Yep, definitely looks like this is unsupported. I moved to separated in/out interfaces and packets started flowing appropriately.
On Tue, Sep 29, 2020 at 2:35 PM Joshua Moore via lists.fd.io <j= jcm...@lists.fd.io> wrote: > Hello, > > Do we know if the same in/out interface for NAT in deterministic mode is > supported in VPP? I am seeing a strange behavior where return traffic is > not matching the session. For example, see session below where a DNS > request is initially captured outbound to 8.8.8.8: > http://jcm.me/session.txt > > As you can see, this is recorded as 1.1.1.0:2325 for the outside > translated IP/port: > > in 100.65.0.2:35573 out 1.1.1.0:2325 external host 8.8.8.8:53 state: > udp-active expire: 869 > > When reply comes back from 8.8.8.8 though to 1.1.1.0:2325 the packet is > dropped. I captured this in the trace: http://jcm.me/trace.txt > > The only thing I can think of here that may be a little odd with my setup > is that I am using the same interface for inside and outside. See my VPP > config below: > > jmoore@test:~$ cat /etc/vpp/setup.gate > set interface ip address loop0 1.1.1.1/29 > set interface state loop0 up > set interface ip address GigabitEthernet3/0/0 172.16.30.250/24 > set int nat44 in GigabitEthernet3/0/0 out GigabitEthernet3/0/0 > nat44 deterministic add in 100.65.0.0/22 out 1.1.1.0/29 > set interface state GigabitEthernet3/0/0 up > ip route add 0.0.0.0/0 via 172.16.30.1 > > Any reason that the trace is showing the below? > > 00:09:23:047897: drop > nat44-det-in2out: No translation > > > >
-=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#17594): https://lists.fd.io/g/vpp-dev/message/17594 Mute This Topic: https://lists.fd.io/mt/77203973/21656 Group Owner: vpp-dev+ow...@lists.fd.io Unsubscribe: https://lists.fd.io/g/vpp-dev/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
