Hi Alexander, Let me try to restart. ;-) nat44_user_dump gives you a list of inside ip addresses that have sessions. That makes sense when you track sessions by inside ip address (user). E.g. in a traditional NAT where in endpoint independent mode you use up an outside port per-session and you need to limit the number of sessions created by a single inside ip address.
Endpoint dependent NAT with port overloading removes that limitation. An outside port can be reused as many times as you like for different DA/DP pairs. Maintaining the per-user list has a cost so I didn't want to do that for NAT ED. Now, nat44_user_session_dump lists the sessions for a given inside IP address. That you could do although it would require you to iterate the whole session database. My suggestion was that since the IP address is just a filter in this case, we could other things into the filter too. Up to the complete 5/6-tuple of a session. Or dump sessions that are in TCP transitory state, 100 most recently used sessions, whatever... For session table utilisation you should use the stat segment. Currently we have /nat44/total-sessions and you have error counters for other cases, e.g. port allocation fails. I'm looking at adding more counters for NAT to the stat segment. Input sought. Best regards, Ole > On 13 May 2020, at 09:02, Alexander Chernavin via lists.fd.io > <achernavin=netgate....@lists.fd.io> wrote: > > Hello Ole, > > I'm not sure I get your question right. > > The use case is being able to see NAT pool utilization and debug NAT > sessions. I think it's not a specific use case. > > NAT44 ED sessions: > -------- thread 0 vpp_main: 3 sessions -------- > i2o 10.255.10.100 proto icmp port 1593 fib 0 > o2i 10.100.200.14 proto icmp port 16253 fib 0 > external host 10.255.30.100:0 > index 0 > last heard 27.67 > total pkts 8, total bytes 728 > dynamic translation > > i2o 10.255.10.100 proto udp port 45177 fib 0 > o2i 10.100.200.14 proto udp port 18995 fib 0 > external host 10.255.30.100:8161 > index 1 > last heard 32.66 > total pkts 2, total bytes 106 > dynamic translation > > i2o 10.255.10.100 proto tcp port 59664 fib 0 > o2i 10.100.200.14 proto tcp port 53893 fib 0 > external host 10.255.30.100:22 > index 2 > last heard 36.64 > total pkts 9, total bytes 635 > dynamic translation > > > The way I see it is that there was API that worked for ED and non ED NAT > modes (except for deterministic). ED mode logic has changed but API remains > the same. It still works for non ED NAT modes and has stopped working for ED > mode. I think it's not consistent. > > Thanks, > Alexander
-=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#16354): https://lists.fd.io/g/vpp-dev/message/16354 Mute This Topic: https://lists.fd.io/mt/74156168/21656 Mute #nat44: https://lists.fd.io/mk?hashtag=nat44&subid=1480452 Mute #nat: https://lists.fd.io/mk?hashtag=nat&subid=1480452 Group Owner: vpp-dev+ow...@lists.fd.io Unsubscribe: https://lists.fd.io/g/vpp-dev/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
