Hi Filip, Sorry, I didn’t state the demands clearly. My demand is to let a nat ip address just only work for specific src network prefix in a vpc, the nat sessions using the nat ip address will be created only when the i2o packets’s src ip matches the specific network prefix in the vpc. 1) I saw the snat_address_t’s member net is used only for matching the packets’s dst ip in nat_ed_alloc_addr_and_port. 2) using multiple vrfs to isolate the network is a method, but will use more other configures, and makes the traffic model more complex.
By view the codes about nat44-ed, I don’t think there is any configuration examples about the demand I mentioned above. Do you have any keywords about the configuration examples? I want to try a search in mailing list with them. Do I understand this right? Looking forward to hearing any further ideas or suggestions from you. Thanks & Regards, Huawei LI > 2022年10月27日 16:52,filvarga <filipvarg...@gmail.com> 写道: > > Hi Li, > > There are few errors in your statement. > > 1) SNAT - is an obsolete name for the old nat plugin. > 2) NAT is split among multiple plugins > 3) one of the plugins - nat44-ed (the most used and preferred) does support > all of the things you have mentioned > > Please feel free to search in the community mailing list for configuration > examples. There is also .rst file in the nat44-ed plugin directory (may not > contain all of the supported configuration). Also check the api.c and cli.c > for all available configuration options. > > After you have done above mentioned feel free to ask regarding specific > configuration issue. > > Best regards, > Filip Varga > > > pi 21. 10. 2022 o 4:01 lihuawei <lihuawei_...@163.com > <mailto:lihuawei_...@163.com>> napísal(a): > Hi John & Everyone & Community, > > In my scene, it is the demand to put multiple subnets in one BD. A few days > ago, I have found the other proper idea to implement the demand mentioned in > the mail subject and original mail. > > This problem and mail can be close now. > > Have a nice day, everybody! > > > Thanks & Regards, > Huawei LI > >> 2022年10月21日 00:45,John Lo <lojultra2...@outlook.com >> <mailto:lojultra2...@outlook.com>> 写道: >> >> Hi Huawei, >> >> Some comments on supporting multiple BVIs in a BD: >> >> 1. There are assumptions in the bridging code including only 1 BVI per BD >> and it will be the last interface of a BD's flood list. To support multiple >> BVIs per BD will make the code more complicated and less efficient from >> performance point of view. >> >> 2. All interfaces, including BVI, in a BD can talk to each other via MAC >> address learning. There is no concept of L3 IP address nor awareness of IPs >> in separate VRFs. Thus, the concept of multiple BVIs in a BD each in >> different VRFs does not match the L2 bridging concept. While it may be >> possible to enhance BD support to understand IP and VRF at L3, it will again >> make the code more complicated and affect performance. >> >> My question would be, isn't it more natural to put each subnet in a separate >> BD with its BVI in the desired VRF? >> >> Regards, >> John >> >> -----Original Message----- >> From: lihuawei <lihuawei_...@163.com <mailto:lihuawei_...@163.com>> >> Sent: Sunday, October 16, 2022 11:30 PM >> To: o...@cisco.com <mailto:o...@cisco.com>; fiva...@cisco.com >> <mailto:fiva...@cisco.com>; klement.sek...@gmail.com >> <mailto:klement.sek...@gmail.com>; Neale Ranns <ne...@graphiant.com >> <mailto:ne...@graphiant.com>>; lojultra2...@outlook.com >> <mailto:lojultra2...@outlook.com>; slu...@cisco.com >> <mailto:slu...@cisco.com>; vpp-dev@lists.fd.io <mailto:vpp-dev@lists.fd.io> >> Subject: snat support bind to specific subnets >> >> Hi Ole, Filip, Klement, Neale, John, Steven, &Community, >> >> I have a demand about snat. With in a vpc, different subnets need use >> different snat ip to the internet, but the vpp snat feature now do not >> support snat ip bind to specific subnets. I have two ideas to resolve this: >> 1. modify and develop snat feature to support snat ip bind to specific >> subnets. >> 2. use multiple vrfs to isolate subnets, one vrf’s subnets use one snat ip, >> but the bd bvi now only support one in one bd, the non-bvi loop does not >> forward L3. So modify and develop bd bvi to support multiple bvi interfaces >> in one bd may be one better idea. >> >> Do I understand right and the idea 2 is the better? Anybody who has better >> idea, please help. >> >> Thanks and Regards, >> Huawei LI > > > > > > >
-=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#22082): https://lists.fd.io/g/vpp-dev/message/22082 Mute This Topic: https://lists.fd.io/mt/94377538/21656 Group Owner: vpp-dev+ow...@lists.fd.io Unsubscribe: https://lists.fd.io/g/vpp-dev/leave/1480452/21656/631435203/xyzzy [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
