.. _clicmd_src_plugins_nat_nat44-ei: =============================================================== Nat44-ei cli reference =============================================================== clear nat44 ei sessions ------------------------------------------------------------------------- .. code-block:: console clear nat44 ei sessions .. code-block:: console clear nat44 ei sessions To clear all NAT44 sessions vpp# clear nat44 ei sessions Declaration: ``nat44_ei_clear_sessions_command`` `src/plugins/nat/nat44-ei/nat44_ei_cli.c line 2044 `_ Implementation: ``nat44_ei_clear_sessions_command_fn`` nat44 ei ------------------------------------------------------------------------- .. code-block:: console nat44 ei ] [users ] [static-mappig-only [connection-tracking]|out2in-dpo] [inside-vrf ] [outside-vrf ] [user-sessions ]>|disable .. code-block:: console nat44 ei Enable nat44 ei plugin To enable nat44-ei, use: vpp# nat44 ei enable To disable nat44-ei, use: vpp# nat44 ei disable To enable nat44 ei static mapping only, use: vpp# nat44 ei enable static-mapping To enable nat44 ei static mapping with connection tracking, use: vpp# nat44 ei enable static-mapping connection-tracking To enable nat44 ei out2in dpo, use: vpp# nat44 ei enable out2in-dpo To set inside-vrf outside-vrf, use: vpp# nat44 ei enable inside-vrf outside-vrf Declaration: ``nat44_ei_enable_disable_command`` `src/plugins/nat/nat44-ei/nat44_ei_cli.c line 1605 `_ Implementation: ``nat44_ei_enable_disable_command_fn`` nat44 ei add address ------------------------------------------------------------------------- .. code-block:: console nat44 ei add address [- ] [tenant-vrf ] [del] .. code-block:: console nat44 ei add address Add/delete NAT44 pool address. To add NAT44 pool address use: vpp# nat44 ei add address 172.16.1.3 vpp# nat44 ei add address 172.16.2.2 - 172.16.2.24 To add NAT44 pool address for specific tenant (identified by VRF id) use: vpp# nat44 ei add address 172.16.1.3 tenant-vrf 10 Declaration: ``add_address_command`` `src/plugins/nat/nat44-ei/nat44_ei_cli.c line 1850 `_ Implementation: ``add_address_command_fn`` nat44 ei add identity mapping ------------------------------------------------------------------------- .. code-block:: console nat44 ei add identity mapping |external [ ] [vrf ] [del] .. code-block:: console nat44 ei add identity mapping Identity mapping translate an IP address to itself. To create identity mapping for address 10.0.0.3 port 6303 for TCP protocol use: vpp# nat44 ei add identity mapping 10.0.0.3 tcp 6303 To create identity mapping for address 10.0.0.3 use: vpp# nat44 ei add identity mapping 10.0.0.3 To create identity mapping for DHCP addressed interface use: vpp# nat44 ei add identity mapping external GigabitEthernet0/a/0 tcp 3606 Declaration: ``add_identity_mapping_command`` `src/plugins/nat/nat44-ei/nat44_ei_cli.c line 1955 `_ Implementation: ``add_identity_mapping_command_fn`` nat44 ei add interface address ------------------------------------------------------------------------- .. code-block:: console nat44 ei add interface address [del] .. code-block:: console nat44 ei add interface address Use NAT44 pool address from specific interfce To add NAT44 pool address from specific interface use: vpp# nat44 ei add interface address GigabitEthernet0/8/0 Declaration: ``nat44_ei_add_interface_address_command`` `src/plugins/nat/nat44-ei/nat44_ei_cli.c line 1991 `_ Implementation: ``nat44_ei_add_interface_address_command_fn`` nat44 ei add static mapping ------------------------------------------------------------------------- .. code-block:: console nat44 ei add static mapping tcp|udp|icmp local [] external [] [vrf ] [del] .. code-block:: console nat44 ei add static mapping Static mapping allows hosts on the external network to initiate connection to to the local network host. To create static mapping between local host address 10.0.0.3 port 6303 and external address 4.4.4.4 port 3606 for TCP protocol use: vpp# nat44 ei add static mapping tcp local 10.0.0.3 6303 external 4.4.4.4 3606 If not runnig "static mapping only" NAT plugin mode use before: vpp# nat44 ei add address 4.4.4.4 To create address only static mapping between local and external address use: vpp# nat44 ei add static mapping local 10.0.0.3 external 4.4.4.4 To create ICMP static mapping between local and external with ICMP echo identifier 10 use: vpp# nat44 ei add static mapping icmp local 10.0.0.3 10 external 4.4.4.4 10 Declaration: ``add_static_mapping_command`` `src/plugins/nat/nat44-ei/nat44_ei_cli.c line 1934 `_ Implementation: ``add_static_mapping_command_fn`` nat44 ei addr-port-assignment-alg ------------------------------------------------------------------------- .. code-block:: console nat44 ei addr-port-assignment-alg [] .. code-block:: console nat44 ei addr-port-assignment-alg Set address and port assignment algorithm For the MAP-E CE limit port choice based on PSID use: vpp# nat44 ei addr-port-assignment-alg map-e psid 10 psid-offset 6 psid-len 6 For port range use: vpp# nat44 ei addr-port-assignment-alg port-range - To set standard (default) address and port assignment algorithm use: vpp# nat44 ei addr-port-assignment-alg default Declaration: ``nat44_ei_set_alloc_addr_and_port_alg_command`` `src/plugins/nat/nat44-ei/nat44_ei_cli.c line 1719 `_ Implementation: ``nat44_ei_set_alloc_addr_and_port_alg_command_fn`` nat44 ei del session ------------------------------------------------------------------------- .. code-block:: console nat44 ei del session in|out : tcp|udp|icmp [vrf ] [external-host :] .. code-block:: console nat44 ei del session To administratively delete NAT44 session by inside address and port use: vpp# nat44 ei del session in 10.0.0.3:6303 tcp To administratively delete NAT44 session by outside address and port use: vpp# nat44 ei del session out 1.0.0.3:6033 udp Declaration: ``nat44_ei_del_session_command`` `src/plugins/nat/nat44-ei/nat44_ei_cli.c line 2059 `_ Implementation: ``nat44_ei_del_session_command_fn`` nat44 ei del user ------------------------------------------------------------------------- .. code-block:: console nat44 ei del user [fib ] .. code-block:: console nat44 ei del user To delete all NAT44 user sessions: vpp# nat44 ei del user 10.0.0.3 Declaration: ``nat44_ei_del_user_command`` `src/plugins/nat/nat44-ei/nat44_ei_cli.c line 2031 `_ Implementation: ``nat44_ei_del_user_command_fn`` nat44 ei forwarding ------------------------------------------------------------------------- .. code-block:: console nat44 ei forwarding enable|disable .. code-block:: console nat44 ei forwarding Enable or disable forwarding Forward packets which don't match existing translation or static mapping instead of dropping them. To enable forwarding, use: vpp# nat44 ei forwarding enable To disable forwarding, use: vpp# nat44 ei forwarding disable Declaration: ``nat44_ei_forwarding_set_command`` `src/plugins/nat/nat44-ei/nat44_ei_cli.c line 2078 `_ Implementation: ``nat44_ei_forwarding_set_command_fn`` nat44 ei ha failover ------------------------------------------------------------------------- .. code-block:: console nat44 ei ha failover : [refresh-interval ] .. code-block:: console nat44 ei ha failover Set HA failover (remote settings) Declaration: ``nat_ha_failover_command`` `src/plugins/nat/nat44-ei/nat44_ei_cli.c line 1771 `_ Implementation: ``nat_ha_failover_command_fn`` nat44 ei ha flush ------------------------------------------------------------------------- .. code-block:: console nat44 ei ha flush .. code-block:: console nat44 ei ha flush Flush the current HA data (for testing) Declaration: ``nat_ha_flush_command`` `src/plugins/nat/nat44-ei/nat44_ei_cli.c line 1809 `_ Implementation: ``nat_ha_flush_command_fn`` nat44 ei ha listener ------------------------------------------------------------------------- .. code-block:: console nat44 ei ha listener : [path-mtu ] .. code-block:: console nat44 ei ha listener Set HA listener (local settings) Declaration: ``nat_ha_listener_command`` `src/plugins/nat/nat44-ei/nat44_ei_cli.c line 1784 `_ Implementation: ``nat_ha_listener_command_fn`` nat44 ei ha resync ------------------------------------------------------------------------- .. code-block:: console nat44 ei ha resync .. code-block:: console nat44 ei ha resync Resync HA (resend existing sessions to new failover) Declaration: ``nat_ha_resync_command`` `src/plugins/nat/nat44-ei/nat44_ei_cli.c line 1821 `_ Implementation: ``nat_ha_resync_command_fn`` nat44 ei ipfix logging ------------------------------------------------------------------------- .. code-block:: console nat44 ei ipfix logging ] [src-port ]>|disable .. code-block:: console snat44 ei ipfix logging To enable NAT IPFIX logging use: vpp# nat44 ei ipfix logging To set IPFIX exporter use: vpp# set ipfix exporter collector 10.10.10.3 src 10.10.10.1 Declaration: ``nat44_ei_ipfix_logging_enable_disable_command`` `src/plugins/nat/nat44-ei/nat44_ei_cli.c line 1699 `_ Implementation: ``nat44_ei_ipfix_logging_enable_disable_command_fn`` nat44 ei mss-clamping ------------------------------------------------------------------------- .. code-block:: console nat44 ei mss-clamping |disable .. code-block:: console nat44 ei mss-clamping Set TCP MSS rewriting configuration To enable TCP MSS rewriting use: vpp# nat44 ei mss-clamping 1452 To disbale TCP MSS rewriting use: vpp# nat44 ei mss-clamping disable Declaration: ``nat_set_mss_clamping_command`` `src/plugins/nat/nat44-ei/nat44_ei_cli.c line 1747 `_ Implementation: ``nat_set_mss_clamping_command_fn`` nat44 ei set logging level ------------------------------------------------------------------------- .. code-block:: console nat44 ei set logging level .. code-block:: console nat44 ei set logging level To set NAT logging level use: Set nat44 ei logging level Declaration: ``nat44_ei_set_log_level_command`` `src/plugins/nat/nat44-ei/nat44_ei_cli.c line 1684 `_ Implementation: ``nat44_ei_set_log_level_command_fn`` set interface nat44 ei ------------------------------------------------------------------------- .. code-block:: console set interface nat44 ei in out [output-feature] [del] .. code-block:: console set interface nat44 Enable/disable NAT44 feature on the interface. To enable NAT44 feature with local network interface use: vpp# set interface nat44 ei in GigabitEthernet0/8/0 To enable NAT44 feature with external network interface use: vpp# set interface nat44 ei out GigabitEthernet0/a/0 Declaration: ``set_interface_nat44_ei_command`` `src/plugins/nat/nat44-ei/nat44_ei_cli.c line 1891 `_ Implementation: ``nat44_ei_feature_command_fn`` set nat44 ei timeout ------------------------------------------------------------------------- .. code-block:: console set nat44 ei timeout [udp | tcp-established tcp-transitory | icmp | reset] .. code-block:: console set nat44 ei timeout Set values of timeouts for NAT sessions (in seconds), use: vpp# set nat44 ei timeout udp 120 tcp-established 7500 tcp-transitory 250 icmp 90 To reset default values use: vpp# set nat44 ei timeout reset Declaration: ``set_timeout_command`` `src/plugins/nat/nat44-ei/nat44_ei_cli.c line 1653 `_ Implementation: ``set_timeout_command_fn`` set nat44 ei workers ------------------------------------------------------------------------- .. code-block:: console set nat44 ei workers .. code-block:: console set snat44 ei workers Set NAT workers if 2 or more workers available, use: vpp# set snat44 ei workers 0-2,5 Declaration: ``set_workers_command`` `src/plugins/nat/nat44-ei/nat44_ei_cli.c line 1621 `_ Implementation: ``set_workers_command_fn`` show nat44 ei addr-port-assignment-alg ------------------------------------------------------------------------- .. code-block:: console show nat44 ei addr-port-assignment-alg .. code-block:: console show nat44 ei addr-port-assignment-alg Show address and port assignment algorithm Declaration: ``nat44_ei_show_alloc_addr_and_port_alg_command`` `src/plugins/nat/nat44-ei/nat44_ei_cli.c line 1731 `_ Implementation: ``nat44_ei_show_alloc_addr_and_port_alg_command_fn`` show nat44 ei addresses ------------------------------------------------------------------------- .. code-block:: console show nat44 ei addresses .. code-block:: console show nat44 ei addresses Show NAT44 pool addresses. vpp# show nat44 ei addresses NAT44 pool addresses: 172.16.2.2 tenant VRF independent 10 busy udp ports 0 busy tcp ports 0 busy icmp ports 172.16.1.3 tenant VRF: 10 0 busy udp ports 2 busy tcp ports 0 busy icmp ports Declaration: ``nat44_ei_show_addresses_command`` `src/plugins/nat/nat44-ei/nat44_ei_cli.c line 1875 `_ Implementation: ``nat44_ei_show_addresses_command_fn`` show nat44 ei ha ------------------------------------------------------------------------- .. code-block:: console show nat44 ei ha .. code-block:: console show nat44 ei ha Show HA configuration/status Declaration: ``nat_show_ha_command`` `src/plugins/nat/nat44-ei/nat44_ei_cli.c line 1797 `_ Implementation: ``nat_show_ha_command_fn`` show nat44 ei hash tables ------------------------------------------------------------------------- .. code-block:: console show nat44 ei hash tables [detail|verbose] .. code-block:: console show nat44 ei hash tables Show NAT44 hash tables Declaration: ``nat44_ei_show_hash`` `src/plugins/nat/nat44-ei/nat44_ei_cli.c line 1833 `_ Implementation: ``nat44_ei_show_hash_command_fn`` show nat44 ei interface address ------------------------------------------------------------------------- .. code-block:: console show nat44 ei interface address .. code-block:: console show nat44 ei interface address Show NAT44 pool address interfaces vpp# show nat44 ei interface address NAT44 pool address interfaces: GigabitEthernet0/a/0 Declaration: ``nat44_ei_show_interface_address_command`` `src/plugins/nat/nat44-ei/nat44_ei_cli.c line 2006 `_ Implementation: ``nat44_ei_show_interface_address_command_fn`` show nat44 ei interfaces ------------------------------------------------------------------------- .. code-block:: console show nat44 ei interfaces .. code-block:: console show nat44 ei interfaces Show interfaces with NAT44 feature. vpp# show nat44 ei interfaces NAT44 interfaces: GigabitEthernet0/8/0 in GigabitEthernet0/a/0 out Declaration: ``nat44_ei_show_interfaces_command`` `src/plugins/nat/nat44-ei/nat44_ei_cli.c line 1909 `_ Implementation: ``nat44_ei_show_interfaces_command_fn`` show nat44 ei mss-clamping ------------------------------------------------------------------------- .. code-block:: console show nat44 ei mss-clamping .. code-block:: console show nat44 ei mss-clamping Show TCP MSS rewriting configuration Declaration: ``nat_show_mss_clamping_command`` `src/plugins/nat/nat44-ei/nat44_ei_cli.c line 1759 `_ Implementation: ``nat_show_mss_clamping_command_fn`` show nat44 ei sessions ------------------------------------------------------------------------- .. code-block:: console show nat44 ei sessions [detail] [filter saddr ] .. code-block:: console show nat44 ei sessions Show NAT44 sessions. Declaration: ``nat44_ei_show_sessions_command`` `src/plugins/nat/nat44-ei/nat44_ei_cli.c line 2018 `_ Implementation: ``nat44_ei_show_sessions_command_fn`` show nat44 ei static mappings ------------------------------------------------------------------------- .. code-block:: console show nat44 ei static mappings .. code-block:: console show nat44 ei static mappings Show NAT44 static mappings. vpp# show nat44 ei static mappings NAT44 static mappings: local 10.0.0.3 external 4.4.4.4 vrf 0 tcp local 192.168.0.4:6303 external 4.4.4.3:3606 vrf 0 tcp vrf 0 external 1.2.3.4:80 local 10.100.10.10:8080 probability 80 local 10.100.10.20:8080 probability 20 tcp local 10.0.0.10:3603 external GigabitEthernet0/a/0:6306 vrf 10 Declaration: ``nat44_ei_show_static_mappings_command`` `src/plugins/nat/nat44-ei/nat44_ei_cli.c line 1977 `_ Implementation: ``nat44_ei_show_static_mappings_command_fn`` show nat44 ei timeouts ------------------------------------------------------------------------- .. code-block:: console show nat44 ei timeouts .. code-block:: console show nat44 ei timeouts Show values of timeouts for NAT sessions. vpp# show nat44 ei timeouts udp timeout: 300sec tcp-established timeout: 7440sec tcp-transitory timeout: 240sec icmp timeout: 60sec Declaration: ``nat_show_timeouts_command`` `src/plugins/nat/nat44-ei/nat44_ei_cli.c line 1671 `_ Implementation: ``nat_show_timeouts_command_fn`` show nat44 ei workers ------------------------------------------------------------------------- .. code-block:: console show nat44 ei workers .. code-block:: console show nat44 ei workers Show NAT workers. vpp# show nat44 ei workers: 2 workers vpp_wk_0 vpp_wk_1 Declaration: ``nat_show_workers_command`` `src/plugins/nat/nat44-ei/nat44_ei_cli.c line 1637 `_ Implementation: ``nat_show_workers_command_fn``