Re: [vpp-dev] nat with multiple in single out

[Matus Fabian -X (matfabia - PANTHEON TECHNOLOGIES at Cisco)]

Hi,

Please use "set interface nat44 in loop0 in loop1 in loop2 in loop3 out 
BondEthernet0" (you should set your one outside NAT interface only once).

Regards,
Matus

-Original Message-
From: vpp-dev-boun...@lists.fd.io [mailto:vpp-dev-boun...@lists.fd.io] On 
Behalf Of Carlito Nueno
Sent: Wednesday, January 17, 2018 10:08 PM
To: vpp-dev@lists.fd.io
Subject: [vpp-dev] nat with multiple in single out

Hi,

I have 4 VLANs each with loopback interface and a tap interface. I want each of 
the tap interfaces to have access to the WAN (internet) via BondEthernet0 
interface. I am using ubuntu.

snat config:

nat44 add interface address BondEthernet0
set interface nat44 in loop0 out BondEthernet0   // gw addr 10.0.0.1 (ltap0)
set interface nat44 in loop1 out BondEthernet0   // gw 10.1.0.1 (ltap1)
set interface nat44 in loop2 out BondEthernet0   // gw 10.2.0.1 (ltap2)
set interface nat44 in loop3 out BondEthernet0   // gw 10.3.0.1 (ltap3)

I am setting route as:
sudo route add default gw 10.3.0.1 dev ltap3

I am not able to ping. (ping -I ltap3 google.com)

But when I change the order, move loop3 to second position or first position, I 
can ping via ltap3

nat44 add interface address BondEthernet0
set interface nat44 in loop0 out BondEthernet0   // gw addr 10.0.0.1 (ltap0)
set interface nat44 in loop3 out BondEthernet0   // gw 10.3.0.1 (ltap3)
set interface nat44 in loop1 out BondEthernet0   // gw 10.1.0.1 (ltap1)
set interface nat44 in loop2 out BondEthernet0   // gw 10.2.0.1 (ltap2)

I can only ping via whatever interfaces are set in first and second position.

Also when I have more than one set interface nat44, I see an error in the logs:
set interface nat44: add BondEthernet0 failed

when loop3 is in second position:

vpp# sh nat44 detail
NAT plugin mode: dynamic translations enabled
loop0 in
BondEthernet0 out
loop3 in
NAT44 pool addresses interfaces:
BondEthernet0
10.1.0.71
  tenant VRF independent
  0 busy udp ports
  0 busy tcp ports
  0 busy icmp ports
0 users, 1 outside addresses, 0 active sessions, 0 static mappings Hash table 
in2out-ed
0 active elements
0 free lists
0 linear search buckets
0 cache hits, 0 cache misses
Hash table out2in-ed
0 active elements
0 free lists
0 linear search buckets
0 cache hits, 0 cache misses

Thanks
___
vpp-dev mailing list
vpp-dev@lists.fd.io
https://lists.fd.io/mailman/listinfo/vpp-dev
___
vpp-dev mailing list
vpp-dev@lists.fd.io
https://lists.fd.io/mailman/listinfo/vpp-dev

[vpp-dev] nat with multiple in single out

[Carlito Nueno]

Hi,

I have 4 VLANs each with loopback interface and a tap interface. I
want each of the tap interfaces to have access to the WAN (internet)
via BondEthernet0 interface. I am using ubuntu.

snat config:

nat44 add interface address BondEthernet0
set interface nat44 in loop0 out BondEthernet0   // gw addr 10.0.0.1 (ltap0)
set interface nat44 in loop1 out BondEthernet0   // gw 10.1.0.1 (ltap1)
set interface nat44 in loop2 out BondEthernet0   // gw 10.2.0.1 (ltap2)
set interface nat44 in loop3 out BondEthernet0   // gw 10.3.0.1 (ltap3)

I am setting route as:
sudo route add default gw 10.3.0.1 dev ltap3

I am not able to ping. (ping -I ltap3 google.com)

But when I change the order, move loop3 to second position or first
position, I can ping via ltap3

nat44 add interface address BondEthernet0
set interface nat44 in loop0 out BondEthernet0   // gw addr 10.0.0.1 (ltap0)
set interface nat44 in loop3 out BondEthernet0   // gw 10.3.0.1 (ltap3)
set interface nat44 in loop1 out BondEthernet0   // gw 10.1.0.1 (ltap1)
set interface nat44 in loop2 out BondEthernet0   // gw 10.2.0.1 (ltap2)

I can only ping via whatever interfaces are set in first and second position.

Also when I have more than one set interface nat44, I see an error in the logs:
set interface nat44: add BondEthernet0 failed

when loop3 is in second position:

vpp# sh nat44 detail
NAT plugin mode: dynamic translations enabled
loop0 in
BondEthernet0 out
loop3 in
NAT44 pool addresses interfaces:
BondEthernet0
10.1.0.71
  tenant VRF independent
  0 busy udp ports
  0 busy tcp ports
  0 busy icmp ports
0 users, 1 outside addresses, 0 active sessions, 0 static mappings
Hash table in2out-ed
0 active elements
0 free lists
0 linear search buckets
0 cache hits, 0 cache misses
Hash table out2in-ed
0 active elements
0 free lists
0 linear search buckets
0 cache hits, 0 cache misses

Thanks
___
vpp-dev mailing list
vpp-dev@lists.fd.io
https://lists.fd.io/mailman/listinfo/vpp-dev