Hi All, We are exploring VPP's *NAT plugin *for PE router in an MPLS VPN deployment. A reference diagram is given below.
[image: NAT-PE.png] Private IP addresses are assigned to the hosts by the PE routers(NAT-PE and PE-2). All the hosts in a VPN(Shop or Bank) are assigned unique IP addresses by the local PE Router. The routes are distributed across the edge routers through a routing protocol. Thus local routing and remote routing is enabled using Private IP addresses. Local Routing uses l2 rewrites and Remote Routing uses mpls + l2 rewrites(on ingress PE router) and mpls termination and L3 lookup in the right VRF(on egress PE router). NAT comes into picture when hosts want to access an internet gateway that is not part of the VPN. In this case if the packet hits a default route(internet route) NAT needs to translate the private IP to a public IP. Other packets need to bypass NAT. It is also possible for the hosts to access a shared server(192.1.1.4) that is not part of VPN. In that case NATing needs to happen only if the packet is destined to the shared servers and bypass NAT otherwise. >From the study on *nat44ed* it looks like there is no way to apply a policy to bypass/permit NAT based on destination. So if NAT is applied on an inside interface all traffic gets NATed. Please let me know if the understanding is correct. Is there any way to solve this currently in VPP? Thanks, Rajith -- NOTICE TO RECIPIENT This e-mail message and any attachments are confidential and may be privileged. If you received this e-mail in error, any review, use, dissemination, distribution, or copying of this e-mail is strictly prohibited. Please notify us immediately of the error by return e-mail and please delete this message from your system. For more information about Rtbrick, please visit us at www.rtbrick.com <http://www.rtbrick.com>
-=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#20883): https://lists.fd.io/g/vpp-dev/message/20883 Mute This Topic: https://lists.fd.io/mt/89289163/21656 Group Owner: vpp-dev+ow...@lists.fd.io Unsubscribe: https://lists.fd.io/g/vpp-dev/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
