Hello, Max translations per user is a NAT44 EI (endpoint independent) plugin concept. EI plugin was previously mode of NAT. NAT would run either EI or ED (endpoint dependent). If you are interested in running EI mode please use the plugin configuration as follows:
nat44 ei enable nat44 ei add interface nat44 ei add static interface ... All nat44 ei plugin commands are prefixed with ei. In NAT44 ed plugin you are not able to specify session limiting based on internal ip address in othre words user. You can only specify per vrf limit if you like so: set nat44 session limit P.S. nat44 ed commands will be also prefixed with ed in the near future. Best regards, Filip Varga From: vpp-dev@lists.fd.io <vpp-dev@lists.fd.io> On Behalf Of Xuo Guoto via lists.fd.io Sent: Monday, March 29, 2021 5:48 PM To: vpp-dev@lists.fd.io Subject: [vpp-dev] nat-ed and max translations per user Importance: High Hello, While going through the nat configuration of latest VPP, I find that max translations per user is missing and is kind of replaced by "nat44 enable sessions 400000 endpoint-dependent" which limit max translations per thread. Is there any equivalent config of max translations per user in latest VPP? If not, how to prevent one user (possibly infected) from using up all the sessions of a thread and create a DoS situation? X.
-=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#19048): https://lists.fd.io/g/vpp-dev/message/19048 Mute This Topic: https://lists.fd.io/mt/81699736/21656 Group Owner: vpp-dev+ow...@lists.fd.io Unsubscribe: https://lists.fd.io/g/vpp-dev/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
