Hi,
From the first look i can see you are not enabling deterministic plugin like
you are nat44 plugin. Secondly mixing both plugins isn't fully supported. There
could be probably some issues. I am not completely sure about your use cases
but using static mappings in this kind of scenario isn't viable solution.
If you just want each subnet to have different outside address. You should
definitely use PAT - aka dynamic mapping and put all of those inside subnets in
different VRF's after that add nat address for each vrf.
VRF1 192.168.0/24 -> 10.0.0.1
VRF2 192.168.1/24 - > 10.0.02
etc.
Be sure to set inside - vrf interfaces as inside and outside interface as
outside.
Use nat44-ed plugin.
Best regards,
Filip
-----Original Message-----
From: vpp-dev@lists.fd.io <vpp-dev@lists.fd.io> On Behalf Of Adrian Imboden
Sent: Thursday, January 20, 2022 1:55 AM
To: vpp-dev@lists.fd.io
Subject: [vpp-dev] SNAT, nat44 with static mapping of whole subnet
Importance: High
Hi all
I'm using vpp only recently and I am very happy with the way it works.
I am currently trying to replace my linux based router with a linux based vpp
router.
- I use version release 21.10
- I have a small ipv4 /24 network and an additional static ip
- I have multiple subnets (test1, test2 in the example)
What I want to do is:
- Do SNAT
- Map each subnet to a single ipv4 address
- For my test: assume 10.10.100.50-10.10.100.52 are my public ips
What I have now is the following:
```
comment { ====================== setting up testnet1 } create tap id 1
host-if-name testnet1 host-ip4-addr 192.168.10.1/23 create loopback interface
instance 1 set interface ip address loop1 192.168.10.255/23
set int l2 bridge tap1 1
set int l2 bridge loop1 1 bvi
set int l2 bridge TenGigabitEthernet8/0/0 1
comment { ====================== setting up testnet2 } create tap id 2
host-if-name testnet2 host-ip4-addr 192.168.12.1/23 create loopback interface
instance 2 set interface ip address loop2 192.168.12.255/23
set int l2 bridge tap2 2
set int l2 bridge loop2 2 bvi
set interface ip address TenGigabitEtherneta/0/3 10.10.100.50/23 set interface
ip address TenGigabitEtherneta/0/3 10.10.100.51/23 set interface ip address
TenGigabitEtherneta/0/3 10.10.100.52/23
nat44 enable
nat44 add address 10.10.100.50
nat44 add address 10.10.100.51
nat44 add address 10.10.100.52
set interface nat44 out TenGigabitEtherneta/0/3 set interface nat44 in loop1
set interface nat44 in loop2
ip route add 10.10.100.0/23 via TenGigabitEtherneta/0/3
comment { ===== port forwarding }
det44 add static mapping udp local 102.168.10.33 1234 external
10.10.100.51 1234
comment { enable all interfaces }
set int state tap1 up
set int state loop1 up
set int state TenGigabitEthernet8/0/0 up
set int state tap2 up
set int state loop2 up
set int state TenGigabitEtherneta/0/3 up
```
Now I have the problem that only 10.10.100.50 gets used (or until the
ports are used up I assume).
det44 would support my use case with:
```
det44 add in 192.168.10.0/23 out 10.10.100.51/32
det44 add in 192.168.20.0/23 out 10.10.100.52/32
```
but det44 does not support port forwarding.
and nat44 only supports mapping each host one by one.
In my case I could add all IPs (512 IPs per net). Not pretty, but doable.
My questions:
Do I have an error in my thoughts?
Is there something like this planned?:
```
nat44 add static mapping local 192.168.10.0/23 external 10.10.100.51
```
If not, would this addition be ok? If yes, I may invest some coding time :)
Thanks very much and greetings
Adrian
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#20779): https://lists.fd.io/g/vpp-dev/message/20779
Mute This Topic: https://lists.fd.io/mt/88549403/21656
Group Owner: vpp-dev+ow...@lists.fd.io
Unsubscribe: https://lists.fd.io/g/vpp-dev/unsub [arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-
