Hi everyone, To my understanding, NAT is a pre-routing feature in VPP( a feature in `ip4-unicast` arc) and when a packet enters an inside interface, it finds the output interface via direct FIB lookup and if it is an outside interface, the translation would continue. This behavior renders ABF( another feature in `ip4-unicast` arc that changes the next-hop, and possibly the output interface) useless.
I tried NAT output feature. The problems I saw were 3 things: 1. It set interface as both inside and outside. 2. If I set an inside interface and an output feature interface, tracing packets shows we will hit the NAT44 node twice. Once in `ip4-unicast` arc of the ingress interface and once in `ip4-output` arc of the egress interface. Disabling inside interface and only setting NAT44 output interface fixes this problem which gives rise to the third issue: 3. It does not follow the pattern of 'translate all packets from inside interfaces that are destined to one of outside interfaces'. All packets that their egress interface is the set interface will be translated. So to address these problems, I changed the code a little bit and now the behavior is like: * Setting an interface as inside won't enable `nat44-in2out` feature in `ip4-unicast`. * Setting an interface as output will only set interface as `outside`. The rest stays the same. * In `nat_not_translate_output_feature_fwd` we check if packet's `sw_if_index[VLIB_RX]` is one of inside interfaces. If not, translation won't continue. Now my question is, does this flow causes any problem? What were the incentives of the first design? I tried dynamic NAT, static NAT and LB( but not thoroughly tested. just basic functionality. Also I didn't tried twice NAT and VRFs) and all worked fine. If it's all good, we can eliminate the output feature API and make it default. It fixes the issues that pre-routing NAT causes.
-=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#26997): https://lists.fd.io/g/vpp-dev/message/26997 Mute This Topic: https://lists.fd.io/mt/119061916/21656 Group Owner: [email protected] Unsubscribe: https://lists.fd.io/g/vpp-dev/leave/14379924/21656/631435203/xyzzy [[email protected]] -=-=-=-=-=-=-=-=-=-=-=-
