Hi Filip,
Thanks very much for your detailed instructions and configuration examples. I
will try this method later on.
Another question about nat, is there any support for new nat session rate limit
in vpp?
Thanks & Regards,
Huawei LI
> 2022年10月28日 01:22,filvarga 写道:
>
> Hi Li,
>
>
Hi Li,
NAT44-ED doesn't support ACL. There are other NAT plugins in VPP. For
example PNAT uses ACL rules. You should go through all of the options there
are and pick the correct NAT flavor that will suffice.
Well your option is to do following:
1)
# lan1 interface belongs to vrf1
# lan2
Hi Filip,
I have searched your mail accounts, and didn’t find any acl configuration used
with nat44. Do you mean use acl with nat44 address to achive to my target
creating nat sessions based packet’s source ip's network?
How about multi nat addresses respectively used for multi-subnets in a
To avoid delaying CSIT reports, we are moving this maintenance to Nov 30th
Thank you,
Vanessa
On 10/24/22 12:19 PM, Vanessa Valderrama wrote:
*What*:
* Jenkins
o Jenkins sandbox and production
o OS and security updates
o Jenkins upgrade
o Plugin upgrades
*
Hi Li,
Yes, try to search one of my mail accounts (current/previous) for example
fiva...@cisco.com, filipvarg...@gmail.com or my name.
If you are looking for a feature that does ACL matching based on source
address you should try to look in different implementations of nat44, there
are more then
Hi Filip,
Sorry, I didn’t state the demands clearly. My demand is to let a nat ip address
just only work for specific src network prefix in a vpc, the nat sessions using
the nat ip address will be created only when the i2o packets’s src ip matches
the specific network prefix in the vpc.
1) I
hi
I have one server that the cpu is AuthenticAMD,then when I config ipsec in
vpp,the cli such as:
ipsec sa add 10 spi 1001 esp crypto-alg aes-cbc-128 crypto-key
it will crash in crypto_native_plugin.so,the function is aes128_key_expand,
when I get the variable's value with u8x16u
hi
I have one server that the cpu is AuthenticAMD,then when I config ipsec in
vpp,the cli such as:
ipsec sa add 10 spi 1001 esp crypto-alg aes-cbc-128 crypto-key
it will crash in crypto_native_plugin.so,the function is aes128_key_expand,
when I get the variable's value with u8x16u
Hi Li,
There are few errors in your statement.
1) SNAT - is an obsolete name for the old nat plugin.
2) NAT is split among multiple plugins
3) one of the plugins - nat44-ed (the most used and preferred) does support
all of the things you have mentioned
Please feel free to search in the