Hi, Only difference is that nat44-in2out-output send packet to interface-output instead of ip4-lookup Instead of "set interface nat44 in GigabitEthernet0/8/0 out GigabitEthernet0/a/0" use "set interface nat44 out GigabitEthernet0/a/0 output-feature" and if you need hairpining use "set interface nat44 in GigabitEthernet0/8/0" too.
Regards, Matus -----Original Message----- From: vpp-dev@lists.fd.io <vpp-dev@lists.fd.io> On Behalf Of Matthew Smith Sent: Tuesday, May 8, 2018 6:57 PM To: vpp-dev <vpp-dev@lists.fd.io> Subject: [vpp-dev] NAT output-feature Hi, The NAT plugin CLI command to configure an interface to participate in NAT has a flag “output-feature” that affects how outbound (“in2out”) processing is done. Can the output-feature option be used in any situation where the standard in2out processing can be used? Are there any limitations on what use cases can be supported with output-feature enabled (or with it not enabled)? My reason for asking: I tried to configure an IPsec tunnel to be terminated on a NAT inside interface. When ESP packets arrive, the source address gets rewritten to the NAT pool address by NAT44 in2out (slow path) . After a FIB lookup determined that the destination address was local, the packet is dropped because the source address and destination address are both local so it looks like the source address is spoofed. I created a patch that avoids this issue with the standard in2out. Then I noticed the output feature version of in2out and wondered if that might be better to use in this case. I’m trying to figure out if I would lose anything (e.g. interoperability with some feature, throughput) by handling in2out traffic as an output feature. Thanks! -Matt -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#9216): https://lists.fd.io/g/vpp-dev/message/9216 View All Messages In Topic (2): https://lists.fd.io/g/vpp-dev/topic/18873742 Mute This Topic: https://lists.fd.io/mt/18873742/21656 New Topic: https://lists.fd.io/g/vpp-dev/post Change Your Subscription: https://lists.fd.io/g/vpp-dev/editsub/21656 Group Home: https://lists.fd.io/g/vpp-dev Contact Group Owner: vpp-dev+ow...@lists.fd.io Terms of Service: https://lists.fd.io/static/tos Unsubscribe: https://lists.fd.io/g/vpp-dev/unsub -=-=-=-=-=-=-=-=-=-=-=-
