Nat44-ed cli reference

clear nat44 ed sessions

clear nat44 ed sessions
clear nat44 ed sessions

To clear all NAT44 sessions
 vpp# clear nat44 ed sessions

Declaration: nat44_ed_clear_sessions_command src/plugins/nat/nat44-ed/nat44_ed_cli.c line 1861

Implementation: nat44_ed_clear_sessions_command_fn

nat ipfix logging

nat ipfix logging disable|<enable [domain <domain-id>] [src-port <port>]>
snat ipfix logging

To enable NAT IPFIX logging use:
 vpp# nat ipfix logging
To set IPFIX exporter use:
 vpp# set ipfix exporter collector 10.10.10.3 src 10.10.10.1

Declaration: snat_ipfix_logging_enable_disable_command src/plugins/nat/nat44-ed/nat44_ed_cli.c line 1984

Implementation: snat_ipfix_logging_enable_disable_command_fn

nat mss-clamping

nat mss-clamping <mss-value>|disable
nat mss-clamping

Set TCP MSS rewriting configuration
To enable TCP MSS rewriting use:
 vpp# nat mss-clamping 1452
To disbale TCP MSS rewriting use:
 vpp# nat mss-clamping disable

Declaration: nat_set_mss_clamping_command src/plugins/nat/nat44-ed/nat44_ed_cli.c line 2001

Implementation: nat_set_mss_clamping_command_fn

nat set logging level

nat set logging level <level>
nat set logging level

To set NAT logging level use:
Set nat logging level

Declaration: snat_set_log_level_command src/plugins/nat/nat44-ed/nat44_ed_cli.c line 1969

Implementation: snat_set_log_level_command_fn

nat44 add address

nat44 add address <ip4-range-start> [- <ip4-range-end>] [tenant-vrf <vrf-id>] [twice-nat] [del]
nat44 add address

Add/delete NAT44 pool address.
To add NAT44 pool address use:
 vpp# nat44 add address 172.16.1.3
 vpp# nat44 add address 172.16.2.2 - 172.16.2.24
To add NAT44 pool address for specific tenant (identified by VRF id) use:
 vpp# nat44 add address 172.16.1.3 tenant-vrf 10

Declaration: add_address_command src/plugins/nat/nat44-ed/nat44_ed_cli.c line 2042

Implementation: add_address_command_fn

nat44 add identity mapping

nat44 add identity mapping <ip4-addr>|external <interface> [<protocol> <port>] [vrf <table-id>] [del]
nat44 add identity mapping

Identity mapping translate an IP address to itself.
To create identity mapping for address 10.0.0.3 port 6303 for TCP protocol
use:
 vpp# nat44 add identity mapping 10.0.0.3 tcp 6303
To create identity mapping for address 10.0.0.3 use:
 vpp# nat44 add identity mapping 10.0.0.3
To create identity mapping for DHCP addressed interface use:
 vpp# nat44 add identity mapping external GigabitEthernet0/a/0 tcp 3606

Declaration: add_identity_mapping_command src/plugins/nat/nat44-ed/nat44_ed_cli.c line 2166

Implementation: add_identity_mapping_command_fn

nat44 add interface address

nat44 add interface address <interface> [twice-nat] [del]
nat44 add interface address

Use NAT44 pool address from specific interfce
To add NAT44 pool address from specific interface use:
 vpp# nat44 add interface address GigabitEthernet0/8/0

Declaration: snat_add_interface_address_command src/plugins/nat/nat44-ed/nat44_ed_cli.c line 2240

Implementation: snat_add_interface_address_command_fn

nat44 add load-balancing back-end

nat44 add load-balancing back-end protocol tcp|udp external <addr>:<port> local <addr>:<port> [vrf <table-id>] probability <n> [del]
nat44 add load-balancing static mapping

Modify service load balancing using NAT44
To add new back-end server 10.100.10.30:8080 for service load balancing
static mapping with external IP address 1.2.3.4 and TCP port 80 use:
 vpp# nat44 add load-balancing back-end protocol tcp external 1.2.3.4:80 local 10.100.10.30:8080 probability 25

Declaration: add_lb_backend_command src/plugins/nat/nat44-ed/nat44_ed_cli.c line 2202

Implementation: add_lb_backend_command_fn

nat44 add load-balancing static mapping

nat44 add load-balancing static mapping protocol tcp|udp external <addr>:<port> local <addr>:<port> [vrf <table-id>] probability <n> [twice-nat|self-twice-nat] [out2in-only] [affinity <timeout-seconds>] [del]
nat44 add load-balancing static mapping

Service load balancing using NAT44
To add static mapping with load balancing for service with external IP
address 1.2.3.4 and TCP port 80 and mapped to 2 local servers
10.100.10.10:8080 and 10.100.10.20:8080 with probability 80% resp. 20% use:
 vpp# nat44 add load-balancing static mapping protocol tcp external 1.2.3.4:80 local 10.100.10.10:8080 probability 80 local 10.100.10.20:8080 probability 20

Declaration: add_lb_static_mapping_command src/plugins/nat/nat44-ed/nat44_ed_cli.c line 2183

Implementation: add_lb_static_mapping_command_fn

nat44 add static mapping

nat44 add static mapping tcp|udp|icmp local <addr> [<port|icmp-echo-id>] external <addr> [<port|icmp-echo-id>] [vrf <table-id>] [twice-nat|self-twice-nat] [out2in-only] [exact <pool-addr>] [del]
nat44 add static mapping

Static mapping allows hosts on the external network to initiate connection
to to the local network host.
To create static mapping between local host address 10.0.0.3 port 6303 and
external address 4.4.4.4 port 3606 for TCP protocol use:
 vpp# nat44 add static mapping tcp local 10.0.0.3 6303 external 4.4.4.4 3606
If not runnig "static mapping only" NAT plugin mode use before:
 vpp# nat44 add address 4.4.4.4
To create address only static mapping between local and external address use:
 vpp# nat44 add static mapping local 10.0.0.3 external 4.4.4.4
To create ICMP static mapping between local and external with ICMP echo
identifier 10 use:
 vpp# nat44 add static mapping icmp local 10.0.0.3 10 external 4.4.4.4 10
To force use of specific pool address, vrf independent
 vpp# nat44 add static mapping local 10.0.0.2 1234 external 10.0.2.2 1234 twice-nat exact 10.0.1.2

Declaration: add_static_mapping_command src/plugins/nat/nat44-ed/nat44_ed_cli.c line 2144

Implementation: add_static_mapping_command_fn

nat44 del session

nat44 del session in|out <addr>:<port> tcp|udp|icmp [vrf <id>] [external-host <addr>:<port>]
nat44 del session

To administratively delete NAT44 session by inside address and port use:
 vpp# nat44 del session in 10.0.0.3:6303 tcp
To administratively delete NAT44 session by outside address and port use:
 vpp# nat44 del session out 1.0.0.3:6033 udp

Declaration: nat44_del_session_command src/plugins/nat/nat44-ed/nat44_ed_cli.c line 2337

Implementation: nat44_del_session_command_fn

nat44 forwarding

nat44 forwarding enable|disable
nat44 forwarding

Enable or disable forwarding
Forward packets which don't match existing translation
or static mapping instead of dropping them.
To enable forwarding, use:
 vpp# nat44 forwarding enable
To disable forwarding, use:
 vpp# nat44 forwarding disable

Declaration: snat_forwarding_set_command src/plugins/nat/nat44-ed/nat44_ed_cli.c line 2355

Implementation: snat_forwarding_set_command_fn

nat44 plugin

nat44 plugin <enable [sessions <max-number>] [inside-vrf <vrf-id>] [outside-vrf <vrf-id>]>|disable
nat44

Enable nat44 plugin
To enable nat44-ed, use:
 vpp# nat44 plugin enable
To disable nat44-ed, use:
 vpp# nat44 plugin disable
To set inside-vrf outside-vrf, use:
 vpp# nat44 plugin enable inside-vrf <id> outside-vrf <id>

Declaration: nat44_ed_enable_disable_command src/plugins/nat/nat44-ed/nat44_ed_cli.c line 1879

Implementation: nat44_ed_enable_disable_command_fn

nat44 vrf route

nat44 vrf route [add|del] table <vrf-id> <vrf-id>
nat44 vrf route

Add inter VRF route record to VRF routing table
 vpp# nat44 vrf route add table 10 20

Declaration: nat44_ed_add_del_vrf_route_command src/plugins/nat/nat44-ed/nat44_ed_cli.c line 2266

Implementation: nat44_ed_add_del_vrf_route_command_fn

nat44 vrf table

nat44 vrf table [add|del] <vrf-id>
nat44 vrf table

Add empty inter VRF routing table
 vpp# nat44 vrf table add 10

Declaration: nat44_ed_add_del_vrf_table_command src/plugins/nat/nat44-ed/nat44_ed_cli.c line 2253

Implementation: nat44_ed_add_del_vrf_table_command_fn

set interface nat44

set interface nat44 in <intfc> out <intfc> [output-feature] [del]
set interface nat44

Enable/disable NAT44 feature on the interface.
To enable NAT44 feature with local network interface use:
 vpp# set interface nat44 in GigabitEthernet0/8/0
To enable NAT44 feature with external network interface use:
 vpp# set interface nat44 out GigabitEthernet0/a/0

Declaration: set_interface_snat_command src/plugins/nat/nat44-ed/nat44_ed_cli.c line 2102

Implementation: snat_feature_command_fn

set nat frame-queue-nelts

set nat frame-queue-nelts <number>
set nat frame-queue-nelts

Set number of worker handoff frame queue elements.

Declaration: set_frame_queue_nelts_command src/plugins/nat/nat44-ed/nat44_ed_cli.c line 1956

Implementation: set_frame_queue_nelts_command_fn

set nat timeout

set nat timeout [udp <sec> | tcp-established <sec> tcp-transitory <sec> | icmp <sec> | reset]
set nat timeout

Set values of timeouts for NAT sessions (in seconds), use:
 vpp# set nat timeout udp 120 tcp-established 7500 tcp-transitory 250 icmp 90
To reset default values use:
 vpp# set nat timeout reset

Declaration: set_timeout_command src/plugins/nat/nat44-ed/nat44_ed_cli.c line 1925

Implementation: set_timeout_command_fn

set nat workers

set nat workers <workers-list>
set snat workers

Set NAT workers if 2 or more workers available, use:
 vpp# set snat workers 0-2,5

Declaration: set_workers_command src/plugins/nat/nat44-ed/nat44_ed_cli.c line 1894

Implementation: set_workers_command_fn

set nat44 session limit

set nat44 session limit <limit> [vrf <table-id>]
set nat44 session limit

Set NAT44 session limit.

Declaration: nat44_set_session_limit_command src/plugins/nat/nat44-ed/nat44_ed_cli.c line 2322

Implementation: nat44_set_session_limit_command_fn

show nat mss-clamping

show nat mss-clamping
show nat mss-clamping

Show TCP MSS rewriting configuration

Declaration: nat_show_mss_clamping_command src/plugins/nat/nat44-ed/nat44_ed_cli.c line 2013

Implementation: nat_show_mss_clamping_command_fn

show nat timeouts

show nat timeouts
show nat timeouts

Show values of timeouts for NAT sessions.
vpp# show nat timeouts
udp timeout: 300sec
tcp-established timeout: 7440sec
tcp-transitory timeout: 240sec
icmp timeout: 60sec

Declaration: nat_show_timeouts_command src/plugins/nat/nat44-ed/nat44_ed_cli.c line 1944

Implementation: nat_show_timeouts_command_fn

show nat workers

show nat workers
show nat workers

Show NAT workers.
 vpp# show nat workers:
 2 workers
   vpp_wk_0
   vpp_wk_1

Declaration: nat_show_workers_command src/plugins/nat/nat44-ed/nat44_ed_cli.c line 1910

Implementation: nat_show_workers_command_fn

show nat44 addresses

show nat44 addresses
show nat44 addresses

Show NAT44 pool addresses.
vpp# show nat44 addresses
NAT44 pool addresses:
172.16.2.2
  tenant VRF independent
  10 busy udp ports
  0 busy tcp ports
  0 busy icmp ports
172.16.1.3
  tenant VRF: 10
  0 busy udp ports
  2 busy tcp ports
  0 busy icmp ports
NAT44 twice-nat pool addresses:
10.20.30.72
  tenant VRF independent
  0 busy udp ports
  0 busy tcp ports
  0 busy icmp ports

Declaration: nat44_show_addresses_command src/plugins/nat/nat44-ed/nat44_ed_cli.c line 2086

Implementation: nat44_show_addresses_command_fn

show nat44 hash tables

show nat44 hash tables [detail|verbose]
show nat44 hash tables

Show NAT44 hash tables

Declaration: nat44_show_hash src/plugins/nat/nat44-ed/nat44_ed_cli.c line 2025

Implementation: nat44_show_hash_command_fn

show nat44 interface address

show nat44 interface address
show nat44 interface address

Show NAT44 pool address interfaces
vpp# show nat44 interface address
NAT44 pool address interfaces:
 GigabitEthernet0/a/0
NAT44 twice-nat pool address interfaces:
 GigabitEthernet0/8/0

Declaration: nat44_show_interface_address_command src/plugins/nat/nat44-ed/nat44_ed_cli.c line 2296

Implementation: nat44_show_interface_address_command_fn

show nat44 interfaces

show nat44 interfaces
show nat44 interfaces

Show interfaces with NAT44 feature.
vpp# show nat44 interfaces
NAT44 interfaces:
 GigabitEthernet0/8/0 in
 GigabitEthernet0/a/0 out

Declaration: nat44_show_interfaces_command src/plugins/nat/nat44-ed/nat44_ed_cli.c line 2119

Implementation: nat44_show_interfaces_command_fn

show nat44 sessions

show nat44 sessions [filter {i2o | o2i} {saddr <ip4-addr> | sport <n> | daddr <ip4-addr> | dport <n> | proto <proto>} [filter .. [..]]]
show nat44 sessions

Show NAT44 sessions.

Declaration: nat44_show_sessions_command src/plugins/nat/nat44-ed/nat44_ed_cli.c line 2308

Implementation: nat44_show_sessions_command_fn

show nat44 static mappings

show nat44 static mappings
show nat44 static mappings

Show NAT44 static mappings.
vpp# show nat44 static mappings
NAT44 static mappings:
 local 10.0.0.3 external 4.4.4.4 vrf 0
 tcp local 192.168.0.4:6303 external 4.4.4.3:3606 vrf 0
 tcp vrf 0 external 1.2.3.4:80  out2in-only
  local 10.100.10.10:8080 probability 80
  local 10.100.10.20:8080 probability 20
 tcp local 10.100.3.8:8080 external 169.10.10.1:80 vrf 0 twice-nat
 tcp local 10.0.0.10:3603 external GigabitEthernet0/a/0:6306 vrf 10

Declaration: nat44_show_static_mappings_command src/plugins/nat/nat44-ed/nat44_ed_cli.c line 2226

Implementation: nat44_show_static_mappings_command_fn

show nat44 summary

show nat44 summary
show nat44 summary

Show NAT44 summary
vpp# show nat44 summary

Declaration: nat44_show_summary_command src/plugins/nat/nat44-ed/nat44_ed_cli.c line 2056

Implementation: nat44_show_summary_command_fn

show nat44 vrf tables

show nat44 vrf tables
show nat44 vrf tables

Show inter VRF route tables
 vpp# show nat44 vrf tables

Declaration: nat44_ed_show_vrf_tables_command src/plugins/nat/nat44-ed/nat44_ed_cli.c line 2279

Implementation: nat44_ed_show_vrf_tables_command_fn