Re: [vpp-dev] VPP Deterministic NAT Same in/out Interface Not Matching Session

Wed, 30 Sep 2020 02:26:59 -0700 

Hi Joshua,

Try to run your setup on master branch with recent changes. Few weeks ago i 
have moved deterministic feature out of snat plugin. Now deterministic feature 
is running in it’s separate plugin. Please check det44 sub plugin. If you have 
any issues feel free to write me back.

Best regards,
Filip Varga

From: vpp-dev@lists.fd.io <vpp-dev@lists.fd.io> On Behalf Of Joshua Moore
Sent: Tuesday, September 29, 2020 11:38 PM
To: Joshua Moore <j...@jcm.me>
Cc: vpp-dev@lists.fd.io
Subject: Re: [vpp-dev] VPP Deterministic NAT Same in/out Interface Not Matching 
Session
Importance: High

Yep, definitely looks like this is unsupported. I moved to separated in/out 
interfaces and packets started flowing appropriately.



On Tue, Sep 29, 2020 at 2:35 PM Joshua Moore via 
lists.fd.io<http://lists.fd.io> 
<j=jcm...@lists.fd.io<mailto:jcm...@lists.fd.io>> wrote:
Hello,

Do we know if the same in/out interface for NAT in deterministic mode is 
supported in VPP? I am seeing a strange behavior where return traffic is not 
matching the session. For example, see session below where a DNS request is 
initially captured outbound to 8.8.8.8<http://8.8.8.8>: 
http://jcm.me/session.txt

As you can see, this is recorded as 1.1.1.0:2325<http://1.1.1.0:2325> for the 
outside translated IP/port:

    in 100.65.0.2:35573<http://100.65.0.2:35573> out 
1.1.1.0:2325<http://1.1.1.0:2325> external host 8.8.8.8:53<http://8.8.8.8:53> 
state: udp-active expire: 869

When reply comes back from 8.8.8.8 though to 1.1.1.0:2325<http://1.1.1.0:2325> 
the packet is dropped. I captured this in the trace: http://jcm.me/trace.txt

The only thing I can think of here that may be a little odd with my setup is 
that I am using the same interface for inside and outside. See my VPP config 
below:
jmoore@test:~$ cat /etc/vpp/setup.gate
set interface ip address loop0 1.1.1.1/29<http://1.1.1.1/29>
set interface state loop0 up
set interface ip address GigabitEthernet3/0/0 
172.16.30.250/24<http://172.16.30.250/24>
set int nat44 in GigabitEthernet3/0/0 out GigabitEthernet3/0/0
nat44 deterministic add in 100.65.0.0/22<http://100.65.0.0/22> out 
1.1.1.0/29<http://1.1.1.0/29>
set interface state GigabitEthernet3/0/0 up
ip route add 0.0.0.0/0<http://0.0.0.0/0> via 172.16.30.1

Any reason that the trace is showing the below?
00:09:23:047897: drop
  nat44-det-in2out: No translation



-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#17606): https://lists.fd.io/g/vpp-dev/message/17606
Mute This Topic: https://lists.fd.io/mt/77203973/21656
Group Owner: vpp-dev+ow...@lists.fd.io
Unsubscribe: https://lists.fd.io/g/vpp-dev/unsub [arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

Reply via email to