Hi Filip, thanks for reply. This is only for host mapping and looks that it can be done with det44 plugin - very strange btw that it operates separatly from standard nat44 (meaning that I do need to configure nat at all to use it).
My problem is different, when I set pool i.e. 1.0.0.1-1.0.0.100 all clients always get the last address from the pool (.100) until external IP run out of ports and only after that client will get .99 IP untile this IP will run out of ports and etc. Is there way to select new random address from pool for new client and after that use this randomly selected same source-/destination-address for each client connection. Now it leads to problems with Google 'Unusual Traffic' Block/Captcha, because it utilizes several IP addresses where most IP from pool leave unused. ________________________________ От: Filip Varga -X (fivarga - PANTHEON TECH SRO at Cisco) <fiva...@cisco.com> Отправлено: 9 февраля 2021 г. 13:54 Кому: Юрий Иванов <format_...@outlook.com>; vpp-dev@lists.fd.io <vpp-dev@lists.fd.io> Тема: RE: [vpp-dev] NAT44 how to control external address assignment from pool? Hi, If you are looking for option to specify exact outside translation address from a specific pool. You should try : nat44 add static mapping ... exact <pool-addr> Also supported by API. This will give you exact address picked from pool. Best regards, Filip Varga From: vpp-dev@lists.fd.io <vpp-dev@lists.fd.io> On Behalf Of ???? ?????? Sent: Monday, February 8, 2021 11:04 AM To: vpp-dev@lists.fd.io Subject: Re: [vpp-dev] NAT44 how to control external address assignment from pool? Importance: High Just an update, to perform manual translation we should do: det44 plugin enable det44 add in 10.0.1.0/29 out 1.0.0.7/32 det44 add in 10.0.1.16/29 out 1.0.0.5/32 ... set interface det44 inside GigabitEthernet0/5/0 outside GigabitEthernet0/4/0 Ignoring specific nat configuration. Nevertheless, maybe there is some option to select different IP addres from pool? ________________________________ От: vpp-dev@lists.fd.io<mailto:vpp-dev@lists.fd.io> <vpp-dev@lists.fd.io<mailto:vpp-dev@lists.fd.io>> от имени Юрий Иванов <format_...@outlook.com<mailto:format_...@outlook.com>> Отправлено: 7 февраля 2021 г. 12:10 Кому: vpp-dev@lists.fd.io<mailto:vpp-dev@lists.fd.io> <vpp-dev@lists.fd.io<mailto:vpp-dev@lists.fd.io>> Тема: [vpp-dev] NAT44 how to control external address assignment from pool? Hi, I've got basic nat setup in a lab which works as expected except extarnat IP address allocation. My clients, behind NAT, has addresses: vpp# show ip neighbors Time IP Flags Ethernet Interface 1421.5929 10.0.1.30 D 00:50:79:66:68:00 GigabitEthernet0/5/0 1424.3609 10.0.1.55 D 00:50:79:66:68:02 GigabitEthernet0/5/0 1423.1650 10.0.1.41 D 00:50:79:66:68:01 GigabitEthernet0/5/0 1389.2929 10.0.1.20 D 00:50:79:66:68:04 GigabitEthernet0/5/0 1377.1449 10.0.1.2 D 00:50:79:66:68:03 GigabitEthernet0/5/0 All can reach external 1.0.0.2 IP which looks good, but for all client external address is 1.0.0.100 (the last IP in a range). I think it will be more better to randomly select different address in range like nftables do with this configuration stranza: "ip saddr 10.0.0.0/8 oif "vlan2" snat to 1.0.0.2-1.0.0.100 persistent" After changing vpp# nat addr-port-assignment-alg map-e psid 10 psid-offset 6 psid-len 6 the only difference that external address become 1.0.0.1 for all clients. I of cource can map host to external address with: vpp# nat44 add static mapping local 10.0.1.2 external 1.0.0.10 But with 30 thousands clients it will very strange idea to map every host route manually.
-=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#18713): https://lists.fd.io/g/vpp-dev/message/18713 Mute This Topic: https://lists.fd.io/mt/80449794/21656 Group Owner: vpp-dev+ow...@lists.fd.io Unsubscribe: https://lists.fd.io/g/vpp-dev/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
