FD.io VPP  v17.07.01-10-g3be13f0
Vector Packet Processing
src/plugins/snat

nat64 add pool address

Summary/usage

nat64 add pool address <ip4-range-start> [- <ip4-range-end>] [tenant-vrf <vrf-id>] [del].

Description

Example usage
vpp# nat64 add pool address
Add/delete NAT64 pool address.
To add single NAT64 pool address use:
 vpp# nat64 add pool address 10.1.1.10
To add NAT64 pool address range use:
 vpp# nat64 add pool address 10.1.1.2 - 10.1.1.5
To add NAT64 pool address for specific tenant use:
 vpp# nat64 add pool address 10.1.1.100 tenant-vrf 100

Declaration and implementation

Declaration: nat64_add_pool_address_command (src/plugins/snat/nat64_cli.c line 728)

Implementation: nat64_add_del_pool_addr_command_fn.

nat64 add prefix

Summary/usage

nat64 add prefix <ip6-prefix>/<plen> [tenant-vrf <vrf-id>] [del].

Description

Example usage
vpp# nat64 add prefix
Set NAT64 prefix for generating IPv6 representations of IPv4 addresses.
To set NAT64 global prefix use:
 vpp# nat64 add prefix 2001:db8::/32
To set NAT64 prefix for specific tenant use:
 vpp# nat64 add prefix 2001:db8:122:300::/56 tenant-vrf 10

Declaration and implementation

Declaration: nat64_add_del_prefix_command (src/plugins/snat/nat64_cli.c line 900)

Implementation: nat64_add_del_prefix_command_fn.

nat64 add static bib

Summary/usage

nat64 add static bib <ip6-addr> <port> <ip4-addr> <port> tcp|udp|icmp [vfr <table-id>] [del].

Description

Example usage
vpp# nat64 add static bib
Add/delete NAT64 static BIB entry.
To create NAT64 satatic BIB entry use:
 vpp# nat64 add static bib 2001:db8:c000:221:: 1234 10.1.1.3 5678 tcp
 vpp# nat64 add static bib 2001:db8:c000:221:: 1234 10.1.1.3 5678 udp vrf 10

Declaration and implementation

Declaration: nat64_add_del_static_bib_command (src/plugins/snat/nat64_cli.c line 793)

Implementation: nat64_add_del_static_bib_command_fn.

set interface nat64

Summary/usage

set interface nat64 in|out <intfc> [del].

Description

Example usage
vpp# set interface nat64
Enable/disable NAT64 feature on the interface.
To enable NAT64 feature with local (IPv6) network interface
GigabitEthernet0/8/0 and external (IPv4) network interface
GigabitEthernet0/a/0 use:
 vpp# set interface nat64 in GigabitEthernet0/8/0 out GigabitEthernet0/a/0

Declaration and implementation

Declaration: set_interface_nat64_command (src/plugins/snat/nat64_cli.c line 761)

Implementation: nat64_interface_feature_command_fn.

set interface snat

Summary/usage

set interface snat in <intfc> out <intfc> [del].

Declaration and implementation

Declaration: set_interface_snat_command (src/plugins/snat/snat.c line 1105)

Implementation: snat_feature_command_fn.

set nat64 timeouts

Summary/usage

set nat64 timeouts udp <sec> icmp <sec> tcp-trans <sec> tcp-est <sec> tcp-incoming-syn <sec> | reset.

Description

Example usage
vpp# set nat64 timeouts
Set NAT64 session timeouts (in seconds).
To set NAT64 session timeoutes use use:
 vpp# set nat64 timeouts udp 200 icmp 30 tcp-trans 250 tcp-est 7450
To reset NAT64 session timeoutes to default values use:
 vpp# set nat64 timeouts reset

Declaration and implementation

Declaration: set_nat64_timeouts_command (src/plugins/snat/nat64_cli.c line 836)

Implementation: nat64_set_timeouts_command_fn.

set snat deterministic timeout

Summary/usage

set snat deterministic timeout [udp <sec> | tcp-established <sec> tcp-transitory <sec> | icmp <sec> | reset].

Description

Example usage
vpp# set snat deterministic timeout
Set values of timeouts for deterministic NAT (in seconds), use:
 vpp# set snat deterministic timeout udp 120 tcp-established 7500
 tcp-transitory 250 icmp 90
To reset default values use:
 vpp# set snat deterministic timeout reset

Declaration and implementation

Declaration: set_timeout_command (src/plugins/snat/snat.c line 2407)

Implementation: set_timeout_command_fn.

set snat workers

Summary/usage

set snat workers <workers-list>.

Description

Example usage
vpp# set snat workers
Set SNAT workers if 2 or more workers available, use:
 vpp# set snat workers 0-2,5

Declaration and implementation

Declaration: set_workers_command (src/plugins/snat/snat.c line 1318)

Implementation: set_workers_command_fn.

show nat64 bib

Summary/usage

show nat64 bib tcp|udp|icmp.

Description

Example usage
vpp# show nat64 bib
Show NAT64 BIB entries.
To show NAT64 TCP BIB entries use:
 vpp# show nat64 bib tcp
 NAT64 tcp BIB:
  fd01:1::2 6303 10.0.0.3 62303 tcp vrf 0 dynamic 1 sessions
  2001:db8:c000:221:: 1234 10.1.1.3 5678 tcp vrf 0 static 2 sessions
To show NAT64 UDP BIB entries use:
 vpp# show nat64 bib udp
 NAT64 udp BIB:
  fd01:1::2 6304 10.0.0.3 10546 udp vrf 0 dynamic 10 sessions
  2001:db8:c000:221:: 1234 10.1.1.3 5678 udp vrf 10 static 0 sessions
To show NAT64 ICMP BIB entries use:
 vpp# show nat64 bib icmp
 NAT64 icmp BIB:
  fd01:1::2 6305 10.0.0.3 63209 icmp vrf 10 dynamic 1 sessions

Declaration and implementation

Declaration: show_nat64_bib_command (src/plugins/snat/nat64_cli.c line 820)

Implementation: nat64_show_bib_command_fn.

show nat64 interfaces

Summary/usage

show nat64 interfaces.

Description

Example usage
vpp# show nat64 interfaces
Show interfaces with NAT64 feature.
To show interfaces with NAT64 feature use:
 vpp# show nat64 interfaces
 NAT64 interfaces:
  GigabitEthernet0/8/0 in
  GigabitEthernet0/a/0 out

Declaration and implementation

Declaration: show_nat64_interfaces_command (src/plugins/snat/nat64_cli.c line 778)

Implementation: nat64_show_interfaces_command_fn.

show nat64 pool

Summary/usage

show nat64 pool.

Description

Example usage
vpp# show nat64 pool
Show NAT64 pool.
 vpp# show nat64 pool
 NAT64 pool:
  10.1.1.3 tenant VRF: 0
  10.1.1.10 tenant VRF: 10

Declaration and implementation

Declaration: show_nat64_pool_command (src/plugins/snat/nat64_cli.c line 745)

Implementation: nat64_show_pool_command_fn.

show nat64 prefix

Summary/usage

show nat64 prefix.

Description

Example usage
vpp# show nat64 prefix
Show NAT64 prefix.
To show NAT64 prefix use:
 vpp# show nat64 prefix
 NAT64 prefix:
  2001:db8::/32 tenant-vrf 0
  2001:db8:122:300::/56 tenant-vrf 10

Declaration and implementation

Declaration: show_nat64_prefix_command (src/plugins/snat/nat64_cli.c line 918)

Implementation: nat64_show_prefix_command_fn.

show nat64 session table

Summary/usage

show nat64 session table tcp|udp|icmp.

Description

Example usage
vpp# show nat64 session table
Show NAT64 session table.
To show NAT64 TCP session table use:
 vpp# show nat64 session table tcp
 NAT64 tcp session table:
  fd01:1::2 6303 64:ff9b::ac10:202 20 10.0.0.3 62303 172.16.2.2 20 tcp vrf 0
  fd01:3::2 6303 64:ff9b::ac10:202 20 10.0.10.3 21300 172.16.2.2 20 tcp vrf 10
To show NAT64 UDP session table use:
#vpp show nat64 session table udp
NAT64 udp session table:
 fd01:1::2 6304 64:ff9b::ac10:202 20 10.0.0.3 10546 172.16.2.2 20 udp vrf 0
 fd01:3::2 6304 64:ff9b::ac10:202 20 10.0.10.3 58627 172.16.2.2 20 udp vrf 10
 fd01:1::2 1235 64:ff9b::a00:3 4023 10.0.0.3 24488 10.0.0.3 4023 udp vrf 0
 fd01:1::3 23 64:ff9b::a00:3 24488 10.0.0.3 4023 10.0.0.3 24488 udp vrf 0
To show NAT64 ICMP session table use:
#vpp show nat64 session table icmp
NAT64 icmp session table:
 fd01:1::2 64:ff9b::ac10:202 6305 10.0.0.3 172.16.2.2 63209 icmp vrf 0

Declaration and implementation

Declaration: show_nat64_st_command (src/plugins/snat/nat64_cli.c line 884)

Implementation: nat64_show_st_command_fn.

show nat64 tiemouts

Summary/usage

show nat64 tiemouts.

Description

Example usage
vpp# show nat64 tiemouts
Show NAT64 session timeouts:
 vpp# show nat64 tiemouts
 NAT64 session timeouts:
  UDP 300sec
  ICMP 60sec
  TCP transitory 240sec
  TCP established 7440sec
  TCP incoming SYN 6sec

Declaration and implementation

Declaration: show_nat64_timeouts_command (src/plugins/snat/nat64_cli.c line 856)

Implementation: nat64_show_timeouts_command_fn.

show snat

Summary/usage

show snat.

Declaration and implementation

Declaration: show_snat_command (src/plugins/snat/snat.c line 1966)

Implementation: show_snat_command_fn.

snat add address

Summary/usage

snat add addresses <ip4-range-start> [- <ip4-range-end>] [tenant-vrf <vrf-id>] [del].

Declaration and implementation

Declaration: add_address_command (src/plugins/snat/snat.c line 1034)

Implementation: add_address_command_fn.

snat add interface address

Summary/usage

snat add interface address <interface> [del].

Declaration and implementation

Declaration: snat_add_interface_address_command (src/plugins/snat/snat.c line 2150)

Implementation: snat_add_interface_address_command_fn.

snat add static mapping

Summary/usage

snat add static mapping local tcp|udp|icmp <addr> [<port>] external <addr> [<port>] [vrf <table-id>] [del].

Description

Example usage
vpp# snat add static mapping
Static mapping allows hosts on the external network to initiate connection
to to the local network host.
To create static mapping between local host address 10.0.0.3 port 6303 and
external address 4.4.4.4 port 3606 for TCP protocol use:
 vpp# snat add static mapping local tcp 10.0.0.3 6303 external 4.4.4.4 3606
If not runnig "static mapping only" S-NAT plugin mode use before:
 vpp# snat add address 4.4.4.4
To create static mapping between local and external address use:
 vpp# snat add static mapping local 10.0.0.3 external 4.4.4.4

Declaration and implementation

Declaration: add_static_mapping_command (src/plugins/snat/snat.c line 1249)

Implementation: add_static_mapping_command_fn.

snat deterministic add

Summary/usage

snat deterministic add in <addr>/<plen> out <addr>/<plen> [del].

Description

Example usage
vpp# snat deterministic add
Create bijective mapping of inside address to outside address and port range
pairs, with the purpose of enabling deterministic NAT to reduce logging in
CGN deployments.
To create deterministic mapping between inside network 10.0.0.0/18 and
outside network 1.1.1.0/30 use:
# vpp# snat deterministic add in 10.0.0.0/18 out 1.1.1.0/30

Declaration and implementation

Declaration: snat_det_map_command (src/plugins/snat/snat.c line 2216)

Implementation: snat_det_map_command_fn.

snat deterministic close session in

Summary/usage

snat deterministic close session in <in_addr>:<in_port> <ext_addr>:<ext_port>.

Description

Example usage
vpp# snat deterministic close_session_in
Close session using inside ip address and port
and external ip address and port, use:
 vpp# snat deterministic close session in 3.3.3.3:3487 2.2.2.2:2387

Declaration and implementation

Declaration: snat_det_close_session_in_command (src/plugins/snat/snat.c line 2548)

Implementation: snat_det_close_session_in_fn.

snat deterministic close session out

Summary/usage

snat deterministic close session out <out_addr>:<out_port> <ext_addr>:<ext_port>.

Description

Example usage
vpp# snat deterministic close session out
Close session using outside ip address and port
and external ip address and port, use:
 vpp# snat deterministic close session out 1.1.1.1:1276 2.2.2.2:2387

Declaration and implementation

Declaration: snat_det_close_sesion_out_command (src/plugins/snat/snat.c line 2479)

Implementation: snat_det_close_session_out_fn.

snat deterministic forward

Summary/usage

snat deterministic forward <addr>.

Description

Example usage
vpp# snat deterministic forward
Return outside address and port range from inside address for deterministic
NAT.
To obtain outside address and port of inside host use:
 vpp# snat deterministic forward 10.0.0.2
 1.1.1.0:<1054-1068>

Declaration and implementation

Declaration: snat_det_forward_command (src/plugins/snat/snat.c line 2278)

Implementation: snat_det_forward_command_fn.

snat deterministic reverse

Summary/usage

snat deterministic reverse <addr>:<port>.

Description

Example usage
vpp# snat deterministic reverse
Return inside address from outside address and port for deterministic NAT.
To obtain inside host address from outside address and port use:
 #vpp snat deterministic reverse 1.1.1.1:1276
 10.0.16.16

Declaration and implementation

Declaration: snat_det_reverse_command (src/plugins/snat/snat.c line 2343)

Implementation: snat_det_reverse_command_fn.

snat ipfix logging

Summary/usage

snat ipfix logging [domain <domain-id>] [src-port <port>] [disable].

Description

Example usage
vpp# snat ipfix logging
To enable SNAT IPFIX logging use:
 vpp# snat ipfix logging
To set IPFIX exporter use:
 vpp# set ipfix exporter collector 10.10.10.3 src 10.10.10.1

Declaration and implementation

Declaration: snat_ipfix_logging_enable_disable_command (src/plugins/snat/snat.c line 1380)

Implementation: snat_ipfix_logging_enable_disable_command_fn.