Hi John,
> I've added support to the NAT plugin for Paired-Address-Pooling (PAP) and
> wanted to see if there is interest for me to submit it as a patch for review?
>
> The changes modify the behaviour of user creation, address allocation, and
> address management. Fundamentally it pairs a NAT user with an external IP
> when the user is created. The plugin will then only hand out ports within
> that external IP to that NAT user. The ceiling for max translations is
> overridden by (ports per IP / max_users_per_IP), but one can manually set a
> lower number of max translations. The max number of users per external IP is
> also configurable.
> When a new user is seen, the system will pick the external IP with the lowest
> number of paired addresses. This ensures that if we have a lot of external
> addresses, we spread usage across them.
>
> I've so far tested this in a lab with a few thousand simulated clients and it
> has worked as intended. This fixes issues for services that require all user
> connections to originate from the same source IP otherwise authentication
> breaks, such as banks.
This is clearly better NAT behaviour. I would certainly like to see this
upstreamed!
Cheers,
Ole
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#12448): https://lists.fd.io/g/vpp-dev/message/12448
Mute This Topic: https://lists.fd.io/mt/30286653/21656
Group Owner: [email protected]
Unsubscribe: https://lists.fd.io/g/vpp-dev/unsub [[email protected]]
-=-=-=-=-=-=-=-=-=-=-=-
