date:20190303

Re: [vpp-dev] NAT: no free reassembly slot

2019-03-03 Thread Ole Troan

Hi Carlito,

Seems like you are sending IP fragments.
Those need to be (virtually) reassembled before NATted. Reassembly is to a 
large extent an attack vector, and it’s rate limited.

cheers,
Ole

> On 3 Mar 2019, at 22:46, carlito nueno  wrote:
> 
> Hi all,
> 
> While running more iperf3 udp tests, I noticed vpp status showing this:
> 
> My current vpp conf:
> https://gist.github.com/ironpillow/4b119b57e21b31a7ff6985bcb20f952b
> 
> Setup to reproduce:
> 1. iperf3 server on 10.155.3.2 (iperf3 -s -B 10.155.3.2)
> 2. iperf3 client on 10.155.6.2 but with -R flag (iperf3 -B 10.155.6.2
> -c 10.155.3.2 -u -b0 -R)
> 
> So basically, server on one subnet and client on another subnet and
> run it with -R flag
> 
> vpp.service - vector packet processing engine
>   Loaded: loaded (/lib/systemd/system/vpp.service; enabled; vendor
> preset: enabled)
>   Active: active (running) since Fri 2019-03-01 17:09:24 PST; 18min ago
>  Process: 32079 ExecStopPost=/bin/rm -f /dev/shm/db
> /dev/shm/global_vm /dev/shm/vpe-api (code=exited, status=0/SUCCESS)
>  Process: 32093 ExecStartPre=/sbin/modprobe uio_pci_generic
> (code=exited, status=0/SUCCESS)
>  Process: 32087 ExecStartPre=/bin/rm -f /dev/shm/db
> /dev/shm/global_vm /dev/shm/vpe-api (code=exited, status=0/SUCCESS)
> Main PID: 32095 (vpp_main)
>Tasks: 10 (limit: 4915)
>   CGroup: /system.slice/vpp.service
>   └─32095 /usr/bin/vpp -c /etc/vpp/startup.conf
> 
> Mar 01 17:20:17 test1 vnet[32095]: nat: no free resassembly slot
> Mar 01 17:20:17 test1 vnet[32095]: nat: no free resassembly slot
> Mar 01 17:20:17 test1 vnet[32095]: nat: no free resassembly slot
> Mar 01 17:20:17 test1 vnet[32095]: nat: no free resassembly slot
> Mar 01 17:20:17 test1 vnet[32095]: nat: no free resassembly slot
> Mar 01 17:20:17 test1 vnet[32095]: nat: no free resassembly slot
> Mar 01 17:20:17 test1 vnet[32095]: nat: no free resassembly slot
> Mar 01 17:20:17 test1 vnet[32095]: nat: no free resassembly slot
> Mar 01 17:20:17 test1 vnet[32095]: nat: no free resassembly slot
> Mar 01 17:20:17 test1 vnet[32095]: nat: --- message(s) throttled ---
> 
> Thanks
> -=-=-=-=-=-=-=-=-=-=-=-
> Links: You receive all messages sent to this group.
> 
> View/Reply Online (#12410): https://lists.fd.io/g/vpp-dev/message/12410
> Mute This Topic: https://lists.fd.io/mt/30206523/675193
> Group Owner: vpp-dev+ow...@lists.fd.io
> Unsubscribe: https://lists.fd.io/g/vpp-dev/unsub  [otr...@employees.org]
> -=-=-=-=-=-=-=-=-=-=-=-

-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.

View/Reply Online (#12412): https://lists.fd.io/g/vpp-dev/message/12412
Mute This Topic: https://lists.fd.io/mt/30206523/21656
Group Owner: vpp-dev+ow...@lists.fd.io
Unsubscribe: https://lists.fd.io/g/vpp-dev/unsub  [arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

Re: [vpp-dev] nat: create NAT session failed

2019-03-03 Thread carlito nueno

Hi Matus,

Thank you. That makes sense.

On Thu, Jan 17, 2019 at 10:59 PM Matus Fabian -X (matfabia - PANTHEON
TECHNOLOGIES at Cisco)  wrote:
>
> Hi,
>
>
>
> For endpoint dependent NAT oldest session per user is recycled only when 
> expired (classic/vanilla NAT recycle always).
>
>
>
> Matus
>
>
>
>
>
> From: vpp-dev@lists.fd.io  On Behalf Of carlito nueno
> Sent: Friday, January 18, 2019 7:45 AM
> To: vpp-dev@lists.fd.io
> Subject: [vpp-dev] nat: create NAT session failed
>
>
>
> Hi all,
>
>
>
> When I set nat to endpoint dependent, I am receiving this error message:
>
> Jan 17 19:14:45 test1 vnet[32197]: nat: create NAT session failed
>
> Jan 17 19:14:45 test1 vnet[32197]: nat: max translations per user 10.155.0.2
>
>
>
> Here is: sh nat44 sessions
>
> NAT44 sessions:
>  thread 0 vpp_main: 0 sessions 
>  thread 1 vpp_wk_0: 449 sessions 
>   10.155.0.2: 256 dynamic translations, 0 static translations
>
>
>
> Here is: startup.conf
>
> unix {
>   nodaemon
>   log /var/log/vpp/vpp.log
>   full-coredump
>   cli-listen /run/vpp/cli.sock
>   gid vpp
>   startup-config /home/test1/vpp.conf
> }
>
> api-trace {
>   on
> }
>
> api-segment {
>   gid vpp
> }
>
> cpu {
>   main-core 2
>   corelist-workers 3
> }
>
> nat {
>   translation hash buckets 16000
>   max translations per user 256
>   endpoint-dependent
> }
>
> dpdk {
>   num-mbufs 32768
>   uio-driver auto
> }
>
>
>
> When I disable endpoint nat, even though translations hit the max (256), new 
> nat sessions are being created and everything is fine.
>
>
>
> Any advice?
>
>
>
> Thanks
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.

View/Reply Online (#12411): https://lists.fd.io/g/vpp-dev/message/12411
Mute This Topic: https://lists.fd.io/mt/29195721/21656
Group Owner: vpp-dev+ow...@lists.fd.io
Unsubscribe: https://lists.fd.io/g/vpp-dev/unsub  [arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[vpp-dev] NAT: no free reassembly slot

2019-03-03 Thread carlito nueno

Hi all,

While running more iperf3 udp tests, I noticed vpp status showing this:

My current vpp conf:
https://gist.github.com/ironpillow/4b119b57e21b31a7ff6985bcb20f952b

Setup to reproduce:
1. iperf3 server on 10.155.3.2 (iperf3 -s -B 10.155.3.2)
2. iperf3 client on 10.155.6.2 but with -R flag (iperf3 -B 10.155.6.2
-c 10.155.3.2 -u -b0 -R)

So basically, server on one subnet and client on another subnet and
run it with -R flag

vpp.service - vector packet processing engine
   Loaded: loaded (/lib/systemd/system/vpp.service; enabled; vendor
preset: enabled)
   Active: active (running) since Fri 2019-03-01 17:09:24 PST; 18min ago
  Process: 32079 ExecStopPost=/bin/rm -f /dev/shm/db
/dev/shm/global_vm /dev/shm/vpe-api (code=exited, status=0/SUCCESS)
  Process: 32093 ExecStartPre=/sbin/modprobe uio_pci_generic
(code=exited, status=0/SUCCESS)
  Process: 32087 ExecStartPre=/bin/rm -f /dev/shm/db
/dev/shm/global_vm /dev/shm/vpe-api (code=exited, status=0/SUCCESS)
 Main PID: 32095 (vpp_main)
Tasks: 10 (limit: 4915)
   CGroup: /system.slice/vpp.service
   └─32095 /usr/bin/vpp -c /etc/vpp/startup.conf

Mar 01 17:20:17 test1 vnet[32095]: nat: no free resassembly slot
Mar 01 17:20:17 test1 vnet[32095]: nat: no free resassembly slot
Mar 01 17:20:17 test1 vnet[32095]: nat: no free resassembly slot
Mar 01 17:20:17 test1 vnet[32095]: nat: no free resassembly slot
Mar 01 17:20:17 test1 vnet[32095]: nat: no free resassembly slot
Mar 01 17:20:17 test1 vnet[32095]: nat: no free resassembly slot
Mar 01 17:20:17 test1 vnet[32095]: nat: no free resassembly slot
Mar 01 17:20:17 test1 vnet[32095]: nat: no free resassembly slot
Mar 01 17:20:17 test1 vnet[32095]: nat: no free resassembly slot
Mar 01 17:20:17 test1 vnet[32095]: nat: --- message(s) throttled ---

Thanks
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.

View/Reply Online (#12410): https://lists.fd.io/g/vpp-dev/message/12410
Mute This Topic: https://lists.fd.io/mt/30206523/21656
Group Owner: vpp-dev+ow...@lists.fd.io
Unsubscribe: https://lists.fd.io/g/vpp-dev/unsub  [arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

Re: [vpp-dev] problem with two different traffic

2019-03-03 Thread Dave Barach via Lists.Fd.Io

Please read this and try again: 
https://fdio-vpp.readthedocs.io/en/latest/troubleshooting/reportingissues/reportingissues.html

From: vpp-dev@lists.fd.io  On Behalf Of omid via 
Lists.Fd.Io
Sent: Sunday, March 3, 2019 12:37 PM
To: Vpp-dev 
Cc: vpp-dev@lists.fd.io
Subject: [vpp-dev] problem with two different traffic

Hi,

There's a strange problem I confront with in VPP.

Here is the scenario:
1- (Success) I generate a 1 Gig/sec traffic from a port and everything is ok 
with VPP.
2- (Failure) I generate two 500 MB/sec traffics from two different ports but 
all of sudden VPP stops forwarding and then even a simple Ping request does not 
get its corresponding reply i.e. the connection seems to fail. VPP is Ok and 
does not crash but stops forwarding.

any idea about what the problem is and its solution??

Thanks in advance
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.

View/Reply Online (#12409): https://lists.fd.io/g/vpp-dev/message/12409
Mute This Topic: https://lists.fd.io/mt/30203977/21656
Group Owner: vpp-dev+ow...@lists.fd.io
Unsubscribe: https://lists.fd.io/g/vpp-dev/unsub  [arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[vpp-dev] problem with two different traffic

2019-03-03 Thread omid via Lists.Fd.Io

Hi,
There's a strange problem I confront with in VPP.
Here is the scenario:1- (Success) I generate a 1 Gig/sec traffic from a port 
and everything is ok with VPP.2- (Failure) I generate two 500 MB/sec traffics 
from two different ports but all of sudden VPP stops forwarding and then even a 
simple Ping request does not get its corresponding reply i.e. the connection 
seems to fail. VPP is Ok and does not crash but stops forwarding.
any idea about what the problem is and its solution??
Thanks in advance
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.

View/Reply Online (#12408): https://lists.fd.io/g/vpp-dev/message/12408
Mute This Topic: https://lists.fd.io/mt/30203977/21656
Group Owner: vpp-dev+ow...@lists.fd.io
Unsubscribe: https://lists.fd.io/g/vpp-dev/unsub  [arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

Re: [vpp-dev] NAT: no free reassembly slot

Re: [vpp-dev] nat: create NAT session failed

[vpp-dev] NAT: no free reassembly slot

Re: [vpp-dev] problem with two different traffic

[vpp-dev] problem with two different traffic

5 matches

Site Navigation

Mail list logo

Footer information