For policy routing you'd typically use either the abf or ip-session-redirect plugins, and for NAT you have various options with nat and cnat plugins. I'd explore those plugins to begin with.
best ben ________________________________________ From: [email protected] <[email protected]> on behalf of [email protected] via lists.fd.io <[email protected]> Sent: Tuesday, December 2, 2025 9:16 To: vpp-dev Subject: [vpp-dev] How to implement policy routing +snat? I have three VPCS as clients, namely VPC2, VPC3 and VPC4. The IP address of VPC2 is 192.168.10.100, that of VPC3 is 192.168.20.100, and that of VPC4 is 192.168.30.100. The user gateway is on H3cvSR. The IP address of g2/0 is 192.168.10.1, that of g3/0 is 192.168.20.1, that of g4/0 is 192.168.30.1, and that of g1/0 is 192.168.1.100. And H3cvSR is configured with a default static route pointing to 192.168.1.1, which is the eth0 port of VPP. Then, the eth2, eth1 and eth3 of vpp are three exits respectively. The IP address of eth2 is 1.1.1.100, that of eth1 is 2.2.2.100, and that of eth3 is 3.3.3.100. What I'm thinking about now is that users in the 192.168.10.0/24 segment can only exit through the 1.1.1.0/24 exit and do SNAT when they go out. The 192.168.20.0/24 segment can only exit through the 2.2.2.0 exit and perform an SNAT when exiting. The 192.168.30.0/24 segment can only exit through the 3.3.3.0 exit and perform an SNAT when exiting. How should VPP be configured? [cid:_Foxmail.1@c9a394da-a5f7-fb17-6f5c-390f71d6f4fc] Thank you very much! ________________________________ Beichen Zhang
-=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#26598): https://lists.fd.io/g/vpp-dev/message/26598 Mute This Topic: https://lists.fd.io/mt/116573371/21656 Group Owner: [email protected] Unsubscribe: https://lists.fd.io/g/vpp-dev/leave/14379924/21656/631435203/xyzzy [[email protected]] -=-=-=-=-=-=-=-=-=-=-=-
