.. _clicmd_src_plugins_nat_nat44-ed: =============================================================== Nat44-ed cli reference =============================================================== nat ipfix logging ------------------------------------------------------------------------- .. code-block:: console nat ipfix logging disable|] [src-port ]> .. code-block:: console snat ipfix logging To enable NAT IPFIX logging use: vpp# nat ipfix logging To set IPFIX exporter use: vpp# set ipfix exporter collector 10.10.10.3 src 10.10.10.1 Declaration: ``snat_ipfix_logging_enable_disable_command`` `src/plugins/nat/nat44-ed/nat44_ed_cli.c line 1958 `_ Implementation: ``snat_ipfix_logging_enable_disable_command_fn`` nat mss-clamping ------------------------------------------------------------------------- .. code-block:: console nat mss-clamping |disable .. code-block:: console nat mss-clamping Set TCP MSS rewriting configuration To enable TCP MSS rewriting use: vpp# nat mss-clamping 1452 To disbale TCP MSS rewriting use: vpp# nat mss-clamping disable Declaration: ``nat_set_mss_clamping_command`` `src/plugins/nat/nat44-ed/nat44_ed_cli.c line 1975 `_ Implementation: ``nat_set_mss_clamping_command_fn`` nat set logging level ------------------------------------------------------------------------- .. code-block:: console nat set logging level .. code-block:: console nat set logging level To set NAT logging level use: Set nat logging level Declaration: ``snat_set_log_level_command`` `src/plugins/nat/nat44-ed/nat44_ed_cli.c line 1943 `_ Implementation: ``snat_set_log_level_command_fn`` nat44 add address ------------------------------------------------------------------------- .. code-block:: console nat44 add address [- ] [tenant-vrf ] [twice-nat] [del] .. code-block:: console nat44 add address Add/delete NAT44 pool address. To add NAT44 pool address use: vpp# nat44 add address 172.16.1.3 vpp# nat44 add address 172.16.2.2 - 172.16.2.24 To add NAT44 pool address for specific tenant (identified by VRF id) use: vpp# nat44 add address 172.16.1.3 tenant-vrf 10 Declaration: ``add_address_command`` `src/plugins/nat/nat44-ed/nat44_ed_cli.c line 2016 `_ Implementation: ``add_address_command_fn`` nat44 add identity mapping ------------------------------------------------------------------------- .. code-block:: console nat44 add identity mapping |external [ ] [vrf ] [del] .. code-block:: console nat44 add identity mapping Identity mapping translate an IP address to itself. To create identity mapping for address 10.0.0.3 port 6303 for TCP protocol use: vpp# nat44 add identity mapping 10.0.0.3 tcp 6303 To create identity mapping for address 10.0.0.3 use: vpp# nat44 add identity mapping 10.0.0.3 To create identity mapping for DHCP addressed interface use: vpp# nat44 add identity mapping external GigabitEthernet0/a/0 tcp 3606 Declaration: ``add_identity_mapping_command`` `src/plugins/nat/nat44-ed/nat44_ed_cli.c line 2140 `_ Implementation: ``add_identity_mapping_command_fn`` nat44 add interface address ------------------------------------------------------------------------- .. code-block:: console nat44 add interface address [twice-nat] [del] .. code-block:: console nat44 add interface address Use NAT44 pool address from specific interfce To add NAT44 pool address from specific interface use: vpp# nat44 add interface address GigabitEthernet0/8/0 Declaration: ``snat_add_interface_address_command`` `src/plugins/nat/nat44-ed/nat44_ed_cli.c line 2214 `_ Implementation: ``snat_add_interface_address_command_fn`` nat44 add load-balancing back-end ------------------------------------------------------------------------- .. code-block:: console nat44 add load-balancing back-end protocol tcp|udp external : local : [vrf ] probability [del] .. code-block:: console nat44 add load-balancing static mapping Modify service load balancing using NAT44 To add new back-end server 10.100.10.30:8080 for service load balancing static mapping with external IP address 1.2.3.4 and TCP port 80 use: vpp# nat44 add load-balancing back-end protocol tcp external 1.2.3.4:80 local 10.100.10.30:8080 probability 25 Declaration: ``add_lb_backend_command`` `src/plugins/nat/nat44-ed/nat44_ed_cli.c line 2176 `_ Implementation: ``add_lb_backend_command_fn`` nat44 add load-balancing static mapping ------------------------------------------------------------------------- .. code-block:: console nat44 add load-balancing static mapping protocol tcp|udp external : local : [vrf ] probability [twice-nat|self-twice-nat] [out2in-only] [affinity ] [del] .. code-block:: console nat44 add load-balancing static mapping Service load balancing using NAT44 To add static mapping with load balancing for service with external IP address 1.2.3.4 and TCP port 80 and mapped to 2 local servers 10.100.10.10:8080 and 10.100.10.20:8080 with probability 80% resp. 20% use: vpp# nat44 add load-balancing static mapping protocol tcp external 1.2.3.4:80 local 10.100.10.10:8080 probability 80 local 10.100.10.20:8080 probability 20 Declaration: ``add_lb_static_mapping_command`` `src/plugins/nat/nat44-ed/nat44_ed_cli.c line 2157 `_ Implementation: ``add_lb_static_mapping_command_fn`` nat44 add static mapping ------------------------------------------------------------------------- .. code-block:: console nat44 add static mapping tcp|udp|icmp local [] external [] [vrf ] [twice-nat|self-twice-nat] [out2in-only] [exact ] [del] .. code-block:: console nat44 add static mapping Static mapping allows hosts on the external network to initiate connection to to the local network host. To create static mapping between local host address 10.0.0.3 port 6303 and external address 4.4.4.4 port 3606 for TCP protocol use: vpp# nat44 add static mapping tcp local 10.0.0.3 6303 external 4.4.4.4 3606 If not runnig "static mapping only" NAT plugin mode use before: vpp# nat44 add address 4.4.4.4 To create address only static mapping between local and external address use: vpp# nat44 add static mapping local 10.0.0.3 external 4.4.4.4 To create ICMP static mapping between local and external with ICMP echo identifier 10 use: vpp# nat44 add static mapping icmp local 10.0.0.3 10 external 4.4.4.4 10 To force use of specific pool address, vrf independent vpp# nat44 add static mapping local 10.0.0.2 1234 external 10.0.2.2 1234 twice-nat exact 10.0.1.2 Declaration: ``add_static_mapping_command`` `src/plugins/nat/nat44-ed/nat44_ed_cli.c line 2118 `_ Implementation: ``add_static_mapping_command_fn`` nat44 del session ------------------------------------------------------------------------- .. code-block:: console nat44 del session in|out : tcp|udp|icmp [vrf ] [external-host :] .. code-block:: console nat44 del session To administratively delete NAT44 session by inside address and port use: vpp# nat44 del session in 10.0.0.3:6303 tcp To administratively delete NAT44 session by outside address and port use: vpp# nat44 del session out 1.0.0.3:6033 udp Declaration: ``nat44_del_session_command`` `src/plugins/nat/nat44-ed/nat44_ed_cli.c line 2311 `_ Implementation: ``nat44_del_session_command_fn`` nat44 forwarding ------------------------------------------------------------------------- .. code-block:: console nat44 forwarding enable|disable .. code-block:: console nat44 forwarding Enable or disable forwarding Forward packets which don't match existing translation or static mapping instead of dropping them. To enable forwarding, use: vpp# nat44 forwarding enable To disable forwarding, use: vpp# nat44 forwarding disable Declaration: ``snat_forwarding_set_command`` `src/plugins/nat/nat44-ed/nat44_ed_cli.c line 2329 `_ Implementation: ``snat_forwarding_set_command_fn`` nat44 plugin ------------------------------------------------------------------------- .. code-block:: console nat44 plugin ] [inside-vrf ] [outside-vrf ]>|disable .. code-block:: console nat44 Enable nat44 plugin To enable nat44-ed, use: vpp# nat44 plugin enable To disable nat44-ed, use: vpp# nat44 plugin disable To set inside-vrf outside-vrf, use: vpp# nat44 plugin enable inside-vrf outside-vrf Declaration: ``nat44_ed_enable_disable_command`` `src/plugins/nat/nat44-ed/nat44_ed_cli.c line 1853 `_ Implementation: ``nat44_ed_enable_disable_command_fn`` nat44 vrf route ------------------------------------------------------------------------- .. code-block:: console nat44 vrf route [add|del] table .. code-block:: console nat44 vrf route Add inter VRF route record to VRF routing table vpp# nat44 vrf route add table 10 20 Declaration: ``nat44_ed_add_del_vrf_route_command`` `src/plugins/nat/nat44-ed/nat44_ed_cli.c line 2240 `_ Implementation: ``nat44_ed_add_del_vrf_route_command_fn`` nat44 vrf table ------------------------------------------------------------------------- .. code-block:: console nat44 vrf table [add|del] .. code-block:: console nat44 vrf table Add empty inter VRF routing table vpp# nat44 vrf table add 10 Declaration: ``nat44_ed_add_del_vrf_table_command`` `src/plugins/nat/nat44-ed/nat44_ed_cli.c line 2227 `_ Implementation: ``nat44_ed_add_del_vrf_table_command_fn`` set interface nat44 ------------------------------------------------------------------------- .. code-block:: console set interface nat44 in out [output-feature] [del] .. code-block:: console set interface nat44 Enable/disable NAT44 feature on the interface. To enable NAT44 feature with local network interface use: vpp# set interface nat44 in GigabitEthernet0/8/0 To enable NAT44 feature with external network interface use: vpp# set interface nat44 out GigabitEthernet0/a/0 Declaration: ``set_interface_snat_command`` `src/plugins/nat/nat44-ed/nat44_ed_cli.c line 2076 `_ Implementation: ``snat_feature_command_fn`` set nat frame-queue-nelts ------------------------------------------------------------------------- .. code-block:: console set nat frame-queue-nelts .. code-block:: console set nat frame-queue-nelts Set number of worker handoff frame queue elements. Declaration: ``set_frame_queue_nelts_command`` `src/plugins/nat/nat44-ed/nat44_ed_cli.c line 1930 `_ Implementation: ``set_frame_queue_nelts_command_fn`` set nat timeout ------------------------------------------------------------------------- .. code-block:: console set nat timeout [udp | tcp-established tcp-transitory | icmp | reset] .. code-block:: console set nat timeout Set values of timeouts for NAT sessions (in seconds), use: vpp# set nat timeout udp 120 tcp-established 7500 tcp-transitory 250 icmp 90 To reset default values use: vpp# set nat timeout reset Declaration: ``set_timeout_command`` `src/plugins/nat/nat44-ed/nat44_ed_cli.c line 1899 `_ Implementation: ``set_timeout_command_fn`` set nat workers ------------------------------------------------------------------------- .. code-block:: console set nat workers .. code-block:: console set snat workers Set NAT workers if 2 or more workers available, use: vpp# set snat workers 0-2,5 Declaration: ``set_workers_command`` `src/plugins/nat/nat44-ed/nat44_ed_cli.c line 1868 `_ Implementation: ``set_workers_command_fn`` set nat44 session limit ------------------------------------------------------------------------- .. code-block:: console set nat44 session limit [vrf ] .. code-block:: console set nat44 session limit Set NAT44 session limit. Declaration: ``nat44_set_session_limit_command`` `src/plugins/nat/nat44-ed/nat44_ed_cli.c line 2296 `_ Implementation: ``nat44_set_session_limit_command_fn`` show nat mss-clamping ------------------------------------------------------------------------- .. code-block:: console show nat mss-clamping .. code-block:: console show nat mss-clamping Show TCP MSS rewriting configuration Declaration: ``nat_show_mss_clamping_command`` `src/plugins/nat/nat44-ed/nat44_ed_cli.c line 1987 `_ Implementation: ``nat_show_mss_clamping_command_fn`` show nat timeouts ------------------------------------------------------------------------- .. code-block:: console show nat timeouts .. code-block:: console show nat timeouts Show values of timeouts for NAT sessions. vpp# show nat timeouts udp timeout: 300sec tcp-established timeout: 7440sec tcp-transitory timeout: 240sec icmp timeout: 60sec Declaration: ``nat_show_timeouts_command`` `src/plugins/nat/nat44-ed/nat44_ed_cli.c line 1918 `_ Implementation: ``nat_show_timeouts_command_fn`` show nat workers ------------------------------------------------------------------------- .. code-block:: console show nat workers .. code-block:: console show nat workers Show NAT workers. vpp# show nat workers: 2 workers vpp_wk_0 vpp_wk_1 Declaration: ``nat_show_workers_command`` `src/plugins/nat/nat44-ed/nat44_ed_cli.c line 1884 `_ Implementation: ``nat_show_workers_command_fn`` show nat44 addresses ------------------------------------------------------------------------- .. code-block:: console show nat44 addresses .. code-block:: console show nat44 addresses Show NAT44 pool addresses. vpp# show nat44 addresses NAT44 pool addresses: 172.16.2.2 tenant VRF independent 10 busy udp ports 0 busy tcp ports 0 busy icmp ports 172.16.1.3 tenant VRF: 10 0 busy udp ports 2 busy tcp ports 0 busy icmp ports NAT44 twice-nat pool addresses: 10.20.30.72 tenant VRF independent 0 busy udp ports 0 busy tcp ports 0 busy icmp ports Declaration: ``nat44_show_addresses_command`` `src/plugins/nat/nat44-ed/nat44_ed_cli.c line 2060 `_ Implementation: ``nat44_show_addresses_command_fn`` show nat44 hash tables ------------------------------------------------------------------------- .. code-block:: console show nat44 hash tables [detail|verbose] .. code-block:: console show nat44 hash tables Show NAT44 hash tables Declaration: ``nat44_show_hash`` `src/plugins/nat/nat44-ed/nat44_ed_cli.c line 1999 `_ Implementation: ``nat44_show_hash_command_fn`` show nat44 interface address ------------------------------------------------------------------------- .. code-block:: console show nat44 interface address .. code-block:: console show nat44 interface address Show NAT44 pool address interfaces vpp# show nat44 interface address NAT44 pool address interfaces: GigabitEthernet0/a/0 NAT44 twice-nat pool address interfaces: GigabitEthernet0/8/0 Declaration: ``nat44_show_interface_address_command`` `src/plugins/nat/nat44-ed/nat44_ed_cli.c line 2270 `_ Implementation: ``nat44_show_interface_address_command_fn`` show nat44 interfaces ------------------------------------------------------------------------- .. code-block:: console show nat44 interfaces .. code-block:: console show nat44 interfaces Show interfaces with NAT44 feature. vpp# show nat44 interfaces NAT44 interfaces: GigabitEthernet0/8/0 in GigabitEthernet0/a/0 out Declaration: ``nat44_show_interfaces_command`` `src/plugins/nat/nat44-ed/nat44_ed_cli.c line 2093 `_ Implementation: ``nat44_show_interfaces_command_fn`` show nat44 sessions ------------------------------------------------------------------------- .. code-block:: console show nat44 sessions [filter {i2o | o2i} {saddr | sport | daddr | dport | proto } [filter .. [..]]] .. code-block:: console show nat44 sessions Show NAT44 sessions. Declaration: ``nat44_show_sessions_command`` `src/plugins/nat/nat44-ed/nat44_ed_cli.c line 2282 `_ Implementation: ``nat44_show_sessions_command_fn`` show nat44 static mappings ------------------------------------------------------------------------- .. code-block:: console show nat44 static mappings .. code-block:: console show nat44 static mappings Show NAT44 static mappings. vpp# show nat44 static mappings NAT44 static mappings: local 10.0.0.3 external 4.4.4.4 vrf 0 tcp local 192.168.0.4:6303 external 4.4.4.3:3606 vrf 0 tcp vrf 0 external 1.2.3.4:80 out2in-only local 10.100.10.10:8080 probability 80 local 10.100.10.20:8080 probability 20 tcp local 10.100.3.8:8080 external 169.10.10.1:80 vrf 0 twice-nat tcp local 10.0.0.10:3603 external GigabitEthernet0/a/0:6306 vrf 10 Declaration: ``nat44_show_static_mappings_command`` `src/plugins/nat/nat44-ed/nat44_ed_cli.c line 2200 `_ Implementation: ``nat44_show_static_mappings_command_fn`` show nat44 summary ------------------------------------------------------------------------- .. code-block:: console show nat44 summary .. code-block:: console show nat44 summary Show NAT44 summary vpp# show nat44 summary Declaration: ``nat44_show_summary_command`` `src/plugins/nat/nat44-ed/nat44_ed_cli.c line 2030 `_ Implementation: ``nat44_show_summary_command_fn`` show nat44 vrf tables ------------------------------------------------------------------------- .. code-block:: console show nat44 vrf tables .. code-block:: console show nat44 vrf tables Show inter VRF route tables vpp# show nat44 vrf tables Declaration: ``nat44_ed_show_vrf_tables_command`` `src/plugins/nat/nat44-ed/nat44_ed_cli.c line 2253 `_ Implementation: ``nat44_ed_show_vrf_tables_command_fn``