 |
FD.io VPP
v21.01.1
Vector Packet Processing
|
|
FD.io VPP
v21.01.1
Vector Packet Processing
|
clear nat44 sessions.
vpp# clear nat44 sessions
To clear all NAT44 sessions
vpp# clear nat44 sessions
Declaration: nat44_clear_sessions_command (src/plugins/nat/nat44_cli.c line 2509)
Implementation: nat44_clear_sessions_command_fn.
debug nat44 fib expire <fib-index>.
Declaration: nat44_debug_fib_expire_command (src/plugins/nat/nat44_cli.c line 1960)
Implementation: nat44_debug_fib_expire_command_fn.
debug nat44 fib registration.
Declaration: nat44_debug_fib_registration_command (src/plugins/nat/nat44_cli.c line 1968)
Implementation: nat44_debug_fib_registration_command_fn.
nat addr-port-assignment-alg <alg-name> [<alg-params>].
vpp# nat addr-port-assignment-alg
Set address and port assignment algorithm
For the MAP-E CE limit port choice based on PSID use:
vpp# nat addr-port-assignment-alg map-e psid 10 psid-offset 6 psid-len 6
For port range use:
vpp# nat addr-port-assignment-alg port-range <start-port> - <end-port>
To set standard (default) address and port assignment algorithm use:
vpp# nat addr-port-assignment-alg default
Declaration: nat44_set_alloc_addr_and_port_alg_command (src/plugins/nat/nat44_cli.c line 2115)
Implementation: nat44_set_alloc_addr_and_port_alg_command_fn.
nat ha failover <ip4-address>:<port> [refresh-interval <sec>].
vpp# nat ha failover
Set HA failover (remote settings)
Declaration: nat_ha_failover_command (src/plugins/nat/nat44_cli.c line 2167)
Implementation: nat_ha_failover_command_fn.
nat ha flush.
vpp# nat ha flush
Flush the current HA data (for testing)
Declaration: nat_ha_flush_command (src/plugins/nat/nat44_cli.c line 2203)
Implementation: nat_ha_flush_command_fn.
nat ha listener <ip4-address>:<port> [path-mtu <path-mtu>].
vpp# nat ha listener
Set HA listener (local settings)
Declaration: nat_ha_listener_command (src/plugins/nat/nat44_cli.c line 2179)
Implementation: nat_ha_listener_command_fn.
nat ha resync.
vpp# nat ha resync
Resync HA (resend existing sessions to new failover)
Declaration: nat_ha_resync_command (src/plugins/nat/nat44_cli.c line 2215)
Implementation: nat_ha_resync_command_fn.
nat ipfix logging [domain <domain-id>] [src-port <port>] [disable].
vpp# snat ipfix logging
To enable NAT IPFIX logging use:
vpp# nat ipfix logging
To set IPFIX exporter use:
vpp# set ipfix exporter collector 10.10.10.3 src 10.10.10.1
Declaration: snat_ipfix_logging_enable_disable_command (src/plugins/nat/nat44_cli.c line 2097)
Implementation: snat_ipfix_logging_enable_disable_command_fn.
nat mss-clamping <mss-value>|disable.
vpp# nat mss-clamping
Set TCP MSS rewriting configuration
To enable TCP MSS rewriting use:
vpp# nat mss-clamping 1452
To disbale TCP MSS rewriting use:
vpp# nat mss-clamping disable
Declaration: nat_set_mss_clamping_command (src/plugins/nat/nat44_cli.c line 2143)
Implementation: nat_set_mss_clamping_command_fn.
nat set logging level <level>.
vpp# nat set logging level
To set NAT logging level use:
Set nat logging level
Declaration: snat_set_log_level_command (src/plugins/nat/nat44_cli.c line 2082)
Implementation: snat_set_log_level_command_fn.
nat44 add address <ip4-range-start> [- <ip4-range-end>] [tenant-vrf <vrf-id>] [twice-nat] [del].
vpp# nat44 add address
Add/delete NAT44 pool address.
To add NAT44 pool address use:
vpp# nat44 add address 172.16.1.3
vpp# nat44 add address 172.16.2.2 - 172.16.2.24
To add NAT44 pool address for specific tenant (identified by VRF id) use:
vpp# nat44 add address 172.16.1.3 tenant-vrf 10
Declaration: add_address_command (src/plugins/nat/nat44_cli.c line 2244)
Implementation: add_address_command_fn.
nat44 add identity mapping <ip4-addr>|external <interface> [<protocol> <port>] [vrf <table-id>] [del].
vpp# nat44 add identity mapping
Identity mapping translate an IP address to itself.
To create identity mapping for address 10.0.0.3 port 6303 for TCP protocol
use:
vpp# nat44 add identity mapping 10.0.0.3 tcp 6303
To create identity mapping for address 10.0.0.3 use:
vpp# nat44 add identity mapping 10.0.0.3
To create identity mapping for DHCP addressed interface use:
vpp# nat44 add identity mapping external GigabitEthernet0/a/0 tcp 3606
Declaration: add_identity_mapping_command (src/plugins/nat/nat44_cli.c line 2368)
Implementation: add_identity_mapping_command_fn.
nat44 add interface address <interface> [twice-nat] [del].
vpp# nat44 add interface address
Use NAT44 pool address from specific interfce
To add NAT44 pool address from specific interface use:
vpp# nat44 add interface address GigabitEthernet0/8/0
Declaration: snat_add_interface_address_command (src/plugins/nat/nat44_cli.c line 2442)
Implementation: snat_add_interface_address_command_fn.
nat44 add load-balancing back-end protocol tcp|udp external <addr>:<port> local <addr>:<port> [vrf <table-id>] probability <n> [del].
vpp# nat44 add load-balancing static mapping
Modify service load balancing using NAT44
To add new back-end server 10.100.10.30:8080 for service load balancing
static mapping with external IP address 1.2.3.4 and TCP port 80 use:
vpp# nat44 add load-balancing back-end protocol tcp external 1.2.3.4:80 local 10.100.10.30:8080 probability 25
Declaration: add_lb_backend_command (src/plugins/nat/nat44_cli.c line 2404)
Implementation: add_lb_backend_command_fn.
nat44 add load-balancing static mapping protocol tcp|udp external <addr>:<port> local <addr>:<port> [vrf <table-id>] probability <n> [twice-nat|self-twice-nat] [out2in-only] [affinity <timeout-seconds>] [del].
vpp# nat44 add load-balancing static mapping
Service load balancing using NAT44
To add static mapping with load balancing for service with external IP
address 1.2.3.4 and TCP port 80 and mapped to 2 local servers
10.100.10.10:8080 and 10.100.10.20:8080 with probability 80% resp. 20% use:
vpp# nat44 add load-balancing static mapping protocol tcp external 1.2.3.4:80 local 10.100.10.10:8080 probability 80 local 10.100.10.20:8080 probability 20
Declaration: add_lb_static_mapping_command (src/plugins/nat/nat44_cli.c line 2385)
Implementation: add_lb_static_mapping_command_fn.
nat44 add static mapping tcp|udp|icmp local <addr> [<port|icmp-echo-id>] external <addr> [<port|icmp-echo-id>] [vrf <table-id>] [twice-nat|self-twice-nat] [out2in-only] [exact <pool-addr>] [del].
vpp# nat44 add static mapping
Static mapping allows hosts on the external network to initiate connection
to to the local network host.
To create static mapping between local host address 10.0.0.3 port 6303 and
external address 4.4.4.4 port 3606 for TCP protocol use:
vpp# nat44 add static mapping tcp local 10.0.0.3 6303 external 4.4.4.4 3606
If not runnig "static mapping only" NAT plugin mode use before:
vpp# nat44 add address 4.4.4.4
To create address only static mapping between local and external address use:
vpp# nat44 add static mapping local 10.0.0.3 external 4.4.4.4
To create ICMP static mapping between local and external with ICMP echo
identifier 10 use:
vpp# nat44 add static mapping icmp local 10.0.0.3 10 external 4.4.4.4 10
To force use of specific pool address, vrf independent
vpp# nat44 add static mapping local 10.0.0.2 1234 external 10.0.2.2 1234 twice-nat exact 10.0.1.2
Declaration: add_static_mapping_command (src/plugins/nat/nat44_cli.c line 2346)
Implementation: add_static_mapping_command_fn.
nat44 del session in|out <addr>:<port> tcp|udp|icmp [vrf <id>] [external-host <addr>:<port>].
vpp# nat44 del session
To administratively delete NAT44 session by inside address and port use:
vpp# nat44 del session in 10.0.0.3:6303 tcp
To administratively delete NAT44 session by outside address and port use:
vpp# nat44 del session out 1.0.0.3:6033 udp
Declaration: nat44_del_session_command (src/plugins/nat/nat44_cli.c line 2524)
Implementation: nat44_del_session_command_fn.
nat44 del user <addr> [fib <index>].
vpp# nat44 del user
To delete all NAT44 user sessions:
vpp# nat44 del user 10.0.0.3
Declaration: nat44_del_user_command (src/plugins/nat/nat44_cli.c line 2496)
Implementation: nat44_del_user_command_fn.
nat44 disable.
vpp# nat44 disable
Disable nat44 plugin
To disable nat44, use:
vpp# nat44 disable
Declaration: nat44_disable_command (src/plugins/nat/nat44_cli.c line 2006)
Implementation: nat44_disable_command_fn.
nat44 enable sessions <max-number> [users <max-number>] [static-mappig-only [connection-tracking]|out2in-dpo|endpoint-dependent] [inside-vrf <vrf-id>] [outside-vrf <vrf-id>] [user-sessions <max-number>].
vpp# nat44 enable
Enable nat44 plugin
To enable nat44, use:
vpp# nat44 enable sessions <n>
To enable nat44 static mapping only, use:
vpp# nat44 enable sessions <n> static-mapping
To enable nat44 static mapping with connection tracking, use:
vpp# nat44 enable sessions <n> static-mapping connection-tracking
To enable nat44 out2in dpo, use:
vpp# nat44 enable sessions <n> out2in-dpo
To enable nat44 endpoint-dependent, use:
vpp# nat44 enable sessions <n> endpoint-dependent
To set inside-vrf outside-vrf, use:
vpp# nat44 enable sessions <n> inside-vrf <id> outside-vrf <id>
Declaration: nat44_enable_command (src/plugins/nat/nat44_cli.c line 1992)
Implementation: nat44_enable_command_fn.
nat44 forwarding enable|disable.
vpp# nat44 forwarding
Enable or disable forwarding
Forward packets which don't match existing translation
or static mapping instead of dropping them.
To enable forwarding, use:
vpp# nat44 forwarding enable
To disable forwarding, use:
vpp# nat44 forwarding disable
Declaration: snat_forwarding_set_command (src/plugins/nat/nat44_cli.c line 2542)
Implementation: snat_forwarding_set_command_fn.
set interface nat44 in <intfc> out <intfc> [output-feature] [del].
vpp# set interface nat44
Enable/disable NAT44 feature on the interface.
To enable NAT44 feature with local network interface use:
vpp# set interface nat44 in GigabitEthernet0/8/0
To enable NAT44 feature with external network interface use:
vpp# set interface nat44 out GigabitEthernet0/a/0
Declaration: set_interface_snat_command (src/plugins/nat/nat44_cli.c line 2304)
Implementation: snat_feature_command_fn.
set nat timeout [udp <sec> | tcp-established <sec> tcp-transitory <sec> | icmp <sec> | reset].
vpp# set nat timeout
Set values of timeouts for NAT sessions (in seconds), use:
vpp# set nat timeout udp 120 tcp-established 7500 tcp-transitory 250 icmp 90
To reset default values use:
vpp# set nat timeout reset
Declaration: set_timeout_command (src/plugins/nat/nat44_cli.c line 2050)
Implementation: set_timeout_command_fn.
set nat workers <workers-list>.
vpp# set snat workers
Set NAT workers if 2 or more workers available, use:
vpp# set snat workers 0-2,5
Declaration: set_workers_command (src/plugins/nat/nat44_cli.c line 2019)
Implementation: set_workers_command_fn.
set nat44 session limit <limit> [vrf <table-id>].
vpp# set nat44 session limit
Set NAT44 session limit.
Declaration: nat44_set_session_limit_command (src/plugins/nat/nat44_cli.c line 2483)
Implementation: nat44_set_session_limit_command_fn.
show nat addr-port-assignment-alg.
vpp# show nat addr-port-assignment-alg
Show address and port assignment algorithm
Declaration: nat44_show_alloc_addr_and_port_alg_command (src/plugins/nat/nat44_cli.c line 2127)
Implementation: nat44_show_alloc_addr_and_port_alg_command_fn.
show nat ha.
vpp# show nat ha
Show HA configuration/status
Declaration: nat_show_ha_command (src/plugins/nat/nat44_cli.c line 2191)
Implementation: nat_show_ha_command_fn.
show nat mss-clamping.
vpp# show nat mss-clamping
Show TCP MSS rewriting configuration
Declaration: nat_show_mss_clamping_command (src/plugins/nat/nat44_cli.c line 2155)
Implementation: nat_show_mss_clamping_command_fn.
show nat timeouts.
vpp# show nat timeouts
Show values of timeouts for NAT sessions.
vpp# show nat timeouts
udp timeout: 300sec
tcp-established timeout: 7440sec
tcp-transitory timeout: 240sec
icmp timeout: 60sec
Declaration: nat_show_timeouts_command (src/plugins/nat/nat44_cli.c line 2069)
Implementation: nat_show_timeouts_command_fn.
show nat workers.
vpp# show nat workers
Show NAT workers.
vpp# show nat workers:
2 workers
vpp_wk_0
vpp_wk_1
Declaration: nat_show_workers_command (src/plugins/nat/nat44_cli.c line 2035)
Implementation: nat_show_workers_commnad_fn.
show nat44 addresses.
vpp# show nat44 addresses
Show NAT44 pool addresses.
vpp# show nat44 addresses
NAT44 pool addresses:
172.16.2.2
tenant VRF independent
10 busy udp ports
0 busy tcp ports
0 busy icmp ports
172.16.1.3
tenant VRF: 10
0 busy udp ports
2 busy tcp ports
0 busy icmp ports
NAT44 twice-nat pool addresses:
10.20.30.72
tenant VRF independent
0 busy udp ports
0 busy tcp ports
0 busy icmp ports
Declaration: nat44_show_addresses_command (src/plugins/nat/nat44_cli.c line 2288)
Implementation: nat44_show_addresses_command_fn.
show nat44 hash tables [detail|verbose].
vpp# show nat44 hash tables
Show NAT44 hash tables
Declaration: nat44_show_hash (src/plugins/nat/nat44_cli.c line 2227)
Implementation: nat44_show_hash_command_fn.
show nat44 interface address.
vpp# show nat44 interface address
Show NAT44 pool address interfaces
vpp# show nat44 interface address
NAT44 pool address interfaces:
GigabitEthernet0/a/0
NAT44 twice-nat pool address interfaces:
GigabitEthernet0/8/0
Declaration: nat44_show_interface_address_command (src/plugins/nat/nat44_cli.c line 2459)
Implementation: nat44_show_interface_address_command_fn.
show nat44 interfaces.
vpp# show nat44 interfaces
Show interfaces with NAT44 feature.
vpp# show nat44 interfaces
NAT44 interfaces:
GigabitEthernet0/8/0 in
GigabitEthernet0/a/0 out
Declaration: nat44_show_interfaces_command (src/plugins/nat/nat44_cli.c line 2321)
Implementation: nat44_show_interfaces_command_fn.
show nat44 sessions [detail|metrics].
vpp# show nat44 sessions
Show NAT44 sessions.
Declaration: nat44_show_sessions_command (src/plugins/nat/nat44_cli.c line 2471)
Implementation: nat44_show_sessions_command_fn.
show nat44 static mappings.
vpp# show nat44 static mappings
Show NAT44 static mappings.
vpp# show nat44 static mappings
NAT44 static mappings:
local 10.0.0.3 external 4.4.4.4 vrf 0
tcp local 192.168.0.4:6303 external 4.4.4.3:3606 vrf 0
tcp vrf 0 external 1.2.3.4:80 out2in-only
local 10.100.10.10:8080 probability 80
local 10.100.10.20:8080 probability 20
tcp local 10.100.3.8:8080 external 169.10.10.1:80 vrf 0 twice-nat
tcp local 10.0.0.10:3603 external GigabitEthernet0/a/0:6306 vrf 10
Declaration: nat44_show_static_mappings_command (src/plugins/nat/nat44_cli.c line 2428)
Implementation: nat44_show_static_mappings_command_fn.
show nat44 summary.
vpp# show nat44 summary
Show NAT44 summary
vpp# show nat44 summary
Declaration: nat44_show_summary_command (src/plugins/nat/nat44_cli.c line 2258)
Implementation: nat44_show_summary_command_fn.
1.8.13