T7315: Change CLI fot VPP NAT #25
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
natali-rs1985
requested review from
dmbaturin,
jestabro,
sever-sever and
zdc
as code owners
natali-rs1985
changed the title
natali-rs1985
force-pushed
the
T7315
branch
2 times, most recently
from
a007c7b to
974a1d1
Compare
New CLI ``` set vpp nat44 static rule 10 outside-interface 'eth0' set vpp nat44 static rule 10 inside-interface 'eth1' set vpp nat44 static rule 10 external address 192.168.122.10 set vpp nat44 static rule 10 external port 6545 # optional set vpp nat44 static rule 10 protocol tcp|udp|icmp|all # optional, defaults to "all" set vpp nat44 static rule 10 local address 100.64.0.10 set vpp nat44 static rule 10 local port 64010 # optional ```
sever-sever
reviewed
Apr 4, 2025
sever-sever
approved these changes
Apr 4, 2025
There was a problem hiding this comment.
1-to-1 NAT works fine
Tested case:
We want to map/translate all traffic one-to-one NAT from external addresses to internal and vice versa:
192.168.122.31 => 100.64.1.10
192.168.122.32 => 100.64.2.10
192.168.122.33 => 100.64.3.10
192.168.122.34 => 100.64.4.10
The vyos-vpp configuration:
set interfaces ethernet eth0 address '192.0.2.1/29'
set interfaces ethernet eth0 description 'wan-left'
set interfaces ethernet eth1 address '203.0.113.1/29'
set interfaces ethernet eth1 description 'wan-right'
set interfaces ethernet eth2 address '100.64.3.1/24'
set interfaces ethernet eth2 address '100.64.4.1/24'
set interfaces ethernet eth2 description 'switch-1'
set interfaces ethernet eth3 address '100.64.1.1/24'
set interfaces ethernet eth3 description 'client-1'
set interfaces ethernet eth4 address '100.64.2.1/24'
set interfaces ethernet eth4 description 'client-2'
set interfaces ethernet eth8 address '192.168.122.101/24'
set interfaces ethernet eth8 description 'NAT-MGMT'
set protocols static route 0.0.0.0/0 next-hop 192.168.122.1
set service ssh
set system host-name 'vyos-vpp'
set vpp nat44 static rule 1 external address '192.168.122.31'
set vpp nat44 static rule 1 inside-interface 'eth3'
set vpp nat44 static rule 1 local address '100.64.1.10'
set vpp nat44 static rule 1 outside-interface 'eth8'
set vpp nat44 static rule 2 external address '192.168.122.32'
set vpp nat44 static rule 2 inside-interface 'eth4'
set vpp nat44 static rule 2 local address '100.64.2.10'
set vpp nat44 static rule 2 outside-interface 'eth8'
set vpp nat44 static rule 3 external address '192.168.122.33'
set vpp nat44 static rule 3 inside-interface 'eth2'
set vpp nat44 static rule 3 local address '100.64.3.10'
set vpp nat44 static rule 3 outside-interface 'eth8'
set vpp nat44 static rule 4 external address '192.168.122.34'
set vpp nat44 static rule 4 inside-interface 'eth2'
set vpp nat44 static rule 4 local address '100.64.4.10'
set vpp nat44 static rule 4 outside-interface 'eth8'
set vpp settings interface eth0 driver 'dpdk'
set vpp settings interface eth1 driver 'dpdk'
set vpp settings interface eth2 driver 'dpdk'
set vpp settings interface eth3 driver 'dpdk'
set vpp settings interface eth4 driver 'dpdk'
set vpp settings interface eth8 driver 'dpdk'
set vpp settings unix poll-sleep-usec '120'
I can connect from the host 192.168.122.1 to the host 192.168.122.31, and it translates to the internal client-1 host 100.64.1.10
$ ssh [email protected]
Warning: Permanently added '192.168.122.31' (ED25519) to the list of known hosts.
[email protected]'s password:
Hello, connected to client-1
Last login: Fri Apr 4 14:49:16 2025 from 192.168.122.1
vyos@client-1:~$
vyos@client-1:~$
vyos@client-1:~$ ping 1.1.1.1 count 2
PING 1.1.1.1 (1.1.1.1) 56(84) bytes of data.
64 bytes from 1.1.1.1: icmp_seq=1 ttl=57 time=18.0 ms
64 bytes from 1.1.1.1: icmp_seq=2 ttl=57 time=16.9 ms
--- 1.1.1.1 ping statistics ---
2 packets transmitted, 2 received, 0% packet loss, time 1001ms
rtt min/avg/max/mdev = 16.864/17.410/17.956/0.546 ms
vyos@client-1:~$
Approved as previous CLI confused as inbound-interface is not the same as inside-interface NAT interface. Now CLI looks more clear.
dmbaturin
approved these changes
Apr 8, 2025
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
New CLI
Change Summary
Types of changes
Related Task(s)
Related PR(s)
Proposed changes
How to test
Checklist: