 |
FD.io VPP
v21.06-3-gbb25fbf28
Vector Packet Processing
|
|
FD.io VPP
v21.06-3-gbb25fbf28
Vector Packet Processing
|
clear nat44 ei sessions.
vpp# clear nat44 ei sessions
To clear all NAT44 sessions
vpp# clear nat44 ei sessions
Declaration: nat44_ei_clear_sessions_command (src/plugins/nat/nat44-ei/nat44_ei_cli.c line 1957)
Implementation: nat44_ei_clear_sessions_command_fn.
nat44 ei <enable [sessions <max-number>] [users <max-number>] [static-mappig-only [connection-tracking]|out2in-dpo] [inside-vrf <vrf-id>] [outside-vrf <vrf-id>] [user-sessions <max-number>]>|disable.
vpp# nat44 ei
Enable nat44 ei plugin
To enable nat44-ei, use:
vpp# nat44 ei enable
To disable nat44-ei, use:
vpp# nat44 ei disable
To enable nat44 ei static mapping only, use:
vpp# nat44 ei enable static-mapping
To enable nat44 ei static mapping with connection tracking, use:
vpp# nat44 ei enable static-mapping connection-tracking
To enable nat44 ei out2in dpo, use:
vpp# nat44 ei enable out2in-dpo
To set inside-vrf outside-vrf, use:
vpp# nat44 ei enable inside-vrf <id> outside-vrf <id>
Declaration: nat44_ei_enable_disable_command (src/plugins/nat/nat44-ei/nat44_ei_cli.c line 1518)
Implementation: nat44_ei_enable_disable_command_fn.
nat44 ei add address <ip4-range-start> [- <ip4-range-end>] [tenant-vrf <vrf-id>] [del].
vpp# nat44 ei add address
Add/delete NAT44 pool address.
To add NAT44 pool address use:
vpp# nat44 ei add address 172.16.1.3
vpp# nat44 ei add address 172.16.2.2 - 172.16.2.24
To add NAT44 pool address for specific tenant (identified by VRF id) use:
vpp# nat44 ei add address 172.16.1.3 tenant-vrf 10
Declaration: add_address_command (src/plugins/nat/nat44-ei/nat44_ei_cli.c line 1763)
Implementation: add_address_command_fn.
nat44 ei add identity mapping <ip4-addr>|external <interface> [<protocol> <port>] [vrf <table-id>] [del].
vpp# nat44 ei add identity mapping
Identity mapping translate an IP address to itself.
To create identity mapping for address 10.0.0.3 port 6303 for TCP protocol
use:
vpp# nat44 ei add identity mapping 10.0.0.3 tcp 6303
To create identity mapping for address 10.0.0.3 use:
vpp# nat44 ei add identity mapping 10.0.0.3
To create identity mapping for DHCP addressed interface use:
vpp# nat44 ei add identity mapping external GigabitEthernet0/a/0 tcp 3606
Declaration: add_identity_mapping_command (src/plugins/nat/nat44-ei/nat44_ei_cli.c line 1868)
Implementation: add_identity_mapping_command_fn.
nat44 ei add interface address <interface> [del].
vpp# nat44 ei add interface address
Use NAT44 pool address from specific interfce
To add NAT44 pool address from specific interface use:
vpp# nat44 ei add interface address GigabitEthernet0/8/0
Declaration: nat44_ei_add_interface_address_command (src/plugins/nat/nat44-ei/nat44_ei_cli.c line 1904)
Implementation: nat44_ei_add_interface_address_command_fn.
nat44 ei add static mapping tcp|udp|icmp local <addr> [<port|icmp-echo-id>] external <addr> [<port|icmp-echo-id>] [vrf <table-id>] [del].
vpp# nat44 ei add static mapping
Static mapping allows hosts on the external network to initiate connection
to to the local network host.
To create static mapping between local host address 10.0.0.3 port 6303 and
external address 4.4.4.4 port 3606 for TCP protocol use:
vpp# nat44 ei add static mapping tcp local 10.0.0.3 6303 external 4.4.4.4
3606
If not runnig "static mapping only" NAT plugin mode use before:
vpp# nat44 ei add address 4.4.4.4
To create address only static mapping between local and external address
use:
vpp# nat44 ei add static mapping local 10.0.0.3 external 4.4.4.4
To create ICMP static mapping between local and external with ICMP echo
identifier 10 use:
vpp# nat44 ei add static mapping icmp local 10.0.0.3 10 external 4.4.4.4 10
Declaration: add_static_mapping_command (src/plugins/nat/nat44-ei/nat44_ei_cli.c line 1847)
Implementation: add_static_mapping_command_fn.
nat44 ei addr-port-assignment-alg <alg-name> [<alg-params>].
vpp# nat44 ei addr-port-assignment-alg
Set address and port assignment algorithm
For the MAP-E CE limit port choice based on PSID use:
vpp# nat44 ei addr-port-assignment-alg map-e psid 10 psid-offset 6 psid-len
6
For port range use:
vpp# nat44 ei addr-port-assignment-alg port-range <start-port> - <end-port>
To set standard (default) address and port assignment algorithm use:
vpp# nat44 ei addr-port-assignment-alg default
Declaration: nat44_ei_set_alloc_addr_and_port_alg_command (src/plugins/nat/nat44-ei/nat44_ei_cli.c line 1632)
Implementation: nat44_ei_set_alloc_addr_and_port_alg_command_fn.
nat44 ei del session in|out <addr>:<port> tcp|udp|icmp [vrf <id>] [external-host <addr>:<port>].
vpp# nat44 ei del session
To administratively delete NAT44 session by inside address and port use:
vpp# nat44 ei del session in 10.0.0.3:6303 tcp
To administratively delete NAT44 session by outside address and port use:
vpp# nat44 ei del session out 1.0.0.3:6033 udp
Declaration: nat44_ei_del_session_command (src/plugins/nat/nat44-ei/nat44_ei_cli.c line 1972)
Implementation: nat44_ei_del_session_command_fn.
nat44 ei del user <addr> [fib <index>].
vpp# nat44 ei del user
To delete all NAT44 user sessions:
vpp# nat44 ei del user 10.0.0.3
Declaration: nat44_ei_del_user_command (src/plugins/nat/nat44-ei/nat44_ei_cli.c line 1944)
Implementation: nat44_ei_del_user_command_fn.
nat44 ei forwarding enable|disable.
vpp# nat44 ei forwarding
Enable or disable forwarding
Forward packets which don't match existing translation
or static mapping instead of dropping them.
To enable forwarding, use:
vpp# nat44 ei forwarding enable
To disable forwarding, use:
vpp# nat44 ei forwarding disable
Declaration: nat44_ei_forwarding_set_command (src/plugins/nat/nat44-ei/nat44_ei_cli.c line 1991)
Implementation: nat44_ei_forwarding_set_command_fn.
nat44 ei ha failover <ip4-address>:<port> [refresh-interval <sec>].
vpp# nat44 ei ha failover
Set HA failover (remote settings)
Declaration: nat_ha_failover_command (src/plugins/nat/nat44-ei/nat44_ei_cli.c line 1684)
Implementation: nat_ha_failover_command_fn.
nat44 ei ha flush.
vpp# nat44 ei ha flush
Flush the current HA data (for testing)
Declaration: nat_ha_flush_command (src/plugins/nat/nat44-ei/nat44_ei_cli.c line 1722)
Implementation: nat_ha_flush_command_fn.
nat44 ei ha listener <ip4-address>:<port> [path-mtu <path-mtu>].
vpp# nat44 ei ha listener
Set HA listener (local settings)
Declaration: nat_ha_listener_command (src/plugins/nat/nat44-ei/nat44_ei_cli.c line 1697)
Implementation: nat_ha_listener_command_fn.
nat44 ei ha resync.
vpp# nat44 ei ha resync
Resync HA (resend existing sessions to new failover)
Declaration: nat_ha_resync_command (src/plugins/nat/nat44-ei/nat44_ei_cli.c line 1734)
Implementation: nat_ha_resync_command_fn.
nat44 ei ipfix logging <enable [domain <domain-id>] [src-port <port>]>|disable.
vpp# snat44 ei ipfix logging
To enable NAT IPFIX logging use:
vpp# nat44 ei ipfix logging
To set IPFIX exporter use:
vpp# set ipfix exporter collector 10.10.10.3 src 10.10.10.1
Declaration: nat44_ei_ipfix_logging_enable_disable_command (src/plugins/nat/nat44-ei/nat44_ei_cli.c line 1612)
Implementation: nat44_ei_ipfix_logging_enable_disable_command_fn.
nat44 ei mss-clamping <mss-value>|disable.
vpp# nat44 ei mss-clamping
Set TCP MSS rewriting configuration
To enable TCP MSS rewriting use:
vpp# nat44 ei mss-clamping 1452
To disbale TCP MSS rewriting use:
vpp# nat44 ei mss-clamping disable
Declaration: nat_set_mss_clamping_command (src/plugins/nat/nat44-ei/nat44_ei_cli.c line 1660)
Implementation: nat_set_mss_clamping_command_fn.
nat44 ei set logging level <level>.
vpp# nat44 ei set logging level
To set NAT logging level use:
Set nat44 ei logging level
Declaration: nat44_ei_set_log_level_command (src/plugins/nat/nat44-ei/nat44_ei_cli.c line 1597)
Implementation: nat44_ei_set_log_level_command_fn.
set interface nat44 ei in <intfc> out <intfc> [output-feature] [del].
vpp# set interface nat44
Enable/disable NAT44 feature on the interface.
To enable NAT44 feature with local network interface use:
vpp# set interface nat44 ei in GigabitEthernet0/8/0
To enable NAT44 feature with external network interface use:
vpp# set interface nat44 ei out GigabitEthernet0/a/0
Declaration: set_interface_nat44_ei_command (src/plugins/nat/nat44-ei/nat44_ei_cli.c line 1804)
Implementation: nat44_ei_feature_command_fn.
set nat44 ei timeout [udp <sec> | tcp-established <sec> tcp-transitory <sec> | icmp <sec> | reset].
vpp# set nat44 ei timeout
Set values of timeouts for NAT sessions (in seconds), use:
vpp# set nat44 ei timeout udp 120 tcp-established 7500 tcp-transitory 250
icmp 90
To reset default values use:
vpp# set nat44 ei timeout reset
Declaration: set_timeout_command (src/plugins/nat/nat44-ei/nat44_ei_cli.c line 1566)
Implementation: set_timeout_command_fn.
set nat44 ei workers <workers-list>.
vpp# set snat44 ei workers
Set NAT workers if 2 or more workers available, use:
vpp# set snat44 ei workers 0-2,5
Declaration: set_workers_command (src/plugins/nat/nat44-ei/nat44_ei_cli.c line 1534)
Implementation: set_workers_command_fn.
show nat44 ei addr-port-assignment-alg.
vpp# show nat44 ei addr-port-assignment-alg
Show address and port assignment algorithm
Declaration: nat44_ei_show_alloc_addr_and_port_alg_command (src/plugins/nat/nat44-ei/nat44_ei_cli.c line 1644)
Implementation: nat44_ei_show_alloc_addr_and_port_alg_command_fn.
show nat44 ei addresses.
vpp# show nat44 ei addresses
Show NAT44 pool addresses.
vpp# show nat44 ei addresses
NAT44 pool addresses:
172.16.2.2
tenant VRF independent
10 busy udp ports
0 busy tcp ports
0 busy icmp ports
172.16.1.3
tenant VRF: 10
0 busy udp ports
2 busy tcp ports
0 busy icmp ports
Declaration: nat44_ei_show_addresses_command (src/plugins/nat/nat44-ei/nat44_ei_cli.c line 1788)
Implementation: nat44_ei_show_addresses_command_fn.
show nat44 ei ha.
vpp# show nat44 ei ha
Show HA configuration/status
Declaration: nat_show_ha_command (src/plugins/nat/nat44-ei/nat44_ei_cli.c line 1710)
Implementation: nat_show_ha_command_fn.
show nat44 ei hash tables [detail|verbose].
vpp# show nat44 ei hash tables
Show NAT44 hash tables
Declaration: nat44_ei_show_hash (src/plugins/nat/nat44-ei/nat44_ei_cli.c line 1746)
Implementation: nat44_ei_show_hash_command_fn.
show nat44 ei interface address.
vpp# show nat44 ei interface address
Show NAT44 pool address interfaces
vpp# show nat44 ei interface address
NAT44 pool address interfaces:
GigabitEthernet0/a/0
Declaration: nat44_ei_show_interface_address_command (src/plugins/nat/nat44-ei/nat44_ei_cli.c line 1919)
Implementation: nat44_ei_show_interface_address_command_fn.
show nat44 ei interfaces.
vpp# show nat44 ei interfaces
Show interfaces with NAT44 feature.
vpp# show nat44 ei interfaces
NAT44 interfaces:
GigabitEthernet0/8/0 in
GigabitEthernet0/a/0 out
Declaration: nat44_ei_show_interfaces_command (src/plugins/nat/nat44-ei/nat44_ei_cli.c line 1822)
Implementation: nat44_ei_show_interfaces_command_fn.
show nat44 ei mss-clamping.
vpp# show nat44 ei mss-clamping
Show TCP MSS rewriting configuration
Declaration: nat_show_mss_clamping_command (src/plugins/nat/nat44-ei/nat44_ei_cli.c line 1672)
Implementation: nat_show_mss_clamping_command_fn.
show nat44 ei sessions [detail].
vpp# show nat44 ei sessions
Show NAT44 sessions.
Declaration: nat44_ei_show_sessions_command (src/plugins/nat/nat44-ei/nat44_ei_cli.c line 1931)
Implementation: nat44_ei_show_sessions_command_fn.
show nat44 ei static mappings.
vpp# show nat44 ei static mappings
Show NAT44 static mappings.
vpp# show nat44 ei static mappings
NAT44 static mappings:
local 10.0.0.3 external 4.4.4.4 vrf 0
tcp local 192.168.0.4:6303 external 4.4.4.3:3606 vrf 0
tcp vrf 0 external 1.2.3.4:80
local 10.100.10.10:8080 probability 80
local 10.100.10.20:8080 probability 20
tcp local 10.0.0.10:3603 external GigabitEthernet0/a/0:6306 vrf 10
Declaration: nat44_ei_show_static_mappings_command (src/plugins/nat/nat44-ei/nat44_ei_cli.c line 1890)
Implementation: nat44_ei_show_static_mappings_command_fn.
show nat44 ei timeouts.
vpp# show nat44 ei timeouts
Show values of timeouts for NAT sessions.
vpp# show nat44 ei timeouts
udp timeout: 300sec
tcp-established timeout: 7440sec
tcp-transitory timeout: 240sec
icmp timeout: 60sec
Declaration: nat_show_timeouts_command (src/plugins/nat/nat44-ei/nat44_ei_cli.c line 1584)
Implementation: nat_show_timeouts_command_fn.
show nat44 ei workers.
vpp# show nat44 ei workers
Show NAT workers.
vpp# show nat44 ei workers:
2 workers
vpp_wk_0
vpp_wk_1
Declaration: nat_show_workers_command (src/plugins/nat/nat44-ei/nat44_ei_cli.c line 1550)
Implementation: nat_show_workers_commnad_fn.
1.8.17