FD.io VPP
v18.01.2-1-g9b554f3
Vector Packet Processing
|
dslite add pool address <ip4-range-start> [- <ip4-range-end>] [del].
Declaration: dslite_add_pool_address_command (src/plugins/nat/dslite_cli.c line 241)
Implementation: dslite_add_del_pool_addr_command_fn.
dslite set aftr-tunnel-endpoint-address <ip6>.
Declaration: dslite_set_aftr_tunnel_addr (src/plugins/nat/dslite_cli.c line 254)
Implementation: dslite_set_aftr_tunnel_addr_command_fn.
nat addr-port-assignment-alg <alg-name> [<alg-params>].
Declaration: nat44_set_alloc_addr_and_port_alg_command (src/plugins/nat/nat.c line 3855)
Implementation: nat44_set_alloc_addr_and_port_alg_command_fn.
nat ipfix logging [domain <domain-id>] [src-port <port>] [disable].
vpp# snat ipfix logging
To enable NAT IPFIX logging use:
vpp# nat ipfix logging
To set IPFIX exporter use:
vpp# set ipfix exporter collector 10.10.10.3 src 10.10.10.1
Declaration: snat_ipfix_logging_enable_disable_command (src/plugins/nat/nat.c line 2727)
Implementation: snat_ipfix_logging_enable_disable_command_fn.
nat virtual-reassembly ip4|ip6 [max-reassemblies <n>] [max-fragments <n>] [timeout <sec>] [enable|disable].
Declaration: nat_reass_command (src/plugins/nat/nat_reass.c line 746)
Implementation: nat_reass_command_fn.
nat44 add address <ip4-range-start> [- <ip4-range-end>] [tenant-vrf <vrf-id>] [twice-nat] [del].
Declaration: add_address_command (src/plugins/nat/nat.c line 2128)
Implementation: add_address_command_fn.
nat44 add identity mapping <interface>|<ip4-addr> [<protocol> <port>] [vrf <table-id>] [del].
vpp# snat add identity mapping
Identity mapping translate an IP address to itself.
To create identity mapping for address 10.0.0.3 port 6303 for TCP protocol
use:
vpp# nat44 add identity mapping 10.0.0.3 tcp 6303
To create identity mapping for address 10.0.0.3 use:
vpp# nat44 add identity mapping 10.0.0.3
To create identity mapping for DHCP addressed interface use:
vpp# nat44 add identity mapping GigabitEthernet0/a/0 tcp 3606
Declaration: add_identity_mapping_command (src/plugins/nat/nat.c line 2496)
Implementation: add_identity_mapping_command_fn.
nat44 add interface address <interface> [twice-nat] [del].
Declaration: snat_add_interface_address_command (src/plugins/nat/nat.c line 3696)
Implementation: snat_add_interface_address_command_fn.
nat44 add load-balancing static mapping protocol tcp|udp external <addr>:<port> local <addr>:<port> probability <n> [twice-nat] [vrf <table-id>] [del].
Declaration: add_lb_static_mapping_command (src/plugins/nat/nat.c line 2594)
Implementation: add_lb_static_mapping_command_fn.
nat44 add static mapping tcp|udp|icmp local <addr> [<port>] external <addr> [<port>] [vrf <table-id>] [twice-nat] [del].
vpp# snat add static mapping
Static mapping allows hosts on the external network to initiate connection
to to the local network host.
To create static mapping between local host address 10.0.0.3 port 6303 and
external address 4.4.4.4 port 3606 for TCP protocol use:
vpp# nat44 add static mapping tcp local 10.0.0.3 6303 external 4.4.4.4 3606
If not runnig "static mapping only" NAT plugin mode use before:
vpp# nat44 add address 4.4.4.4
To create static mapping between local and external address use:
vpp# nat44 add static mapping local 10.0.0.3 external 4.4.4.4
Declaration: add_static_mapping_command (src/plugins/nat/nat.c line 2400)
Implementation: add_static_mapping_command_fn.
nat44 del session in|out <addr>:<port> tcp|udp|icmp [vrf <id>].
Declaration: nat44_del_session_command (src/plugins/nat/nat.c line 3809)
Implementation: nat44_del_session_command_fn.
nat44 deterministic add in <addr>/<plen> out <addr>/<plen> [del].
vpp# snat deterministic add
Create bijective mapping of inside address to outside address and port range
pairs, with the purpose of enabling deterministic NAT to reduce logging in
CGN deployments.
To create deterministic mapping between inside network 10.0.0.0/18 and
outside network 1.1.1.0/30 use:
# vpp# nat44 deterministic add in 10.0.0.0/18 out 1.1.1.0/30
Declaration: snat_det_map_command (src/plugins/nat/nat.c line 3919)
Implementation: snat_det_map_command_fn.
nat44 deterministic close session in <in_addr>:<in_port> <ext_addr>:<ext_port>.
vpp# snat deterministic close_session_in
Close session using inside ip address and port
and external ip address and port, use:
vpp# nat44 deterministic close session in 3.3.3.3:3487 2.2.2.2:2387
Declaration: snat_det_close_session_in_command (src/plugins/nat/nat.c line 4246)
Implementation: snat_det_close_session_in_fn.
nat44 deterministic close session out <out_addr>:<out_port> <ext_addr>:<ext_port>.
vpp# snat deterministic close session out
Close session using outside ip address and port
and external ip address and port, use:
vpp# nat44 deterministic close session out 1.1.1.1:1276 2.2.2.2:2387
Declaration: snat_det_close_sesion_out_command (src/plugins/nat/nat.c line 4177)
Implementation: snat_det_close_session_out_fn.
nat44 deterministic forward <addr>.
vpp# snat deterministic forward
Return outside address and port range from inside address for deterministic
NAT.
To obtain outside address and port of inside host use:
vpp# nat44 deterministic forward 10.0.0.2
1.1.1.0:<1054-1068>
Declaration: snat_det_forward_command (src/plugins/nat/nat.c line 3979)
Implementation: snat_det_forward_command_fn.
nat44 deterministic reverse <addr>:<port>.
vpp# snat deterministic reverse
Return inside address from outside address and port for deterministic NAT.
To obtain inside host address from outside address and port use:
#vpp nat44 deterministic reverse 1.1.1.1:1276
10.0.16.16
Declaration: snat_det_reverse_command (src/plugins/nat/nat.c line 4043)
Implementation: snat_det_reverse_command_fn.
nat44 forwarding enable|disable.
vpp# nat44 forwarding
Enable or disable forwarding
Forward packets which don't match existing translation
or static mapping instead of dropping them.
To enable forwarding, use:
vpp# nat44 forwarding enable
To disable forwarding, use:
vpp# nat44 forwarding disable
Declaration: snat_forwarding_set_command (src/plugins/nat/nat.c line 4314)
Implementation: snat_forwarding_set_command_fn.
nat64 add interface address <interface> [del].
vpp# nat64 add interface address
Add/delete NAT64 pool address from specific (DHCP addressed) interface.
To add NAT64 pool address from specific interface use:
vpp# nat64 add interface address GigabitEthernet0/8/0
Declaration: nat64_add_interface_address_command (src/plugins/nat/nat64_cli.c line 1052)
Implementation: nat64_add_interface_address_command_fn.
nat64 add pool address <ip4-range-start> [- <ip4-range-end>] [tenant-vrf <vrf-id>] [del].
vpp# nat64 add pool address
Add/delete NAT64 pool address.
To add single NAT64 pool address use:
vpp# nat64 add pool address 10.1.1.10
To add NAT64 pool address range use:
vpp# nat64 add pool address 10.1.1.2 - 10.1.1.5
To add NAT64 pool address for specific tenant use:
vpp# nat64 add pool address 10.1.1.100 tenant-vrf 100
Declaration: nat64_add_pool_address_command (src/plugins/nat/nat64_cli.c line 848)
Implementation: nat64_add_del_pool_addr_command_fn.
nat64 add prefix <ip6-prefix>/<plen> [tenant-vrf <vrf-id>] [del] [interface <interface].
vpp# nat64 add prefix
Set NAT64 prefix for generating IPv6 representations of IPv4 addresses.
To set NAT64 global prefix use:
vpp# nat64 add prefix 2001:db8::/32
To set NAT64 prefix for specific tenant use:
vpp# nat64 add prefix 2001:db8:122:300::/56 tenant-vrf 10
Declaration: nat64_add_del_prefix_command (src/plugins/nat/nat64_cli.c line 1020)
Implementation: nat64_add_del_prefix_command_fn.
nat64 add static bib <ip6-addr> <port> <ip4-addr> <port> tcp|udp|icmp [vfr <table-id>] [del].
vpp# nat64 add static bib
Add/delete NAT64 static BIB entry.
To create NAT64 satatic BIB entry use:
vpp# nat64 add static bib 2001:db8:c000:221:: 1234 10.1.1.3 5678 tcp
vpp# nat64 add static bib 2001:db8:c000:221:: 1234 10.1.1.3 5678 udp vrf 10
Declaration: nat64_add_del_static_bib_command (src/plugins/nat/nat64_cli.c line 913)
Implementation: nat64_add_del_static_bib_command_fn.
set interface nat44 in <intfc> out <intfc> [output-feature] [del].
Declaration: set_interface_snat_command (src/plugins/nat/nat.c line 2244)
Implementation: snat_feature_command_fn.
set interface nat64 in|out <intfc> [del].
vpp# set interface nat64
Enable/disable NAT64 feature on the interface.
To enable NAT64 feature with local (IPv6) network interface
GigabitEthernet0/8/0 and external (IPv4) network interface
GigabitEthernet0/a/0 use:
vpp# set interface nat64 in GigabitEthernet0/8/0 out GigabitEthernet0/a/0
Declaration: set_interface_nat64_command (src/plugins/nat/nat64_cli.c line 881)
Implementation: nat64_interface_feature_command_fn.
set nat workers <workers-list>.
vpp# set snat workers
Set NAT workers if 2 or more workers available, use:
vpp# set snat workers 0-2,5
Declaration: set_workers_command (src/plugins/nat/nat.c line 2665)
Implementation: set_workers_command_fn.
set nat44 deterministic timeout [udp <sec> | tcp-established <sec> tcp-transitory <sec> | icmp <sec> | reset].
vpp# set snat deterministic timeout
Set values of timeouts for deterministic NAT (in seconds), use:
vpp# set nat44 deterministic timeout udp 120 tcp-established 7500
tcp-transitory 250 icmp 90
To reset default values use:
vpp# set nat44 deterministic timeout reset
Declaration: set_timeout_command (src/plugins/nat/nat.c line 4105)
Implementation: set_timeout_command_fn.
set nat64 timeouts udp <sec> icmp <sec> tcp-trans <sec> tcp-est <sec> tcp-incoming-syn <sec> | reset.
vpp# set nat64 timeouts
Set NAT64 session timeouts (in seconds).
To set NAT64 session timeoutes use use:
vpp# set nat64 timeouts udp 200 icmp 30 tcp-trans 250 tcp-est 7450
To reset NAT64 session timeoutes to default values use:
vpp# set nat64 timeouts reset
Declaration: set_nat64_timeouts_command (src/plugins/nat/nat64_cli.c line 956)
Implementation: nat64_set_timeouts_command_fn.
show dslite aftr-tunnel-endpoint-address.
Declaration: dslite_show_aftr_ip6_addr (src/plugins/nat/dslite_cli.c line 260)
Implementation: dslite_show_aftr_ip6_addr_command_fn.
show dslite pool.
Declaration: show_dslite_pool_command (src/plugins/nat/dslite_cli.c line 248)
Implementation: dslite_show_pool_command_fn.
show dslite sessions.
Declaration: dslite_show_sessions (src/plugins/nat/dslite_cli.c line 266)
Implementation: dslite_show_sessions_command_fn.
show nat virtual-reassembly.
Declaration: show_nat_reass_command (src/plugins/nat/nat_reass.c line 754)
Implementation: show_nat_reass_command_fn.
show nat44.
Declaration: show_snat_command (src/plugins/nat/nat.c line 3480)
Implementation: show_snat_command_fn.
show nat64 bib all|tcp|udp|icmp|unknown.
vpp# show nat64 bib
Show NAT64 BIB entries.
To show NAT64 TCP BIB entries use:
vpp# show nat64 bib tcp
NAT64 tcp BIB:
fd01:1::2 6303 10.0.0.3 62303 tcp vrf 0 dynamic 1 sessions
2001:db8:c000:221:: 1234 10.1.1.3 5678 tcp vrf 0 static 2 sessions
To show NAT64 UDP BIB entries use:
vpp# show nat64 bib udp
NAT64 udp BIB:
fd01:1::2 6304 10.0.0.3 10546 udp vrf 0 dynamic 10 sessions
2001:db8:c000:221:: 1234 10.1.1.3 5678 udp vrf 10 static 0 sessions
To show NAT64 ICMP BIB entries use:
vpp# show nat64 bib icmp
NAT64 icmp BIB:
fd01:1::2 6305 10.0.0.3 63209 icmp vrf 10 dynamic 1 sessions
Declaration: show_nat64_bib_command (src/plugins/nat/nat64_cli.c line 940)
Implementation: nat64_show_bib_command_fn.
show nat64 interfaces.
vpp# show nat64 interfaces
Show interfaces with NAT64 feature.
To show interfaces with NAT64 feature use:
vpp# show nat64 interfaces
NAT64 interfaces:
GigabitEthernet0/8/0 in
GigabitEthernet0/a/0 out
Declaration: show_nat64_interfaces_command (src/plugins/nat/nat64_cli.c line 898)
Implementation: nat64_show_interfaces_command_fn.
show nat64 pool.
vpp# show nat64 pool
Show NAT64 pool.
vpp# show nat64 pool
NAT64 pool:
10.1.1.3 tenant VRF: 0
10.1.1.10 tenant VRF: 10
Declaration: show_nat64_pool_command (src/plugins/nat/nat64_cli.c line 865)
Implementation: nat64_show_pool_command_fn.
show nat64 prefix.
vpp# show nat64 prefix
Show NAT64 prefix.
To show NAT64 prefix use:
vpp# show nat64 prefix
NAT64 prefix:
2001:db8::/32 tenant-vrf 0
2001:db8:122:300::/56 tenant-vrf 10
Declaration: show_nat64_prefix_command (src/plugins/nat/nat64_cli.c line 1038)
Implementation: nat64_show_prefix_command_fn.
show nat64 session table all|tcp|udp|icmp|unknown.
vpp# show nat64 session table
Show NAT64 session table.
To show NAT64 TCP session table use:
vpp# show nat64 session table tcp
NAT64 tcp session table:
fd01:1::2 6303 64:ff9b::ac10:202 20 10.0.0.3 62303 172.16.2.2 20 tcp vrf 0
fd01:3::2 6303 64:ff9b::ac10:202 20 10.0.10.3 21300 172.16.2.2 20 tcp vrf 10
To show NAT64 UDP session table use:
#vpp show nat64 session table udp
NAT64 udp session table:
fd01:1::2 6304 64:ff9b::ac10:202 20 10.0.0.3 10546 172.16.2.2 20 udp vrf 0
fd01:3::2 6304 64:ff9b::ac10:202 20 10.0.10.3 58627 172.16.2.2 20 udp vrf 10
fd01:1::2 1235 64:ff9b::a00:3 4023 10.0.0.3 24488 10.0.0.3 4023 udp vrf 0
fd01:1::3 23 64:ff9b::a00:3 24488 10.0.0.3 4023 10.0.0.3 24488 udp vrf 0
To show NAT64 ICMP session table use:
#vpp show nat64 session table icmp
NAT64 icmp session table:
fd01:1::2 64:ff9b::ac10:202 6305 10.0.0.3 172.16.2.2 63209 icmp vrf 0
Declaration: show_nat64_st_command (src/plugins/nat/nat64_cli.c line 1004)
Implementation: nat64_show_st_command_fn.
show nat64 timeouts.
vpp# show nat64 timeoutss
Show NAT64 session timeouts:
vpp# show nat64 timeouts
NAT64 session timeouts:
UDP 300sec
ICMP 60sec
TCP transitory 240sec
TCP established 7440sec
TCP incoming SYN 6sec
Declaration: show_nat64_timeouts_command (src/plugins/nat/nat64_cli.c line 976)
Implementation: nat64_show_timeouts_command_fn.