Re: [vpp-dev] NAT: no free reassembly slot

Sun, 03 Mar 2019 23:35:46 -0800 

Hi Carlito,

Seems like you are sending IP fragments.
Those need to be (virtually) reassembled before NATted. Reassembly is to a 
large extent an attack vector, and it’s rate limited.

cheers,
Ole

> On 3 Mar 2019, at 22:46, carlito nueno <[email protected]> wrote:
> 
> Hi all,
> 
> While running more iperf3 udp tests, I noticed vpp status showing this:
> 
> My current vpp conf:
> https://gist.github.com/ironpillow/4b119b57e21b31a7ff6985bcb20f952b
> 
> Setup to reproduce:
> 1. iperf3 server on 10.155.3.2 (iperf3 -s -B 10.155.3.2)
> 2. iperf3 client on 10.155.6.2 but with -R flag (iperf3 -B 10.155.6.2
> -c 10.155.3.2 -u -b0 -R)
> 
> So basically, server on one subnet and client on another subnet and
> run it with -R flag
> 
> vpp.service - vector packet processing engine
>   Loaded: loaded (/lib/systemd/system/vpp.service; enabled; vendor
> preset: enabled)
>   Active: active (running) since Fri 2019-03-01 17:09:24 PST; 18min ago
>  Process: 32079 ExecStopPost=/bin/rm -f /dev/shm/db
> /dev/shm/global_vm /dev/shm/vpe-api (code=exited, status=0/SUCCESS)
>  Process: 32093 ExecStartPre=/sbin/modprobe uio_pci_generic
> (code=exited, status=0/SUCCESS)
>  Process: 32087 ExecStartPre=/bin/rm -f /dev/shm/db
> /dev/shm/global_vm /dev/shm/vpe-api (code=exited, status=0/SUCCESS)
> Main PID: 32095 (vpp_main)
>    Tasks: 10 (limit: 4915)
>   CGroup: /system.slice/vpp.service
>           └─32095 /usr/bin/vpp -c /etc/vpp/startup.conf
> 
> Mar 01 17:20:17 test1 vnet[32095]: nat: no free resassembly slot
> Mar 01 17:20:17 test1 vnet[32095]: nat: no free resassembly slot
> Mar 01 17:20:17 test1 vnet[32095]: nat: no free resassembly slot
> Mar 01 17:20:17 test1 vnet[32095]: nat: no free resassembly slot
> Mar 01 17:20:17 test1 vnet[32095]: nat: no free resassembly slot
> Mar 01 17:20:17 test1 vnet[32095]: nat: no free resassembly slot
> Mar 01 17:20:17 test1 vnet[32095]: nat: no free resassembly slot
> Mar 01 17:20:17 test1 vnet[32095]: nat: no free resassembly slot
> Mar 01 17:20:17 test1 vnet[32095]: nat: no free resassembly slot
> Mar 01 17:20:17 test1 vnet[32095]: nat: --- message(s) throttled ---
> 
> Thanks
> -=-=-=-=-=-=-=-=-=-=-=-
> Links: You receive all messages sent to this group.
> 
> View/Reply Online (#12410): https://lists.fd.io/g/vpp-dev/message/12410
> Mute This Topic: https://lists.fd.io/mt/30206523/675193
> Group Owner: [email protected]
> Unsubscribe: https://lists.fd.io/g/vpp-dev/unsub  [[email protected]]
> -=-=-=-=-=-=-=-=-=-=-=-


-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.

View/Reply Online (#12412): https://lists.fd.io/g/vpp-dev/message/12412
Mute This Topic: https://lists.fd.io/mt/30206523/21656
Group Owner: [email protected]
Unsubscribe: https://lists.fd.io/g/vpp-dev/unsub  [[email protected]]
-=-=-=-=-=-=-=-=-=-=-=-

Reply via email to