[vpp-dev] NAT in endpoint-dependent mode does not work if workers > 1

Thu, 27 Aug 2020 05:39:14 -0700 

Hi there,

There is a problem with passing traffic through NAT in endpoint-dependent
node with multiple (>1) workers enabled:
[root@centos8 ~]# vppctl show trace
------------------- Start of thread 0 vpp_main -------------------
No packets in trace buffer
------------------- Start of thread 1 vpp_wk_0 -------------------
Packet 1

00:01:36:325636: dpdk-input
  GigabitEthernet0/8/0 rx queue 0
  buffer 0x8330c: current data 0, length 98, buffer-pool 0, ref-count 1,
totlen-nifb 0, trace handle 0x1000000
                  ext-hdr-valid
                  l4-cksum-computed l4-cksum-correct
  PKT MBUF: port 0, nb_segs 1, pkt_len 98
    buf_len 2176, data_len 98, ol_flags 0x0, data_off 128, phys_addr
0x662cc380
    packet_type 0x0 l2_len 0 l3_len 0 outer_l2_len 0 outer_l3_len 0
    rss 0x0 fdir.hi 0x0 fdir.lo 0x0
  IP4: 08:00:27:f8:dd:2c -> 08:00:27:58:1c:f3
  ICMP: 10.255.100.2 -> 10.255.10.100
    tos 0x00, ttl 64, length 84, checksum 0xb4d6 dscp CS0 ecn NON_ECN
    fragment id 0x016f, flags DONT_FRAGMENT
  ICMP echo_request checksum 0xfe6b
...
00:01:36:325669: ip4-sv-reassembly-output-feature
  [not-fragmented]
00:01:36:325671: nat44-in2out-output-worker-handoff
  NAT44_IN2OUT_WORKER_HANDOFF OUTPUT-FEATURE: next-worker 2 trace index 0

------------------- Start of thread 2 vpp_wk_1 -------------------
Packet 1

00:01:36:325677: handoff_trace
  HANDED-OFF: from thread 1 trace index 0
00:01:36:325677: nat44-ed-in2out-output
  NAT44_IN2OUT_ED_FAST_PATH: sw_if_index 1, next index 4, session -1
00:01:36:325684: nat44-ed-in2out-output-slowpath
  NAT44_IN2OUT_ED_SLOW_PATH: sw_if_index 1, next index 0, session 0
00:01:36:325686: error-drop
  rx:GigabitEthernet0/8/0
00:01:36:325688: drop
  dpdk-input: no error

I think this is related to double vnet_feature_next(), so we go to
error-drop node instead of interface-output. I pushed patch for this here
https://gerrit.fd.io/r/c/vpp/+/28595 which fixes this problem, but I
actually don't like it because we can stuck in nat44-ed-in2-out-output if
we somehow skip handoff (don't see such cases actually).

Do you have some better ideas on how to fix this?

Thank you,
Vladimir Isaev

-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.

View/Reply Online (#17293): https://lists.fd.io/g/vpp-dev/message/17293
Mute This Topic: https://lists.fd.io/mt/76450222/21656
Group Owner: [email protected]
Unsubscribe: https://lists.fd.io/g/vpp-dev/unsub  [[email protected]]
-=-=-=-=-=-=-=-=-=-=-=-

Reply via email to