Hi Pac, Yes the idea is that you should be able to ping NAT outside interface from the adjacent side of the connection. This was previously working. I will create a ticket for the issue and look in to it shortly.
If you have any other issues with NAT please let me know. Best regards, Filip From: Pac Ette <[email protected]> Sent: Wednesday, September 16, 2020 10:16 PM To: [email protected] Cc: Filip Varga -X (fivarga - PANTHEON TECH SRO at Cisco) <[email protected]>; Dave Barach (dbarach) <[email protected]>; [email protected] Subject: Re: [vpp-dev] ping not able to receive replies on vpp interface Importance: High Hi Filip, sorry, amendment to my last email: Your suggestion worked. But ping from linux stack (tap interface) is not working because there is no NAT in/out anymore. I am using VPP with NAT. Is it not possible for ping to work with NAT? I noticed something. If I add back: set interface nat44 in loop0 in loop1 set interface nat44 out wan1 In addition to vpp-to-server not working, I am also unable to ping from linux server to vpp box. $ ping 10.200.1.7 PING 10.200.1.7 (10.200.1.7) from 10.200.1.1 eth2: 56(84) bytes of data. --- 10.200.1.7 ping statistics --- 80 packets transmitted, 0 received, 100% packet loss, time 80882ms Thanks! On Wed, Sep 16, 2020 at 1:10 PM Pac Ette via lists.fd.io<http://lists.fd.io> <[email protected]<mailto:[email protected]>> wrote: Hi Filip, Your suggestion worked. But I am using VPP with NAT. Is it not possible for ping to work with NAT? I noticed something. When NAT is set, in addition to vpp to server not working, I am also unable to ping from linux server to vpp box. If I add back: set interface nat44 in loop0 in loop1 set interface nat44 out wan1 linux (10.200.1.1) --> to --> wan1 (vpp) does not work either. Thanks! On Wed, Sep 16, 2020 at 12:35 PM Filip Varga -X (fivarga - PANTHEON TECH SRO at Cisco) <[email protected]<mailto:[email protected]>> wrote: Hi Pac, Try removing from your configuration following two lines: set interface nat44 in loop0 in loop1 set interface nat44 out wan1 Now try to ping from linux & vpp. From linux ping vpp wan interface 10.200.1.7 and from vpp linux host 10.200.1.1 (don’t forget to specify the source interface, this should be your wan interface in vpp). # ping <ip-addr> source <interface> Best regards, Filip From: [email protected]<mailto:[email protected]> <[email protected]<mailto:[email protected]>> On Behalf Of Pac Ette Sent: Wednesday, September 16, 2020 6:14 PM To: Dave Barach (dbarach) <[email protected]<mailto:[email protected]>> Cc: [email protected]<mailto:[email protected]> Subject: Re: [vpp-dev] ping not able to receive replies on vpp interface Hi Dave, I had a suspicion that my configs might be wrong. But, why would packets go through the NAT plugin when I am pinging from vppctl and directly on the wan1 port - I was thinking these packets don't need to be NAT-ed. Here are my configs and testing results. ## Configs cat vpp.conf set interface state wan1 up set interface state lan3 up set interface state lan2 up set interface state lan0 up set dhcp client intfc wan1 hostname test-ccB loopback create set interface l2 bridge loop0 1 bvi set interface ip address loop0 10.90.0.1/16<http://10.90.0.1/16> set interface state loop0 up create tap id 0 host-ip4-addr 10.90.0.2/16<http://10.90.0.2/16> host-if-name lstack1 set interface l2 bridge tap0 1 set interface state tap0 up loopback create set interface l2 bridge loop1 2 bvi set interface ip address loop1 10.100.0.1/16<http://10.100.0.1/16> set interface state loop1 up set interface l2 bridge lan0 2 set interface l2 bridge lan2 2 set interface l2 bridge lan3 2 create tap id 1 host-ip4-addr 10.100.0.2/16<http://10.100.0.2/16> host-if-name lstack2 set interface l2 bridge tap1 2 set interface state tap1 up nat44 add interface address wan1 set interface nat44 in loop0 in loop1 set interface nat44 out wan1 ---------------------------------------------------------- vpp# sh nat44 addresses NAT44 pool addresses: 10.200.1.7 tenant VRF independent 0 busy other ports 18 busy udp ports 0 busy tcp ports 0 busy icmp ports NAT44 twice-nat pool addresses: vpp# sh nat44 interfaces NAT44 interfaces: loop0 in loop1 in wan1 out vpp# sh dhcp client [0] wan1 state DHCP_BOUND installed 1 addr 10.200.1.7/24<http://10.200.1.7/24> gw 10.200.1.1 server 10.200.1.1 dns 8.8.8.8 linux stack $ ip route default via 10.90.0.1 dev lstack1 10.90.0.0/16<http://10.90.0.0/16> dev lstack1 proto kernel scope link src 10.90.0.2 10.100.0.0/16<http://10.100.0.0/16> dev lstack2 proto kernel scope link src 10.100.0.2 ---------------------------------------------------------- ## Testing pings via linux stack works but pings via vppctl do not. ping via vppctl: vpp# ping 10.200.1.1 Statistics: 5 sent, 0 received, 100% packet loss ping via linux stack: $ ping 10.200.1.1 PING 10.200.1.1 (10.200.1.1) 56(84) bytes of data. 64 bytes from 10.200.1.1<http://10.200.1.1>: icmp_seq=1 ttl=63 time=1.01 ms 64 bytes from 10.200.1.1<http://10.200.1.1>: icmp_seq=2 ttl=63 time=0.321 ms --- 10.200.1.1 ping statistics --- 2 packets transmitted, 2 received, 0% packet loss, time 1001ms rtt min/avg/max/mdev = 0.321/0.670/1.019/0.349 ms Thanks! On Wed, Sep 16, 2020 at 4:32 AM Dave Barach (dbarach) <[email protected]<mailto:[email protected]>> wrote: The dispatch pcap trace shows that “nat44-ed-out2in-slowpath” drops the reply. Since the request never visits the nat plugin, there is no translation set up to process the reply. Please check your configuration. Dave From: [email protected]<mailto:[email protected]> <[email protected]<mailto:[email protected]>> On Behalf Of Pac Ette Sent: Tuesday, September 15, 2020 11:40 PM To: [email protected]<mailto:[email protected]> Subject: [vpp-dev] ping not able to receive replies on vpp interface Hi folks, vpp is unable to ping on an interface: vpp# ping 10.200.1.1 source wan1 Statistics: 5 sent, 0 received, 100% packet loss current setup: vpp 20.05 linux machine (A) <----> vpp machine (B) 10.200.1.1 <----> 10.200.1.7 [cid:[email protected]] So the server at 10.200.1.1 is replying but vpp is showing 100% packet loss. I am also attaching a vpp dispatch pcap file. Thanks for the help!
-=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#17438): https://lists.fd.io/g/vpp-dev/message/17438 Mute This Topic: https://lists.fd.io/mt/76880903/21656 Group Owner: [email protected] Unsubscribe: https://lists.fd.io/g/vpp-dev/unsub [[email protected]] -=-=-=-=-=-=-=-=-=-=-=-
