Hi Marcos,

> Any thoughts ?

At least two evolutions I can think of for deterministic NAT:

1) support dynamic sessions either instead of statically pre-allocated or in 
addition to.
   within the deterministic address/port range.
2) support "overflow", so that if you run out of ports in the deterministic 
pool, fall back
   to using shared ports.

Cheers,
Ole


> -----Mensagem original-----
> De: mar...@mgiga.com.br <mar...@mgiga.com.br>
> Enviada em: quinta-feira, 12 de agosto de 2021 09:40
> Para: 'Ole Troan' <otr...@employees.org>
> Cc: 'vpp-dev' <vpp-dev@lists.fd.io>
> Assunto: RES: [vpp-dev] CGNAT port assignment
> 
> Hello Ole,
> 
> Thank you for your attention.
> 
> About your statement "You could try setting the define DET44_SES_PER_USER to 
> whatever value you like."  I don't believe its that simple because it depends 
> of the size of the public IP address pool. For example: If I have a ratio of 
> 64 user behind a public address and set the DET44_SES_PER_USER value 2000, 
> there would not be enough ports for all users.
> 
> So my idea is to alocate 1000 slots per protocol to each user.
> 
> 
> Best Regards
> 
> Yes, I'm talking about deterministic NAT module -----Mensagem original-----
> De: vpp-dev@lists.fd.io <vpp-dev@lists.fd.io> Em nome de Ole Troan Enviada 
> em: quarta-feira, 11 de agosto de 2021 18:20
> Para: Marcos - Mgiga <mar...@mgiga.com.br>
> Cc: vpp-dev <vpp-dev@lists.fd.io>
> Assunto: Re: [vpp-dev] CGNAT port assignment
> 
> Marcos,
> 
>> I’m aware that VPP NAT Plugin has a limitation of 1000 ports per inside 
>> users, but eventually that amount of connections is not enough.
>> 
>> I would like to get some guidance on how to change that VPP logic When 
>> assigning ports to users when working with deterministic nat, so users can 
>> get at least 1000 ports per protocol ( 1000 per TCP, 1000 per UDP, 1000 per 
>> ICMP), of course respecting the size of the public pool.
>> 
>> Have someone ever thought of that? Could someone give me some start point ?
>> 
>> I’ve spend some time looking into NAT plugin files, but there is a large 
>> amount of types and functions so I decided to come here to see if anybody 
>> has went throught this before.
> 
> I presume you are talking about the deterministic NAT module.
> That one pre-allocates the session table and reserves 1000 slots per user.
> The deterministic NAT uses endpoint dependent mapping so number of sessions 
> per user is somewhat independent of numbers of ports available.
> 
> You could try setting the define DET44_SES_PER_USER to whatever value you 
> like.
> It's a long time since I looked at deterministic NAT so no guarantees.
> 
> What's the use case?
> The NAT44-ED module does not have this limit and might be a candidate too.
> 
> Best regards,
> Ole
> 
> 
> 
> 

Attachment: signature.asc
Description: Message signed with OpenPGP

-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#19969): https://lists.fd.io/g/vpp-dev/message/19969
Mute This Topic: https://lists.fd.io/mt/84825472/21656
Group Owner: vpp-dev+ow...@lists.fd.io
Unsubscribe: https://lists.fd.io/g/vpp-dev/unsub [arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

Reply via email to