 external host 192.168.4.2:80 state: tcp-syn-sent expire: 3883 NAT44 deterministic sessions: in 100.64.0.5:53702 out 192.168.10.128:22470 external host 192.168.4.2:80 state: tcp-established expire: 3903 NAT44 deterministic sessions: NAT44 deterministic sessions: in 100.64.0.5:53704 out 192.168.10.128:22472 external host 192.168.4.2:80 state: tcp-established expire: 3903 NAT44 deterministic sessions: in 100.64.0.5:53704 out 192.168.10.128:22472 external host 192.168.4.2:80 state: tcp-established expire: 3903 NAT44 deterministic sessions: NAT44 deterministic sessions: in 100.64.0.5:53706 out 192.168.10.128:22474 external host 192.168.4.2:80 state: tcp-established expire: 3903 NAT44 deterministic sessions: NAT44 deterministic sessions: NAT44 deterministic sessions: in 100.64.0.5:53708 out 192.168.10.128:22476 external host 192.168.4.2:80 state: tcp-established expire: 3903 NAT44 deterministic sessions: NAT44 deterministic sessions: in 100.64.0.5:53710 out 192.168.10.128:22478 external host 192.168.4.2:80 state: tcp-syn-sent expire: 3884 NAT44 deterministic sessions: NAT44 deterministic sessions: NAT44 deterministic sessions: in 100.64.0.5:53712 out 192.168.10.128:22480 external host 192.168.4.2:80 state: tcp-established expire: 3904 NAT44 deterministic sessions: in 100.64.0.5:53712 out 192.168.10.128:22480 external host 192.168.4.2:80 state: tcp-fin-wait expire: 3884 NAT44 deterministic sessions: NAT44 deterministic sessions: in 100.64.0.5:53714 out 192.168.10.128:22482 external host 192.168.4.2:80 state: tcp-established expire: 3904 NAT44 deterministic sessions: in 100.64.0.5:53714 out 192.168.10.128:22482 external host 192.168.4.2:80 state: tcp-fin-wait expire: 3884 NAT44 deterministic sessions: NAT44 deterministic sessions: in 100.64.0.5:53716 out 192.168.10.128:22484 external host 192.168.4.2:80 state: tcp-established expire: 3904 NAT44 deterministic sessions: NAT44 deterministic sessions: in 100.64.0.5:53718 out 192.168.10.128:22486 external host 192.168.4.2:80 state: tcp-established expire: 3904 NAT44 deterministic sessions: in 100.64.0.5:53718 out 192.168.10.128:22486 external host 192.168.4.2:80 state: tcp-fin-wait expire: 3884 NAT44 deterministic sessions: in 100.64.0.5:53720 out 192.168.10.128:22488 external host 192.168.4.2:80 state: tcp-established expire: 3904 NAT44 deterministic sessions: in 100.64.0.5:53720 out 192.168.10.128:22488 external host 192.168.4.2:80 state: tcp-fin-wait expire: 3884 NAT44 deterministic sessions: NAT44 deterministic sessions: in 100.64.0.5:53722 out 192.168.10.128:22490 external host 192.168.4.2:80 state: tcp-established expire: 3904 NAT44 deterministic sessions: NAT44 deterministic sessions: NAT44 deterministic sessions: in 100.64.0.5:53724 out 192.168.10.128:22492 external host 192.168.4.2:80 state: tcp-fin-wait expire: 3884 NAT44 deterministic sessions: NAT44 deterministic sessions: in 100.64.0.5:53726 out 192.168.10.128:22494 external host 192.168.4.2:80 state: tcp-established expire: 3904 NAT44 deterministic sessions: in 100.64.0.5:53726 out 192.168.10.128:22494 external host 192.168.4.2:80 state: tcp-fin-wait expire: 3884 NAT44 deterministic sessions: NAT44 deterministic sessions: in 100.64.0.5:53728 out 192.168.10.128:22496 external host 192.168.4.2:80 state: tcp-established expire: 3904 NAT44 deterministic sessions: NAT44 deterministic sessions: NAT44 deterministic sessions: in 100.64.0.5:53730 out 192.168.10.128:22498 external host 192.168.4.2:80 state: tcp-established expire: 3904 NAT44 deterministic sessions: NAT44 deterministic sessions: On Wed, Apr 25, 2018 at 11:48 AM, Hamid Rasool <14mseesras...@seecs.edu.pk> wrote: > Hi once again, > > Thank you Matus for the time and support. Today, I made another effort of > logging non-deterministic CG-NAT. > I have finally managed to verify that my collector machine is indeed > receiving IPFIX messages from my VM. However, the "nat ipfix logging" > function is still not working. After setting up ipfix exporter collector > and nat ipfix logging commands and receiving no packets on my collector > even after "ipfix flush", I have used the following commands to get the > flow information from the outside address of NAT: > > vpp# flowprobe params record l3 active 1 > vpp# flowprobe feature add-del loop0 ip4 > > I was able to receive IPFIX messages as shown in the screenshot. My > collector setup is simply running a netcat listening UDP server and > wireshark on the attached interface. > > The NAT translations are taking place as verified here but I have not > received any NAT translation IPFIX logs: > vpp# show nat44 sessions > NAT44 sessions: > 100.64.0.1: 56 dynamic translations, 0 static translations > > > On Tue, Apr 24, 2018 at 4:03 PM, Matus Fabian -X (matfabia - PANTHEON > TECHNOLOGIES at Cisco) <matfa...@cisco.com> wrote: > >> You can use vat console >> >> >> >> Matus >> >> >> >> *From:* Hamid Rasool <14mseesras...@seecs.edu.pk> >> *Sent:* Tuesday, April 24, 2018 12:52 PM >> >> *To:* Matus Fabian -X (matfabia - PANTHEON TECHNOLOGIES at Cisco) < >> matfa...@cisco.com> >> *Cc:* vpp-dev@lists.fd.io >> *Subject:* Re: [vpp-dev] #vpp CGNAT implementation in VPP >> >> >> >> Thanks. >> >> >> >> I dont know if it is a bug or for some other reason, my setup works >> better when I add both deterministic and non-deterministic commands to get >> deterministic mapping. When I used only deterministic commands, I got some >> issues with reverse NAT translations. In particular, those internal >> addresses mapped with the first outside address established sessions while >> all other addresses did not function properly. Adding non-deterministic >> commands fixed the problem somehow. >> >> >> >> About the API calls, do I need to build a run a .c program as documented >> here <https://wiki.fd.io/view/VPP/How_To_Use_The_C_API> or is there a >> more simple approach like vat# console for this purpose? >> >> >> >> On Tue, Apr 24, 2018 at 3:20 PM, Matus Fabian -X (matfabia - PANTHEON >> TECHNOLOGIES at Cisco) <matfa...@cisco.com> wrote: >> >> Hi, >> >> >> >> You can’t use deterministic and non-deterministic NAT commands at same >> time. >> >> When you want to store active deterministic sessions somewhere you can >> use API nat_det_session_dump (https://wiki.fd.io/view/VPP/NAT#API_2), >> just call this API periodically. >> >> >> >> Matus >> >> >> >> >> >> *From:* Hamid Rasool <14mseesras...@seecs.edu.pk> >> *Sent:* Tuesday, April 24, 2018 11:56 AM >> >> >> *To:* Matus Fabian -X (matfabia - PANTHEON TECHNOLOGIES at Cisco) < >> matfa...@cisco.com> >> *Cc:* vpp-dev@lists.fd.io >> *Subject:* Re: [vpp-dev] #vpp CGNAT implementation in VPP >> >> >> >> Thanks Matus. >> >> >> >> I was using namespaces to generate internal addresses and after >> verifying, the address range was indeed deterministic. >> >> >> >> To partially solve my logging issue, when you add the commands for >> deterministic and non-deterministic at the same time (start address-end >> address according to the outside address pool), I get back details of the >> current sessions through 'show nat44 deterministic sessions' commands. This >> command only shows the active sessions. Is there any way to make this >> mapping persistent/store these results in a file/database? >> >> >> >> Regards. >> >> >> >> On Tue, Apr 24, 2018 at 1:17 PM, Matus Fabian -X (matfabia - PANTHEON >> TECHNOLOGIES at Cisco) <matfa...@cisco.com> wrote: >> >> Hi, >> >> >> >> Are internal addresses you used sequence or are randomly selected from >> internal network range? >> >> Deterministic NAT use sequential outside address and port range >> assignment (first block of external address goes to first address from >> inside network range, second block of external address goes to second >> address and so on). There is also CLI where you can obtain outside address >> and port range for specific inside host “nat44 deterministic forward >> <addr>” and also CLI to obtain inside host address from specific outside >> address and port pair “nat44 deterministic reverse <addr>:<port>” >> >> Example: >> >> DBGvpp# nat44 deterministic add in 10.0.0.0/18 out 1.1.1.1/30 >> >> DBGvpp# nat44 deterministic forward 10.0.55.6 >> >> 1.1.1.3:<27994-28008> >> >> DBGvpp# nat44 deterministic forward 10.0.55.7 >> >> 1.1.1.3:<28009-28023> >> >> DBGvpp# nat44 deterministic forward 10.0.55.8 >> >> 1.1.1.3:<28024-28038> >> >> DBGvpp# nat44 deterministic reverse 1.1.1.1:1276 >> >> 10.0.16.16 >> >> >> >> >> >> Matus >> >> >> >> >> >> *From:* Hamid Rasool <14mseesras...@seecs.edu.pk> >> *Sent:* Tuesday, April 24, 2018 9:44 AM >> >> >> *To:* Matus Fabian -X (matfabia - PANTHEON TECHNOLOGIES at Cisco) < >> matfa...@cisco.com> >> *Cc:* vpp-dev@lists.fd.io >> *Subject:* Re: [vpp-dev] #vpp CGNAT implementation in VPP >> >> >> >> Hi again, >> >> >> >> I have ran into some issues while performing deterministic CG-NAT. You >> guys told that we do not require logging in this because we are sure that >> clients will get deterministic outside addresses according to ratio. >> However, I was set mappings ratio as 16 and have created sessions using 16 >> different inside addresses. In case of deterministic, they should all map >> to a single outside address and then the 17th different inside address >> should be attached to a different outside address. This is not the case for >> me as 10 sessions are going to 1st address and other 6 are mapped to second >> one. >> >> >> >> There is currently no way to track this other than tcpdump. In the normal >> nat44, there is a show nat44 addresses which gives some idea about the >> mappings, but the show nat44 deterministic mappings (in stable/1804) only >> provides the ratio and number of ports calculated which is not too helpful. >> >> >> >> Looking for better ideas to track these addresses or make them truly >> deterministic. Thanks. >> >> >> >> On Mon, Apr 23, 2018 at 10:47 AM, Matus Fabian -X (matfabia - PANTHEON >> TECHNOLOGIES at Cisco) <matfa...@cisco.com> wrote: >> >> Src address is mandatory parameter >> >> >> >> Matus >> >> >> >> *From:* Hamid Rasool <14mseesras...@seecs.edu.pk> >> *Sent:* Monday, April 23, 2018 7:31 AM >> *To:* Matus Fabian -X (matfabia - PANTHEON TECHNOLOGIES at Cisco) < >> matfa...@cisco.com> >> >> *Cc:* vpp-dev@lists.fd.io >> *Subject:* Re: [vpp-dev] #vpp CGNAT implementation in VPP >> >> >> >> Is the src <IP address> necessary in the netflow export collector >> command? I have ping connectivity with the collector but still I am unable >> to get any flows are visible. >> >> It is a bit odd because I only want to verify the inside address:inside >> port and outside address:outside port and for that you need an extra setup. >> >> >> >> Thanks. >> >> >> >> On Mon, Apr 16, 2018 at 6:49 PM, Hamid Rasool <14mseesras...@seecs.edu.pk> >> wrote: >> >> No luck with the tcpdump (it only shows the broadcast routing protocol >> messages from a virtual router interface that it is connected with;my test >> bed topology has multiple hosts) during ipfix flush command either. >> >> >> >> Is there any logs for ipfix / NAT translation logs stored on the local >> machine where vpp is running? So far the only way you can obtain the >> translated ports currently is by running tcpdump on the vpp machine >> outbound interface but they are not viable to maintain logging. I have >> tried running tcpdump on the vpp machine on the interface which is used to >> check ping connectivity with the collector machine and have still not >> observed anything relevant. >> >> >> >> Thanks. >> >> >> >> On Mon, Apr 16, 2018 at 3:52 PM, Matus Fabian -X (matfabia - PANTHEON >> TECHNOLOGIES at Cisco) <matfa...@cisco.com> wrote: >> >> This should send some IPfix NAT44 session create events. Do you observe >> any traffic in tcpdump at the collector machine when use “ipfix flush”? >> This command should at least send IPfix templates. >> >> >> >> Matus >> >> >> >> >> >> *From:* vpp-dev@lists.fd.io <vpp-dev@lists.fd.io> *On Behalf Of *Hamid >> via Lists.Fd.Io >> *Sent:* Monday, April 16, 2018 12:17 PM >> >> >> *To:* Matus Fabian -X (matfabia - PANTHEON TECHNOLOGIES at Cisco) < >> matfa...@cisco.com> >> *Cc:* vpp-dev@lists.fd.io >> *Subject:* Re: [vpp-dev] #vpp CGNAT implementation in VPP >> >> >> >> Currently I have just 1 client connected. >> >> >> >> vpp# show nat44 sessions >> >> NAT44 sessions: >> >> 100.64.0.1: 100 dynamic translations, 0 static translations >> >> >> >> >> >> Here are all of the VPP commands used (involve a few TAP and bvi >> interfaces): >> Is there a command history option in vpp cli? >> >> loopback create >> >> set int l2 bridge loop0 1 bvi >> >> set int ip address loop0 192.168.10.1/24 >> >> set int state loop0 up >> >> >> >> tap connect lstack address 192.168.10.2/24 >> >> set int l2 bridge tapcli-0 1 >> >> set int state tapcli-0 up >> >> >> >> loopback create >> >> set int l2 bridge loop1 2 bvi >> >> set int ip address loop1 192.168.100.1/24 >> >> set int state loop1 up >> >> >> >> tap connect lstack1 address 192.168.100.2/24 >> >> set int l2 bridge tapcli-1 2 >> >> set int state tapcli-1 up >> >> >> >> nat44 add interface address loop0 >> >> set interface nat44 in loop1 out loop0 >> >> nat44 add address 192.168.10.20 - 192.168.10.30 >> >> >> >> set int l2 bridge GigabitEthernet0/3/0 1 >> >> set int state GigabitEthernet0/3/0 up >> >> >> >> ip route add 100.64.0.0/24 via 192.168.100.2 >> >> ip route add 0.0.0.0/0 via 192.168.10.3 >> >> >> >> set ipfix exporter collector 192.168.4.3 port 2055 src 192.168.10.1 >> >> nat ipfix logging >> >> >> >> >> >> On Mon, Apr 16, 2018 at 3:07 PM, Matus Fabian -X (matfabia - PANTHEON >> TECHNOLOGIES at Cisco) <matfa...@cisco.com> wrote: >> >> How many NAT session client create? IPfix should send at least templates >> each 20 seconds if there is no data. You can manually send cached IPfix >> data and templates by “ipfix flush”. Could you please provide your VPP >> config (all used CLI config commands)? There are couple of NAT IPfix tests >> and all pass. >> >> >> >> Matus >> >> >> >> >> >> *From:* Hamid Rasool <hamidras...@gmail.com> >> *Sent:* Monday, April 16, 2018 11:09 AM >> >> >> *To:* Matus Fabian -X (matfabia - PANTHEON TECHNOLOGIES at Cisco) < >> matfa...@cisco.com> >> *Cc:* vpp-dev <vpp-dev@lists.fd.io> >> *Subject:* Re: [vpp-dev] #vpp CGNAT implementation in VPP >> >> >> >> I have not made any changes to the default startup config, i.e. there is >> no 'nat { }' present in the config and the plugins and dpdk sections >> commented out. >> >> >> >> I want these templates for NAT44 Session create and NAT44 Session delete >> events: >> >> observationTimeMilliseconds >> >> 64 >> >> natEvent >> >> 8 >> >> sourceIPv4Address >> >> 32 >> >> postNATSourceIPv4Address >> >> 32 >> >> protocolIdentifier >> >> 8 >> >> sourceTransportPort >> >> 16 >> >> postNAPTSourceTransportPort >> >> 16 >> >> I have also moved to the master since last week (and have noticed some >> details added to show nat44 commands), my version is now: >> vpp v18.07-rc0~26-ge150238 >> >> >> >> Thanks. >> >> >> >> On Mon, Apr 16, 2018 at 12:50 PM, Matus Fabian -X (matfabia - PANTHEON >> TECHNOLOGIES at Cisco) <matfa...@cisco.com> wrote: >> >> Hi, >> >> >> >> What is your NAT plugin config and what NAT IPfix event do you want >> trigger? >> >> >> >> Matus >> >> >> >> >> >> *From:* Hamid Rasool <hamidras...@gmail.com> >> *Sent:* Monday, April 16, 2018 9:12 AM >> *To:* Matus Fabian -X (matfabia - PANTHEON TECHNOLOGIES at Cisco) < >> matfa...@cisco.com> >> *Cc:* vpp-dev <vpp-dev@lists.fd.io> >> >> >> *Subject:* Re: [vpp-dev] #vpp CGNAT implementation in VPP >> >> >> >> Hi Matus, >> >> >> >> I have tried setting up NFSen and NFDump setup on a logically connected >> VM with my VPP instance. I have then used the 2 commands that you added in >> the Wiki: >> >> >> >> vpp# set ipfix exporter collector 192.168.4.3 port 2055(listening port) >> src 192.168.10.1(outbound interface IP) >> >> vpp# nat ipfix logging >> >> >> >> The graphs did not show anything after I passed iperf and ping traffic >> from the CG-NAT host clients, and did not even observe any traffic in >> tcpdump at the collector machine. I have verified ping connectivity from >> VPP machine to the collector machine and conf files + netstat to verify the >> listening port. >> >> >> >> Does VPP maintain any local logs for the ipfix exports? >> >> >> >> Regards. >> >> >> >> >> >> On Mon, Apr 9, 2018 at 11:39 AM, Matus Fabian -X (matfabia - PANTHEON >> TECHNOLOGIES at Cisco) <matfa...@cisco.com> wrote: >> >> Only CLI commands, no startup config changes required >> >> >> >> Matus >> >> >> >> *From:* Hamid Rasool <14mseesras...@seecs.edu.pk> >> *Sent:* Monday, April 9, 2018 8:06 AM >> *To:* Matus Fabian -X (matfabia - PANTHEON TECHNOLOGIES at Cisco) < >> matfa...@cisco.com>; vpp-dev <vpp-dev@lists.fd.io> >> >> >> *Subject:* Re: [vpp-dev] #vpp CGNAT implementation in VPP >> >> >> >> Thanks again Matus. Specially for updating the Wiki! >> >> >> >> Do I need to change anything in the startup config to enable ipfix in NAT >> or do the CLI commands in the example config work as standard? >> >> >> >> On Mon, Apr 9, 2018 at 10:20 AM, Matus Fabian -X (matfabia - PANTHEON >> TECHNOLOGIES at Cisco) <matfa...@cisco.com> wrote: >> >> Supported templates for deterministic NAT https://wiki.fd.io/view/VPP/NA >> T#IPFIX_templates >> >> Supported templates for standard NAT https://wiki.fd.io/view/VPP/NA >> T#NAT_IPFIX_logging >> >> IPFix data and template records are transmitted over UDP ( >> https://tools.ietf.org/html/rfc7011, https://tools.ietf.org/html/rfc8158) >> >> IPFix example configuration https://wiki.fd.io/view/VPP/NA >> T#Enable_NAT_plugin_IPFIX_logging_example >> >> >> >> Matus >> >> >> >> >> >> *From:* Hamid Rasool <14mseesras...@seecs.edu.pk> >> *Sent:* Friday, April 6, 2018 4:23 PM >> >> >> *To:* Matus Fabian -X (matfabia - PANTHEON TECHNOLOGIES at Cisco) < >> matfa...@cisco.com> >> *Cc:* vpp-dev@lists.fd.io >> *Subject:* Re: [vpp-dev] #vpp CGNAT implementation in VPP >> >> >> >> Thanks Matus for the rapid response. The del command did the trick and I >> will try to repeat the setup for 18.04-rc1 build. I also got some more info >> through the command 'show nat44 detail' which did not show up by ? in the >> CLI by default. >> >> >> >> About IPFIX logging, can you suggest an example template to perform the >> logging: >> >> e.g. >> >> nat { >> >> NAT44 Addresses exhausted >> >> NAT44 Session create >> >> NAT44 Session delete >> >> } >> >> >> >> Also, any pointers to access these IPFIX logs for nat session details >> without using deterministic NAT once the logging has been enable would also >> be very helpful. >> >> >> >> Regards, >> >> Hamid >> >> >> >> On Fri, Apr 6, 2018 at 3:42 PM, Matus Fabian -X (matfabia - PANTHEON >> TECHNOLOGIES at Cisco) <matfa...@cisco.com> wrote: >> >> “show nat44 deterministic mappings” probably doesn’t work because you use >> older version of the VPP (this was changed in 1804) >> >> To delete NAT deterministic mapping use “nat44 deterministic add in >> <addr>/<plen> out <addr>/<plen> del” >> >> Currently you can’t alocate specific number of ports of the external >> address to the internal clients. It is possible to implenet this, patches >> are welcome. >> >> NAT plugin use IPfix for logging events https://wiki.fd.io/view/VPP/NA >> T#IPFIX_templates. Deterministic NAT doesn’t log session since internall >> address is statically mapped to set of external ports of the address >> (purpose of deterministic NAT is to reduce logging >> https://tools.ietf.org/html/rfc7422). >> >> >> >> Matus >> >> >> >> *From:* Hamid Rasool <14mseesras...@seecs.edu.pk> >> *Sent:* Friday, April 6, 2018 12:16 PM >> *To:* Matus Fabian -X (matfabia - PANTHEON TECHNOLOGIES at Cisco) < >> matfa...@cisco.com> >> *Cc:* vpp-dev@lists.fd.io >> *Subject:* Re: [vpp-dev] #vpp CGNAT implementation in VPP >> >> >> >> Thanks Fabian. >> >> >> >> I have configured these steps and it seems to work (although some >> variations of nat deterministic add command caused vpp to crash and reset >> configurations though). However, there is another command in the VPP/NAT >> wiki: "show nat44 deterministic mappings" which does not seem to work. >> >> The "show nat44" command only seem to work however: >> >> >> >> vpp# nat44 deterministic add in 10.10.3.0/25 out 192.168.100.64/28 >> >> vpp# show nat44 >> >> NAT plugin mode: deterministic mapping >> >> udp timeout: 300sec >> >> tcp-established timeout: 7440sec >> >> tcp-transitory timeout: 240sec >> >> icmp timeout: 60sec >> >> 1 deterministic mappings >> >> >> >> >> >> I want to ask how can we delete a pool mapping once we have set it or >> even change it because there seems to be no options to do that. Another >> query is about how can we allocate a specific number of ports of the >> external address to the internal clients. Lets say I want to map 8 internal >> addresses to 1 external for a pool of external addresses, which makes about >> 8000 ports (out of 65000) for each internal address. Is there any way to >> implement. >> >> Last question for now, where are the session logs stored for NAT for each >> flow of packet. Does VPP provide syslog stats or any flow records for nat >> sessions? >> >> >> >> Thanks again! >> >> >> >> >> >> >> >> [image: >> https://ipmcdn.avast.com/images/icons/icon-envelope-tick-round-orange-animated-no-repeat-v1.gif] >> <https://www.avast.com/sig-email?utm_medium=email&utm_source=link&utm_campaign=sig-email&utm_content=webmail&utm_term=icon> >> >> Virus-free. www.avast.com >> <https://www.avast.com/sig-email?utm_medium=email&utm_source=link&utm_campaign=sig-email&utm_content=webmail&utm_term=link> >> >> >> >> On Mon, Mar 19, 2018 at 5:19 PM, Matus Fabian -X (matfabia - PANTHEON >> TECHNOLOGIES at Cisco) <matfa...@cisco.com> wrote: >> >> Hi, >> >> >> >> There is example of CGNAT configuration for currently supported feature >> set https://wiki.fd.io/view/VPP/NAT#Example_configuration >> >> >> >> Basically you need do following 3 steps: >> >> To enable CGNAT mode of NAT plugin add following to startup config: “nat >> { deterministic }” >> >> Set inside and outside interfaces: set interface nat44 in <intfc> out >> <intfc> >> >> Set pool address range for inside network range: nat44 deterministic add >> in <addr>/<plen> out <addr>/<plen> >> >> >> >> That is all you can currently configure. >> >> >> >> Matus >> >> >> >> >> >> *From:* vpp-dev@lists.fd.io <vpp-dev@lists.fd.io> *On Behalf Of *Hamid >> via Lists.Fd.Io >> *Sent:* Monday, March 19, 2018 1:03 PM >> *To:* vpp-dev@lists.fd.io >> *Cc:* vpp-dev@lists.fd.io >> *Subject:* [vpp-dev] #vpp CGNAT implementation in VPP >> >> >> >> Hi, >> >> I have a Ubuntu server machine having 32 cores and four 1 Gigabit NICs >> with KVM hypervisor. I want to test VPP performance for CGNAT in NAT444 >> mode while supporting routing protocols like BGP and IS-IS on VM topology >> setup. Kindly direct me somewhere to get me started. The usage of CGNAT >> with a pool of out address ranges and allocating port numbers is not >> directly explained in the NAT plugin Wiki page. Any info regarding how to >> generate packet traffic to check performance in terms of number of >> concurrent sessions handled by CGNAT on my hardware will also be >> appreciated. >> >> I have tried the progressive VPP tutorial but some of the switching >> related exercises are not functioning as expected and there is no similar >> tutorial or guide to apply CG-NAT along with routing as a PoC software >> router would do. Integration with FRR as per FRR wiki was also outdated and >> could not be achieved on my setup. >> >> Waiting for suggestions. Thanks! >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> > >
