[vpp-dev] configuraion of server to test VPP

[michael . jinli . yan]

Hi，I wanna do some performance test  with VPP. Could someone tell me the best 
configuration of server to use，especially the cpu parameters?Thank you

Re: [vpp-dev] 18.04 RC2 this Wednesday!

[Jan Hugo Prins | BetterBe]

Hello,

Would it be possible to get the router and netlink plugin, that are
currently in the VPPSB project, merged into 18.04 ?
I would like to work with them building a set of routers, and having
them in the stable branche would mean that the chance of some patches
breaking this functionality would be a lot smaller.

Cheers,
Jan Hugo Prins


On 04/09/2018 08:43 PM, Chris Luke wrote:
>
> All,
>
>  
>
> Gentle reminder that 18.04 RC2 will be posted on Wednesday.
>
>  
>
> Note: After Wednesday's RC2 Milestone, only critical bug fixes will be
> merged into branch stable/1804.  Please review open anomalies for
> candidates to be fixed this week. Also, please remember to open a Jira
> ticket for all patches submitted to stable branches.
>
>  
>
> Cheers,
>
> Chris.
>
> 

-- 
Kind regards

Jan Hugo Prins
/DevOps Engineer/

Auke Vleerstraat 140 E
7547 AN Enschede
CC no. 08097527

*T* +31 (0) 53 48 00 694 
*E* jpr...@betterbe.com 
*M* +31 (0)6 263 58 951 
www.betterbe.com 
BetterBe accepts no liability for the content of this email, or for the
consequences of any actions taken on the basis
of the information provided, unless that information is subsequently
confirmed in writing. If you are not the intended
recipient you are notified that disclosing, copying, distributing or
taking any action in reliance on the contents of this
information is strictly prohibited.

[vpp-dev] VPP dpdk interface placement from startup.conf

[Rogan Lynch]

Hello folks,

Just  a newbie question that I hope can be put to rest quickly:

Given that VPP distributes worker threads in round-robin fashion by
default, but can have them reassigned post-facto via the terminal CLI,
Is is possible to pin these threads a priori from a startup.conf param? Or
do I need to work with my engineering team to add this?

Thanks,

Rogan


-- 
*Rogan Lynch*
*Field Application Engineer*

rly...@netelastic.com

cell:408-426-8649

skype wechat



netElastic Systems Inc.

2804 Mission College Blvd, Suite 240

Santa Clara, CA 95054

Tel：(408) 430 1790

Toll Free : (866) 448 7198

Fax：(408) 430 1758

[vpp-dev] 18.04 RC2 this Wednesday!

[Chris Luke]

All,

Gentle reminder that 18.04 RC2 will be posted on Wednesday.

Note: After Wednesday's RC2 Milestone, only critical bug fixes will be merged 
into branch stable/1804.  Please review open anomalies for candidates to be 
fixed this week. Also, please remember to open a Jira ticket for all patches 
submitted to stable branches.

Cheers,
Chris.

Re: [**EXTERNAL**] Re: [vpp-dev] VPP client: test_client vs VAT

[Dave Wallace]

Leela,

Is your question is why isn't the client part of the VPP application itself?
If so, the answer is to separate the control plane from the data plane 
utilizing a fast, efficient shared-memory interface.


VPP is a highly tuned, high performance packet manipulation/forwarding 
user-space application.  Execution of the control plane in VPP itself 
will quickly make it a low performance packet manipulation/forwarding 
application.


There are already plenty of instances of those applications freely 
available ;-)


Thanks,
-daw-

On 04/09/2018 02:10 AM, Ole Troan wrote:

To add to what Jim said.


I don't think I totally get it.
My question was to ask why does anyone need to write 'shared-memory' access to 
call the corresponding binary API for each and every feature set that one is 
interested in.
If there is a direct client library available, then it would be much easy to 
call the direct feature API and get going with this API stuff.

There are 'direct' client libraries in C, C++, Go, Lua, Python and Java.

e.g. in Python you do:

v= VPP()
v.connect(...)
print v.show_version()
v.disconnect()

What else is it you are looking for?

Cheers,
Ole

[vpp-dev] VPP with DPDK drops packet, but it sends ok

[Moon-Sang Lee]

I've configured a VM with KVM, and the VM is intended to run VPP with DPDK.
In particular, the VM is connected to one of VFs. (i.e. SR-IOV)
I can run DPDK sample applications,including l2fwd and l3fwd, in the VM,
therefore I guess VM is successfully connected to the outside-world(pktgen
server) via VFs.

However, I cannot receive a packet when I run VPP/DPDK.
I can see TX packets from the VM on the opposite side, pktgen server,
but the VM does not receive any reply from  pktgen server which reports
RX/TX packet count.
(i.e. arping/ping from VM arrives in pktgen, but the reply from pktgen is
not received in VM.)
I found some strange log messages regarding vpp launching as below.

I appreciate for any comment.
Thanks in advance...

- Host NIC: Intel 82599 10G NIC (i.e. VF binding with vfio-pci)
- VM: 1 socket 4 vCPU
- VPP: 18.04
- DPDK binding: igb_uio

root@xenial-vpp-frr:~# vpp -c /etc/vpp/startup.conf
vlib_plugin_early_init:359: plugin path /usr/lib/vpp_plugins
load_one_plugin:187: Loaded plugin: acl_plugin.so (Access Control Lists)
load_one_plugin:187: Loaded plugin: avf_plugin.so (Intel Adaptive Virtual
Function (AVF) Device Plugin)
load_one_plugin:189: Loaded plugin: cdp_plugin.so
load_one_plugin:187: Loaded plugin: dpdk_plugin.so (Data Plane Development
Kit (DPDK))
load_one_plugin:187: Loaded plugin: flowprobe_plugin.so (Flow per Packet)
load_one_plugin:187: Loaded plugin: gbp_plugin.so (Group Based Policy)
load_one_plugin:187: Loaded plugin: gtpu_plugin.so (GTPv1-U)
load_one_plugin:187: Loaded plugin: igmp_plugin.so (IGMP messaging)
load_one_plugin:187: Loaded plugin: ila_plugin.so (Identifier-locator
addressing for IPv6)
load_one_plugin:187: Loaded plugin: ioam_plugin.so (Inbound OAM)
load_one_plugin:117: Plugin disabled (default): ixge_plugin.so
load_one_plugin:187: Loaded plugin: kubeproxy_plugin.so (kube-proxy data
plane)
load_one_plugin:187: Loaded plugin: l2e_plugin.so (L2 Emulation)
load_one_plugin:187: Loaded plugin: lacp_plugin.so (Link Aggregation
Control Protocol)
load_one_plugin:187: Loaded plugin: lb_plugin.so (Load Balancer)
load_one_plugin:187: Loaded plugin: memif_plugin.so (Packet Memory
Interface (experimetal))
load_one_plugin:187: Loaded plugin: nat_plugin.so (Network Address
Translation)
load_one_plugin:187: Loaded plugin: pppoe_plugin.so (PPPoE)
load_one_plugin:187: Loaded plugin: router.so (router)
load_one_plugin:187: Loaded plugin: srv6ad_plugin.so (Dynamic SRv6 proxy)
load_one_plugin:187: Loaded plugin: srv6am_plugin.so (Masquerading SRv6
proxy)
load_one_plugin:187: Loaded plugin: srv6as_plugin.so (Static SRv6 proxy)
load_one_plugin:187: Loaded plugin: stn_plugin.so (VPP Steals the NIC for
Container integration)
load_one_plugin:187: Loaded plugin: tlsmbedtls_plugin.so (mbedtls based TLS
Engine)
load_one_plugin:187: Loaded plugin: tlsopenssl_plugin.so (openssl based TLS
Engine)
load_one_plugin:67: Loaded plugin:
/usr/lib/vpp_api_test_plugins/flowprobe_test_plugin.so
load_one_plugin:67: Loaded plugin:
/usr/lib/vpp_api_test_plugins/dpdk_test_plugin.so
load_one_plugin:67: Loaded plugin:
/usr/lib/vpp_api_test_plugins/ioam_export_test_plugin.so
load_one_plugin:67: Loaded plugin:
/usr/lib/vpp_api_test_plugins/cdp_test_plugin.so
load_one_plugin:67: Loaded plugin:
/usr/lib/vpp_api_test_plugins/kubeproxy_test_plugin.so
load_one_plugin:67: Loaded plugin:
/usr/lib/vpp_api_test_plugins/ioam_vxlan_gpe_test_plugin.so
load_one_plugin:67: Loaded plugin:
/usr/lib/vpp_api_test_plugins/stn_test_plugin.so
load_one_plugin:67: Loaded plugin:
/usr/lib/vpp_api_test_plugins/acl_test_plugin.so
load_one_plugin:67: Loaded plugin:
/usr/lib/vpp_api_test_plugins/lb_test_plugin.so
load_one_plugin:67: Loaded plugin:
/usr/lib/vpp_api_test_plugins/lacp_test_plugin.so
load_one_plugin:67: Loaded plugin:
/usr/lib/vpp_api_test_plugins/ioam_pot_test_plugin.so
load_one_plugin:67: Loaded plugin:
/usr/lib/vpp_api_test_plugins/pppoe_test_plugin.so
load_one_plugin:67: Loaded plugin:
/usr/lib/vpp_api_test_plugins/udp_ping_test_plugin.so
load_one_plugin:67: Loaded plugin:
/usr/lib/vpp_api_test_plugins/vxlan_gpe_ioam_export_test_plugin.so
load_one_plugin:67: Loaded plugin:
/usr/lib/vpp_api_test_plugins/memif_test_plugin.so
load_one_plugin:67: Loaded plugin:
/usr/lib/vpp_api_test_plugins/gtpu_test_plugin.so
load_one_plugin:67: Loaded plugin:
/usr/lib/vpp_api_test_plugins/ioam_trace_test_plugin.so
load_one_plugin:67: Loaded plugin:
/usr/lib/vpp_api_test_plugins/nat_test_plugin.so
dpdk_config:1271: EAL init args: -c 1 -n 4 --huge-dir /run/vpp/hugepages
--file-prefix vpp -w :00:06.0 -w :00:07.0 --master-lcore 0
--socket-mem 512
EAL: No free hugepages reported in hugepages-1048576kB
EAL: VFIO support initialized
EAL: WARNING: cpu flags constant_tsc=yes nonstop_tsc=no -> using unreliable
clock cycles !
EAL:   Invalid NUMA socket, default to 0
EAL:   Invalid NUMA socket, default to 0
DPDK physical memory layout:
Segment 0: IOVA:0x3340, len:25165824, virt:0x7ff739c0, socket_id:0,
hugepage_sz:2097152, nchannel:0, 

Re: [vpp-dev] the source_and_port_range_check and the URPF support ipv6?

[Ole Troan]

Xyxue,

> Do the source_and_port_range_check and the URPF support ipv6?
> I can find the 'ip4_source_and_port_range_check.c'. Is there a plan to 
> support ipv6 in the source_and_port_range_check and the URPF?

I don't think source_and_port_range supports IPv6.
I've always been a little curious about the port_and_range_check use case. 
Could ACLs do the job?
(or could ACLS be extended to support port-ranges?)

Cheers,
Ole


-=-=-=-=-=-=-=-=-=-=-=-
Links:

You receive all messages sent to this group.

View/Reply Online (#8860): https://lists.fd.io/g/vpp-dev/message/8860
View All Messages In Topic (2): https://lists.fd.io/g/vpp-dev/topic/16931543
Mute This Topic: https://lists.fd.io/mt/16931543/21656
New Topic: https://lists.fd.io/g/vpp-dev/post

Change Your Subscription: https://lists.fd.io/g/vpp-dev/editsub/21656
Group Home: https://lists.fd.io/g/vpp-dev
Contact Group Owner: vpp-dev+ow...@lists.fd.io
Terms of Service: https://lists.fd.io/static/tos
Unsubscribe: https://lists.fd.io/g/vpp-dev/unsub
-=-=-=-=-=-=-=-=-=-=-=-



signature.asc
Description: Message signed with OpenPGP

Re: [vpp-dev] Build failure on 18.04

[Chris Luke]

That looks like you have a connectivity issue to one of the download sites for 
DPDK, nasm, and/or aeslib.

Check you can reach http://fast.dpdk.org, http://www.nasm.us and 
http://github.com and that they give non-zero length responses.

It occurs to me that perhaps the Makefile should display what it is trying to 
download so one can try the same URL, will add that later if I get a moment.

Chris.

From: vpp-dev@lists.fd.io  On Behalf Of Shashi Kant Singh
Sent: Monday, April 9, 2018 1:48
To: vpp-dev@lists.fd.io
Subject: [vpp-dev] Build failure on 18.04

Hi All

I did a fresh checkout and tried to do make build of release 18.04, but get 
following errors:

Regards
Shashi


[root@vbbubng6-shashi-8 vpp]# git branch -a
* (detached from origin/stable/1804)
  master
  remotes/origin/HEAD -> origin/master
  remotes/origin/master
  remotes/origin/stable/1606
  remotes/origin/stable/1609
  remotes/origin/stable/1701
  remotes/origin/stable/1704
  remotes/origin/stable/1707
  remotes/origin/stable/1710
  remotes/origin/stable/1801
  remotes/origin/stable/1804
  remotes/origin/stable/test

[root@vbbubng6-shashi-8 vpp]# make build
make[1]: Entering directory `/bng5/shashi-8/vpp5/vpp/build-root'
 Arch for platform 'vpp' is native 
 Finding source for dpdk 
..

make[2]: Entering directory `/bng5/shashi-8/vpp5/vpp/dpdk'
==
Building DPDK from source. Consider installing development
package by invoking 'make dpdk-install-dev' from the
top level directory
==
make config
Building IPSec-MB 0.48 library
make[3]: Entering directory `/bng5/shashi-8/vpp5/vpp/dpdk'
make[3]: warning: jobserver unavailable: using -j1.  Add `+' to parent make 
rule.
  % Total% Received % Xferd  Average Speed   TimeTime Time  Current
 Dload  Upload   Total   SpentLeft  Speed
100  9.9M  100  9.9M0 0  1130k  0  0:00:09  0:00:09 --:--:-- 2260k
  % Total% Received % Xferd  Average Speed   TimeTime Time  Current
 Dload  Upload   Total   SpentLeft  Speed
  0   3510 00 0  0  0 --:--:--  0:00:02 --:--:-- 0
100  781k  100  781k0 0   165k  0  0:00:04  0:00:04 --:--:--  376k
  % Total% Received % Xferd  Average Speed   TimeTime Time  Current
 Dload  Upload   Total   SpentLeft  Speed
  0 00 00 0  0  0 --:--:--  0:00:01 --:--:-- 0
curl: (52) Empty reply from server
make[3]: *** [/bng5/shashi-8/vpp5/vpp/dpdk/v0.48.tar.gz] Error 52
make[3]: Leaving directory `/bng5/shashi-8/vpp5/vpp/dpdk'
make[2]: *** [ebuild-build] Error 2
make[2]: Leaving directory `/bng5/shashi-8/vpp5/vpp/dpdk'

[vpp-dev] the source_and_port_range_check and the URPF support ipv6?

[xyxue]

Hi guys,

Do the source_and_port_range_check and the URPF support ipv6?
I can find the 'ip4_source_and_port_range_check.c'. Is there a plan to support 
ipv6 in the source_and_port_range_check and the URPF?
 
Thanks,
Xyxue

Re: [vpp-dev] cli to show configuration.

[Marek Gradzki -X (mgradzki - PANTHEON TECHNOLOGIES@Cisco)]

Jit,

as an alternative to CLI, you could try NETCONF’s 
provided by honeycomb:
https://docs.fd.io/hc2vpp/1.18.01/hc2vpp-parent/release-notes-aggregator/user_running_honeycomb.html#_using_netconf_northbound

Here is list of supported YANG models:
https://docs.fd.io/hc2vpp/1.18.01/hc2vpp-parent/release-notes-aggregator/release_notes.html#_yang_models

And supported VPP features:
https://docs.fd.io/hc2vpp/1.18.01/hc2vpp-parent/release-notes-aggregator/api_docs_index.html

Regards,
Marek

From: vpp-dev@lists.fd.io [mailto:vpp-dev@lists.fd.io] On Behalf Of Neale Ranns 
(nranns)
Sent: 9 kwietnia 2018 09:59
To: vpp-dev@lists.fd.io
Subject: Re: [vpp-dev] cli to show configuration.


There is not.

/neale

From: > on behalf of Jit Mehta 
>
Date: Saturday, 7 April 2018 at 23:47
To: "vpp-dev@lists.fd.io" 
>
Subject: [vpp-dev] cli to show configuration.

Is there a cli to show all the config added for vpp? ("show runn" equivalent 
for Cisco)

Thanks,
J

Re: [vpp-dev] cli to show configuration.

[Neale Ranns]

There is not.

/neale

From:  on behalf of Jit Mehta 

Date: Saturday, 7 April 2018 at 23:47
To: "vpp-dev@lists.fd.io" 
Subject: [vpp-dev] cli to show configuration.

Is there a cli to show all the config added for vpp? ("show runn" equivalent 
for Cisco)

Thanks,
J

Re: [vpp-dev] syslog in snat

[Matus Fabian -X (matfabia - PANTHEON TECHNOLOGIES@Cisco)]

Deterministic NAT is dedicated to CGN so no logging of sessions planed.
Syslog is still in todo list, but contribution of patch is welcome.

Matus

From: vpp-dev@lists.fd.io  On Behalf Of Hamid via 
Lists.Fd.Io
Sent: Monday, April 9, 2018 7:53 AM
To: vpp-dev@lists.fd.io
Cc: vpp-dev@lists.fd.io
Subject: Re: [vpp-dev] syslog in snat

Another vote for syslog.

Did anyone made any progress?
In deterministic CGN, logging is not required but you dont have timestamps to 
verify the flows. Is there any hook to have nat ipfix logging for deterministic 
CGNAT as well!?

Regards,
Hamid

Re: [vpp-dev] #vpp CGNAT implementation in VPP

[Matus Fabian -X (matfabia - PANTHEON TECHNOLOGIES@Cisco)]

Only CLI commands, no startup config changes required

Matus

From: Hamid Rasool <14mseesras...@seecs.edu.pk>
Sent: Monday, April 9, 2018 8:06 AM
To: Matus Fabian -X (matfabia - PANTHEON TECHNOLOGIES at Cisco) 
; vpp-dev 
Subject: Re: [vpp-dev] #vpp CGNAT implementation in VPP

Thanks again Matus. Specially for updating the Wiki!

Do I need to change anything in the startup config to enable ipfix in NAT or do 
the CLI commands in the example config work as standard?

On Mon, Apr 9, 2018 at 10:20 AM, Matus Fabian -X (matfabia - PANTHEON 
TECHNOLOGIES at Cisco) > wrote:
Supported templates for deterministic NAT 
https://wiki.fd.io/view/VPP/NAT#IPFIX_templates
Supported templates for standard NAT 
https://wiki.fd.io/view/VPP/NAT#NAT_IPFIX_logging
IPFix data and template records are transmitted over UDP 
(https://tools.ietf.org/html/rfc7011, https://tools.ietf.org/html/rfc8158)
IPFix example configuration 
https://wiki.fd.io/view/VPP/NAT#Enable_NAT_plugin_IPFIX_logging_example

Matus


From: Hamid Rasool 
<14mseesras...@seecs.edu.pk>
Sent: Friday, April 6, 2018 4:23 PM

To: Matus Fabian -X (matfabia - PANTHEON TECHNOLOGIES at Cisco) 
>
Cc: vpp-dev@lists.fd.io
Subject: Re: [vpp-dev] #vpp CGNAT implementation in VPP

Thanks Matus for the rapid response. The del command did the trick and I will 
try to repeat the setup for 18.04-rc1 build. I also got some more info through 
the command 'show nat44 detail' which did not show up by ? in the CLI by 
default.

About IPFIX logging, can you suggest an example template to perform the logging:
e.g.
nat {
NAT44 Addresses exhausted
NAT44 Session create
NAT44 Session delete
}

Also, any pointers to access these IPFIX logs for nat session details without 
using deterministic NAT once the logging has been enable would also be very 
helpful.

Regards,
Hamid

On Fri, Apr 6, 2018 at 3:42 PM, Matus Fabian -X (matfabia - PANTHEON 
TECHNOLOGIES at Cisco) > wrote:
“show nat44 deterministic mappings” probably doesn’t work because you use older 
version of the VPP (this was changed in 1804)
To delete NAT deterministic mapping use “nat44 deterministic add in 
/ out / del”
Currently you can’t alocate specific number of ports of the external address to 
the internal clients. It is possible to implenet this, patches are welcome.
NAT plugin use IPfix for logging events 
https://wiki.fd.io/view/VPP/NAT#IPFIX_templates. Deterministic NAT doesn’t log 
session since internall address is statically mapped to set of external ports 
of the address (purpose of deterministic NAT is to reduce logging 
https://tools.ietf.org/html/rfc7422).

Matus

From: Hamid Rasool 
<14mseesras...@seecs.edu.pk>
Sent: Friday, April 6, 2018 12:16 PM
To: Matus Fabian -X (matfabia - PANTHEON TECHNOLOGIES at Cisco) 
>
Cc: vpp-dev@lists.fd.io
Subject: Re: [vpp-dev] #vpp CGNAT implementation in VPP

Thanks Fabian.

I have configured these steps and it seems to work (although some variations of 
nat deterministic add command caused vpp to crash and reset configurations 
though). However, there is another command in the VPP/NAT wiki: "show nat44 
deterministic mappings" which does not seem to work.
The "show nat44" command only seem to work however:

vpp# nat44 deterministic add in 10.10.3.0/25 out 
192.168.100.64/28
vpp# show nat44
NAT plugin mode: deterministic mapping
udp timeout: 300sec
tcp-established timeout: 7440sec
tcp-transitory timeout: 240sec
icmp timeout: 60sec
1 deterministic mappings


I want to ask how can we delete a pool mapping once we have set it or even 
change it because there seems to be no options to do that. Another query is 
about how can we allocate a specific number of ports of the external address to 
the internal clients. Lets say I want to map 8 internal addresses to 1 external 
for a pool of external addresses, which makes about 8000 ports (out of 65000) 
for each internal address. Is there any way to implement.
Last question for now, where are the session logs stored for NAT for each flow 
of packet. Does VPP provide syslog stats or any flow records for nat sessions?

Thanks again!



[https://ipmcdn.avast.com/images/icons/icon-envelope-tick-round-orange-animated-no-repeat-v1.gif]

Virus-free. 
www.avast.com


On Mon, Mar 19, 2018 at 5:19 PM, Matus Fabian -X (matfabia - PANTHEON 
TECHNOLOGIES at Cisco) > wrote:
Hi,

There is example of CGNAT 

Re: [**EXTERNAL**] Re: [vpp-dev] VPP client: test_client vs VAT

[Ole Troan]

To add to what Jim said.

> I don't think I totally get it.
> My question was to ask why does anyone need to write 'shared-memory' access 
> to call the corresponding binary API for each and every feature set that one 
> is interested in.
> If there is a direct client library available, then it would be much easy to 
> call the direct feature API and get going with this API stuff.

There are 'direct' client libraries in C, C++, Go, Lua, Python and Java.

e.g. in Python you do:

v= VPP()
v.connect(...)
print v.show_version()
v.disconnect()

What else is it you are looking for?

Cheers,
Ole

-=-=-=-=-=-=-=-=-=-=-=-
Links:

You receive all messages sent to this group.

View/Reply Online (#8853): https://lists.fd.io/g/vpp-dev/message/8853
View All Messages In Topic (3): https://lists.fd.io/g/vpp-dev/topic/16930729
Mute This Topic: https://lists.fd.io/mt/16930729/21656
New Topic: https://lists.fd.io/g/vpp-dev/post

Change Your Subscription: https://lists.fd.io/g/vpp-dev/editsub/21656
Group Home: https://lists.fd.io/g/vpp-dev
Contact Group Owner: vpp-dev+ow...@lists.fd.io
Terms of Service: https://lists.fd.io/static/tos
Unsubscribe: https://lists.fd.io/g/vpp-dev/unsub
-=-=-=-=-=-=-=-=-=-=-=-



signature.asc
Description: Message signed with OpenPGP

Re: [vpp-dev] #vpp CGNAT implementation in VPP

[Hamid via Lists.Fd.Io]

Thanks again Matus. Specially for updating the Wiki!

Do I need to change anything in the startup config to enable ipfix in NAT
or do the CLI commands in the example config work as standard?

On Mon, Apr 9, 2018 at 10:20 AM, Matus Fabian -X (matfabia - PANTHEON
TECHNOLOGIES at Cisco)  wrote:

> Supported templates for deterministic NAT https://wiki.fd.io/view/VPP/
> NAT#IPFIX_templates
>
> Supported templates for standard NAT https://wiki.fd.io/view/VPP/
> NAT#NAT_IPFIX_logging
>
> IPFix data and template records are transmitted over UDP (
> https://tools.ietf.org/html/rfc7011, https://tools.ietf.org/html/rfc8158)
>
> IPFix example configuration https://wiki.fd.io/view/VPP/
> NAT#Enable_NAT_plugin_IPFIX_logging_example
>
>
>
> Matus
>
>
>
>
>
> *From:* Hamid Rasool <14mseesras...@seecs.edu.pk>
> *Sent:* Friday, April 6, 2018 4:23 PM
>
> *To:* Matus Fabian -X (matfabia - PANTHEON TECHNOLOGIES at Cisco) <
> matfa...@cisco.com>
> *Cc:* vpp-dev@lists.fd.io
> *Subject:* Re: [vpp-dev] #vpp CGNAT implementation in VPP
>
>
>
> Thanks Matus for the rapid response. The del command did the trick and I
> will try to repeat the setup for 18.04-rc1 build. I also got some more info
> through the command 'show nat44 detail' which did not show up by ? in the
> CLI by default.
>
>
>
> About IPFIX logging, can you suggest an example template to perform the
> logging:
>
> e.g.
>
> nat {
>
> NAT44 Addresses exhausted
>
> NAT44 Session create
>
> NAT44 Session delete
>
> }
>
>
>
> Also, any pointers to access these IPFIX logs for nat session details
> without using deterministic NAT once the logging has been enable would also
> be very helpful.
>
>
>
> Regards,
>
> Hamid
>
>
>
> On Fri, Apr 6, 2018 at 3:42 PM, Matus Fabian -X (matfabia - PANTHEON
> TECHNOLOGIES at Cisco)  wrote:
>
> “show nat44 deterministic mappings” probably doesn’t work because you use
> older version of the VPP (this was changed in 1804)
>
> To delete NAT deterministic mapping use “nat44 deterministic add in
> / out / del”
>
> Currently you can’t alocate specific number of ports of the external
> address to the internal clients. It is possible to implenet this, patches
> are welcome.
>
> NAT plugin use IPfix for logging events https://wiki.fd.io/view/VPP/
> NAT#IPFIX_templates. Deterministic NAT doesn’t log session since
> internall address is statically mapped to set of external ports of the
> address (purpose of deterministic NAT is to reduce logging
> https://tools.ietf.org/html/rfc7422).
>
>
>
> Matus
>
>
>
> *From:* Hamid Rasool <14mseesras...@seecs.edu.pk>
> *Sent:* Friday, April 6, 2018 12:16 PM
> *To:* Matus Fabian -X (matfabia - PANTHEON TECHNOLOGIES at Cisco) <
> matfa...@cisco.com>
> *Cc:* vpp-dev@lists.fd.io
> *Subject:* Re: [vpp-dev] #vpp CGNAT implementation in VPP
>
>
>
> Thanks Fabian.
>
>
>
> I have configured these steps and it seems to work (although some
> variations of nat deterministic add command caused vpp to crash and reset
> configurations though). However, there is another command in the VPP/NAT
> wiki: "show nat44 deterministic mappings" which does not seem to work.
>
> The "show nat44" command only seem to work however:
>
>
>
> vpp# nat44 deterministic add in 10.10.3.0/25 out 192.168.100.64/28
>
> vpp# show nat44
>
> NAT plugin mode: deterministic mapping
>
> udp timeout: 300sec
>
> tcp-established timeout: 7440sec
>
> tcp-transitory timeout: 240sec
>
> icmp timeout: 60sec
>
> 1 deterministic mappings
>
>
>
>
>
> I want to ask how can we delete a pool mapping once we have set it or even
> change it because there seems to be no options to do that. Another query is
> about how can we allocate a specific number of ports of the external
> address to the internal clients. Lets say I want to map 8 internal
> addresses to 1 external for a pool of external addresses, which makes about
> 8000 ports (out of 65000) for each internal address. Is there any way to
> implement.
>
> Last question for now, where are the session logs stored for NAT for each
> flow of packet. Does VPP provide syslog stats or any flow records for nat
> sessions?
>
>
>
> Thanks again!
>
>
>
>
>
>
>
> [image:
> https://ipmcdn.avast.com/images/icons/icon-envelope-tick-round-orange-animated-no-repeat-v1.gif]
> 
>
> Virus-free. www.avast.com
> 
>
>
>
> On Mon, Mar 19, 2018 at 5:19 PM, Matus Fabian -X (matfabia - PANTHEON
> TECHNOLOGIES at Cisco)  wrote:
>
> Hi,
>
>
>
> There is example of CGNAT configuration for currently supported feature
> set https://wiki.fd.io/view/VPP/NAT#Example_configuration
>
>
>
> Basically you need do following 3 steps:
>
> To enable CGNAT mode of NAT plugin add following to startup config: “nat {
> deterministic }”
>
> Set inside and outside interfaces: set interface nat44