Hi Ole
Great thanks for your reply.
Actually, I have some idea to patch for Conntrack-like feature.
But I think I will need some guideline to submit a patch.
Could you kindly share some code or docs of "Port overloading with NAT ED" to
me? and I can refer it.
I found some gerrit guide of it.
It will help me to submit some patch.
Thanks again for your help!
Thanks a lot
Regards,
Date
________________________________
寄件者: otr...@employees.org <otr...@employees.org>
寄件日期: 2020年7月23日 下午 06:43
收件者: Date Huang <tjjh89...@hotmail.com>
副本: vpp-dev@lists.fd.io <vpp-dev@lists.fd.io>
主旨: Re: [vpp-dev] Do VPP NAT have Conntrack-like feature?
Hi Date,
Port overloading was added to NAT ED for 20.05.
The static mapping with port overloading isn't yet there.
We would have to split that function from non-port overloading NAT and NAT ED.
Feel free to submit a patch!
Best regards,
Ole
> On 22 Jul 2020, at 18:34, Date Huang <tjjh89...@hotmail.com> wrote:
>
> Hi all,
>
> I'm using VPP to develop my program.
> Here is my scenario.
> I want to use VPP to build a NAT gateway with only one Public IPv4, and all
> traffic need to use this Public IP to internet. (for example: 1.1.1.1)
> I only can allow only one port from external firewall
> So I can only use 1.1.1.1:443 for example.
>
> <Server> is in LAN side.
> <Client> is in internet side.
>
> If I setup a DNAT rule to map <Server1>:1234 to 1.1.1.1:443, and <Client1>
> connected to <Server1>:1234 via 1.1.1.1:443.
> I will need to re-use 1.1.1.1:443 for <Client2> connect to <Server2>:4321.
> In Linux Kernel Netfilter, we can use "Conntrack" to save session, and keep
> TCP connection.
> So I can remove DNAT rule and create a new rule to map <Client2> to <Server2>
> without losing <Client1> to <Server1> connection.
>
> I try to use VPP to speed up performance
> I found VPP will delete related session when I removed DNAT rule.
> So I cannot keep session in VPP.
>
> Here is my startup.conf
>
> nat { endpoint-dependent }
>
> Here is my config in vppctl
>
> set interface mac address TenGigabitEthernet6/0/0 00:00:00:00:00:01
> set interface mac address TenGigabitEthernet6/0/1 00:00:00:00:00:02
> create bond mode round-robin
> bond add BondEthernet0 TenGigabitEthernet6/0/0
> bond add BondEthernet0 TenGigabitEthernet6/0/1
> create sub-interfaces BondEthernet0 10
> create sub-interfaces BondEthernet0 11
> set interface ip address BondEthernet0.10 192.168.1.1/16
> set interface ip address BondEthernet0.11 1.1.1.1/24
> ip route add 0.0.0.0/0 via 1.1.1.254 BondEthernet0.11
> set ip neighbor BondEthernet0.11 1.1.1.254 00:00:00:00:00:03
> set interface state BondEthernet0 up
> set interface state BondEthernet0.10 up
> set interface state BondEthernet0.11 up
> set interface state TenGigabitEthernet6/0/0 up
> set interface state TenGigabitEthernet6/0/1 up
> nat44 add interface address BondEthernet0.11
> set interface nat44 in BondEthernet0.10
> set interface nat44 out BondEthernet0.11
>
> nat44 add static mapping tcp local 10.0.0.2 1234 external 1.1.1.1 443
>
>
> Do you guys have some advice for me?
>
> Thanks a lot
> Regards,
> Date Huang
>
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#17062): https://lists.fd.io/g/vpp-dev/message/17062
Mute This Topic: https://lists.fd.io/mt/75745767/21656
Group Owner: vpp-dev+ow...@lists.fd.io
Unsubscribe: https://lists.fd.io/g/vpp-dev/unsub [arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-
