Hi Marcos, > Any thoughts ?
At least two evolutions I can think of for deterministic NAT: 1) support dynamic sessions either instead of statically pre-allocated or in addition to. within the deterministic address/port range. 2) support "overflow", so that if you run out of ports in the deterministic pool, fall back to using shared ports. Cheers, Ole > -----Mensagem original----- > De: mar...@mgiga.com.br <mar...@mgiga.com.br> > Enviada em: quinta-feira, 12 de agosto de 2021 09:40 > Para: 'Ole Troan' <otr...@employees.org> > Cc: 'vpp-dev' <vpp-dev@lists.fd.io> > Assunto: RES: [vpp-dev] CGNAT port assignment > > Hello Ole, > > Thank you for your attention. > > About your statement "You could try setting the define DET44_SES_PER_USER to > whatever value you like." I don't believe its that simple because it depends > of the size of the public IP address pool. For example: If I have a ratio of > 64 user behind a public address and set the DET44_SES_PER_USER value 2000, > there would not be enough ports for all users. > > So my idea is to alocate 1000 slots per protocol to each user. > > > Best Regards > > Yes, I'm talking about deterministic NAT module -----Mensagem original----- > De: vpp-dev@lists.fd.io <vpp-dev@lists.fd.io> Em nome de Ole Troan Enviada > em: quarta-feira, 11 de agosto de 2021 18:20 > Para: Marcos - Mgiga <mar...@mgiga.com.br> > Cc: vpp-dev <vpp-dev@lists.fd.io> > Assunto: Re: [vpp-dev] CGNAT port assignment > > Marcos, > >> I’m aware that VPP NAT Plugin has a limitation of 1000 ports per inside >> users, but eventually that amount of connections is not enough. >> >> I would like to get some guidance on how to change that VPP logic When >> assigning ports to users when working with deterministic nat, so users can >> get at least 1000 ports per protocol ( 1000 per TCP, 1000 per UDP, 1000 per >> ICMP), of course respecting the size of the public pool. >> >> Have someone ever thought of that? Could someone give me some start point ? >> >> I’ve spend some time looking into NAT plugin files, but there is a large >> amount of types and functions so I decided to come here to see if anybody >> has went throught this before. > > I presume you are talking about the deterministic NAT module. > That one pre-allocates the session table and reserves 1000 slots per user. > The deterministic NAT uses endpoint dependent mapping so number of sessions > per user is somewhat independent of numbers of ports available. > > You could try setting the define DET44_SES_PER_USER to whatever value you > like. > It's a long time since I looked at deterministic NAT so no guarantees. > > What's the use case? > The NAT44-ED module does not have this limit and might be a candidate too. > > Best regards, > Ole > > > >
signature.asc
Description: Message signed with OpenPGP
-=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#19969): https://lists.fd.io/g/vpp-dev/message/19969 Mute This Topic: https://lists.fd.io/mt/84825472/21656 Group Owner: vpp-dev+ow...@lists.fd.io Unsubscribe: https://lists.fd.io/g/vpp-dev/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-