Hi Folks, I'm new to VPP and trying to work on one setup where I have internal interface inside VRF and would like to provide internet connectivity to hosts via NAT. The egress interface to upstream network has private IP but has default route to upstream router then to internet.
What I'm doing for testing, I created one loopback inside VRF 7023 which I want to source traffic from to internet. In FRR which I use for control plane, I configured one default route in VRF to egress interface with 'nexthop-vrf default' 1- Interfaces as below BondEthernet0.2000 (up): L3 100.65.72.2/25 *>>>>> interface to upstream router* loop10 (up): L3 10.10.10.1/24 ip4 table-id 7023 fib-idx 2 *>>>>> traffic from vrf should be NATed* loop11 (up): L3 x.x.x.x/32 *>>>>> configured public IP here to NAT traffic to* 2- VRF routing on FRR as below. FRR# show ip route vrf 7023 VRF 7023: S>* 8.8.8.8/32 [1/0] is directly connected, bond0.2000 (vrf default), weight 1, 00:29:59 C>* 10.10.10.0/24 is directly connected, lo10, 00:39:35 3- FRR has default route in global table as mentioned to upstream and I have internet connectivity from host. 4- I tried below config for NATing which doesn't look to be working for me. nat44 plugin enable set interface nat44 in loop10 out BondEthernet0.2000 nat44 add address x.x.x.x tenant-vrf 7023 nat44 forwarding enable nat44 plugin enable inside-vrf 7023 outside-vrf 0 set interface nat44 in loop10 out BondEthernet0.2000 nat44 add interface address loop11 nat44 forwarding enable I'm not clear with nat routing as well, my understanding this should be routing from vrf to global and might not need vrf default in FRR. nat44 vrf table add 7023 nat44 vrf route add table 7023 0 if anyone has experience with such setup would appreciate help Thanks, Mohamed
-=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#22013): https://lists.fd.io/g/vpp-dev/message/22013 Mute This Topic: https://lists.fd.io/mt/94285006/21656 Group Owner: vpp-dev+ow...@lists.fd.io Unsubscribe: https://lists.fd.io/g/vpp-dev/leave/1480452/21656/631435203/xyzzy [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
