As you said, I used ABF+NAT. ABF is fine for policy routing, but there is no snat to form the corresponding IP address from the exit. May I ask how nat should be handled? Thank you!
# Configure the IP address for the interface vppctl set interface ip address eth0 192.168.1.1/24 vppctl set interface ip address eth2 1.1.1.100/24 vppctl set interface ip address eth1 2.2.2.100/24 vppctl set interface ip address eth3 3.3.3.100/24 # Return the route vppctl ip route add 192.168.0.0/16 via 192.168.1.100 # ACL+ABF vppctl set acl-plugin acl deny dst 192.168.1.1/32,deny dst 1.1.1.100/32,permit src 192.168.10.0/24 vppctl abf policy add id 0 acl 0 via 1.1.1.1 vppctl abf attach ip4 policy 0 eth0 vppctl set acl-plugin acl deny dst 192.168.1.1/32,deny dst 2.2.2.100/32,permit src 192.168.20.0/24 vppctl abf policy add id 1 acl 1 via 2.2.2.1 vppctl abf attach ip4 policy 1 eth0 vppctl set acl-plugin acl deny dst 192.168.1.1/32,deny dst 3.3.3.100/32,permit src 192.168.30.0/24 vppctl abf policy add id 2 acl 2 via 3.3.3.1 vppctl abf attach ip4 policy 2 eth0 # NAT vppctl set nat44 plugin enable vppctl set interface nat44 in eth0 out eth1 vppctl set interface nat44 in eth0 out eth2 vppctl set interface nat44 in eth0 out eth3 vppctl nat44 add interface address eth1 vppctl nat44 add interface address eth2 vppctl nat44 add interface address eth3
-=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#26600): https://lists.fd.io/g/vpp-dev/message/26600 Mute This Topic: https://lists.fd.io/mt/116573371/21656 Group Owner: [email protected] Unsubscribe: https://lists.fd.io/g/vpp-dev/leave/14379924/21656/631435203/xyzzy [[email protected]] -=-=-=-=-=-=-=-=-=-=-=-
