FD.io VPP
v17.10-9-gd594711
Vector Packet Processing
|
nat ipfix logging [domain <domain-id>] [src-port <port>] [disable].
vpp# snat ipfix logging
To enable NAT IPFIX logging use:
vpp# nat ipfix logging
To set IPFIX exporter use:
vpp# set ipfix exporter collector 10.10.10.3 src 10.10.10.1
Declaration: snat_ipfix_logging_enable_disable_command (src/plugins/nat/nat.c line 1975)
Implementation: snat_ipfix_logging_enable_disable_command_fn.
nat44 add address <ip4-range-start> [- <ip4-range-end>] [tenant-vrf <vrf-id>] [del].
Declaration: add_address_command (src/plugins/nat/nat.c line 1483)
Implementation: add_address_command_fn.
nat44 add interface address <interface> [del].
Declaration: snat_add_interface_address_command (src/plugins/nat/nat.c line 2826)
Implementation: snat_add_interface_address_command_fn.
nat44 add load-balancing static mapping protocol tcp|udp external <addr>:<port> local <addr>:<port> probability <n> [vrf <table-id>] [del].
Declaration: add_lb_static_mapping_command (src/plugins/nat/nat.c line 1844)
Implementation: add_lb_static_mapping_command_fn.
nat44 add static mapping tcp|udp|icmp local <addr> [<port>] external <addr> [<port>] [vrf <table-id>] [del].
vpp# snat add static mapping
Static mapping allows hosts on the external network to initiate connection
to to the local network host.
To create static mapping between local host address 10.0.0.3 port 6303 and
external address 4.4.4.4 port 3606 for TCP protocol use:
vpp# nat44 add static mapping tcp local 10.0.0.3 6303 external 4.4.4.4 3606
If not runnig "static mapping only" NAT plugin mode use before:
vpp# nat44 add address 4.4.4.4
To create static mapping between local and external address use:
vpp# nat44 add static mapping local 10.0.0.3 external 4.4.4.4
Declaration: add_static_mapping_command (src/plugins/nat/nat.c line 1749)
Implementation: add_static_mapping_command_fn.
nat44 deterministic add in <addr>/<plen> out <addr>/<plen> [del].
vpp# snat deterministic add
Create bijective mapping of inside address to outside address and port range
pairs, with the purpose of enabling deterministic NAT to reduce logging in
CGN deployments.
To create deterministic mapping between inside network 10.0.0.0/18 and
outside network 1.1.1.0/30 use:
# vpp# nat44 deterministic add in 10.0.0.0/18 out 1.1.1.0/30
Declaration: snat_det_map_command (src/plugins/nat/nat.c line 2892)
Implementation: snat_det_map_command_fn.
nat44 deterministic close session in <in_addr>:<in_port> <ext_addr>:<ext_port>.
vpp# snat deterministic close_session_in
Close session using inside ip address and port
and external ip address and port, use:
vpp# nat44 deterministic close session in 3.3.3.3:3487 2.2.2.2:2387
Declaration: snat_det_close_session_in_command (src/plugins/nat/nat.c line 3224)
Implementation: snat_det_close_session_in_fn.
nat44 deterministic close session out <out_addr>:<out_port> <ext_addr>:<ext_port>.
vpp# snat deterministic close session out
Close session using outside ip address and port
and external ip address and port, use:
vpp# nat44 deterministic close session out 1.1.1.1:1276 2.2.2.2:2387
Declaration: snat_det_close_sesion_out_command (src/plugins/nat/nat.c line 3155)
Implementation: snat_det_close_session_out_fn.
nat44 deterministic forward <addr>.
vpp# snat deterministic forward
Return outside address and port range from inside address for deterministic
NAT.
To obtain outside address and port of inside host use:
vpp# nat44 deterministic forward 10.0.0.2
1.1.1.0:<1054-1068>
Declaration: snat_det_forward_command (src/plugins/nat/nat.c line 2954)
Implementation: snat_det_forward_command_fn.
nat44 deterministic reverse <addr>:<port>.
vpp# snat deterministic reverse
Return inside address from outside address and port for deterministic NAT.
To obtain inside host address from outside address and port use:
#vpp nat44 deterministic reverse 1.1.1.1:1276
10.0.16.16
Declaration: snat_det_reverse_command (src/plugins/nat/nat.c line 3019)
Implementation: snat_det_reverse_command_fn.
nat64 add pool address <ip4-range-start> [- <ip4-range-end>] [tenant-vrf <vrf-id>] [del].
vpp# nat64 add pool address
Add/delete NAT64 pool address.
To add single NAT64 pool address use:
vpp# nat64 add pool address 10.1.1.10
To add NAT64 pool address range use:
vpp# nat64 add pool address 10.1.1.2 - 10.1.1.5
To add NAT64 pool address for specific tenant use:
vpp# nat64 add pool address 10.1.1.100 tenant-vrf 100
Declaration: nat64_add_pool_address_command (src/plugins/nat/nat64_cli.c line 780)
Implementation: nat64_add_del_pool_addr_command_fn.
nat64 add prefix <ip6-prefix>/<plen> [tenant-vrf <vrf-id>] [del].
vpp# nat64 add prefix
Set NAT64 prefix for generating IPv6 representations of IPv4 addresses.
To set NAT64 global prefix use:
vpp# nat64 add prefix 2001:db8::/32
To set NAT64 prefix for specific tenant use:
vpp# nat64 add prefix 2001:db8:122:300::/56 tenant-vrf 10
Declaration: nat64_add_del_prefix_command (src/plugins/nat/nat64_cli.c line 952)
Implementation: nat64_add_del_prefix_command_fn.
nat64 add static bib <ip6-addr> <port> <ip4-addr> <port> tcp|udp|icmp [vfr <table-id>] [del].
vpp# nat64 add static bib
Add/delete NAT64 static BIB entry.
To create NAT64 satatic BIB entry use:
vpp# nat64 add static bib 2001:db8:c000:221:: 1234 10.1.1.3 5678 tcp
vpp# nat64 add static bib 2001:db8:c000:221:: 1234 10.1.1.3 5678 udp vrf 10
Declaration: nat64_add_del_static_bib_command (src/plugins/nat/nat64_cli.c line 845)
Implementation: nat64_add_del_static_bib_command_fn.
set interface nat44 in <intfc> out <intfc> [output-feature] [del].
Declaration: set_interface_snat_command (src/plugins/nat/nat.c line 1603)
Implementation: snat_feature_command_fn.
set interface nat64 in|out <intfc> [del].
vpp# set interface nat64
Enable/disable NAT64 feature on the interface.
To enable NAT64 feature with local (IPv6) network interface
GigabitEthernet0/8/0 and external (IPv4) network interface
GigabitEthernet0/a/0 use:
vpp# set interface nat64 in GigabitEthernet0/8/0 out GigabitEthernet0/a/0
Declaration: set_interface_nat64_command (src/plugins/nat/nat64_cli.c line 813)
Implementation: nat64_interface_feature_command_fn.
set nat workers <workers-list>.
vpp# set snat workers
Set NAT workers if 2 or more workers available, use:
vpp# set snat workers 0-2,5
Declaration: set_workers_command (src/plugins/nat/nat.c line 1913)
Implementation: set_workers_command_fn.
set nat44 deterministic timeout [udp <sec> | tcp-established <sec> tcp-transitory <sec> | icmp <sec> | reset].
vpp# set snat deterministic timeout
Set values of timeouts for deterministic NAT (in seconds), use:
vpp# set nat44 deterministic timeout udp 120 tcp-established 7500
tcp-transitory 250 icmp 90
To reset default values use:
vpp# set nat44 deterministic timeout reset
Declaration: set_timeout_command (src/plugins/nat/nat.c line 3083)
Implementation: set_timeout_command_fn.
set nat64 timeouts udp <sec> icmp <sec> tcp-trans <sec> tcp-est <sec> tcp-incoming-syn <sec> | reset.
vpp# set nat64 timeouts
Set NAT64 session timeouts (in seconds).
To set NAT64 session timeoutes use use:
vpp# set nat64 timeouts udp 200 icmp 30 tcp-trans 250 tcp-est 7450
To reset NAT64 session timeoutes to default values use:
vpp# set nat64 timeouts reset
Declaration: set_nat64_timeouts_command (src/plugins/nat/nat64_cli.c line 888)
Implementation: nat64_set_timeouts_command_fn.
show nat44.
Declaration: show_snat_command (src/plugins/nat/nat.c line 2642)
Implementation: show_snat_command_fn.
show nat64 bib all|tcp|udp|icmp|unknown.
vpp# show nat64 bib
Show NAT64 BIB entries.
To show NAT64 TCP BIB entries use:
vpp# show nat64 bib tcp
NAT64 tcp BIB:
fd01:1::2 6303 10.0.0.3 62303 tcp vrf 0 dynamic 1 sessions
2001:db8:c000:221:: 1234 10.1.1.3 5678 tcp vrf 0 static 2 sessions
To show NAT64 UDP BIB entries use:
vpp# show nat64 bib udp
NAT64 udp BIB:
fd01:1::2 6304 10.0.0.3 10546 udp vrf 0 dynamic 10 sessions
2001:db8:c000:221:: 1234 10.1.1.3 5678 udp vrf 10 static 0 sessions
To show NAT64 ICMP BIB entries use:
vpp# show nat64 bib icmp
NAT64 icmp BIB:
fd01:1::2 6305 10.0.0.3 63209 icmp vrf 10 dynamic 1 sessions
Declaration: show_nat64_bib_command (src/plugins/nat/nat64_cli.c line 872)
Implementation: nat64_show_bib_command_fn.
show nat64 interfaces.
vpp# show nat64 interfaces
Show interfaces with NAT64 feature.
To show interfaces with NAT64 feature use:
vpp# show nat64 interfaces
NAT64 interfaces:
GigabitEthernet0/8/0 in
GigabitEthernet0/a/0 out
Declaration: show_nat64_interfaces_command (src/plugins/nat/nat64_cli.c line 830)
Implementation: nat64_show_interfaces_command_fn.
show nat64 pool.
vpp# show nat64 pool
Show NAT64 pool.
vpp# show nat64 pool
NAT64 pool:
10.1.1.3 tenant VRF: 0
10.1.1.10 tenant VRF: 10
Declaration: show_nat64_pool_command (src/plugins/nat/nat64_cli.c line 797)
Implementation: nat64_show_pool_command_fn.
show nat64 prefix.
vpp# show nat64 prefix
Show NAT64 prefix.
To show NAT64 prefix use:
vpp# show nat64 prefix
NAT64 prefix:
2001:db8::/32 tenant-vrf 0
2001:db8:122:300::/56 tenant-vrf 10
Declaration: show_nat64_prefix_command (src/plugins/nat/nat64_cli.c line 970)
Implementation: nat64_show_prefix_command_fn.
show nat64 session table all|tcp|udp|icmp|unknown.
vpp# show nat64 session table
Show NAT64 session table.
To show NAT64 TCP session table use:
vpp# show nat64 session table tcp
NAT64 tcp session table:
fd01:1::2 6303 64:ff9b::ac10:202 20 10.0.0.3 62303 172.16.2.2 20 tcp vrf 0
fd01:3::2 6303 64:ff9b::ac10:202 20 10.0.10.3 21300 172.16.2.2 20 tcp vrf 10
To show NAT64 UDP session table use:
#vpp show nat64 session table udp
NAT64 udp session table:
fd01:1::2 6304 64:ff9b::ac10:202 20 10.0.0.3 10546 172.16.2.2 20 udp vrf 0
fd01:3::2 6304 64:ff9b::ac10:202 20 10.0.10.3 58627 172.16.2.2 20 udp vrf 10
fd01:1::2 1235 64:ff9b::a00:3 4023 10.0.0.3 24488 10.0.0.3 4023 udp vrf 0
fd01:1::3 23 64:ff9b::a00:3 24488 10.0.0.3 4023 10.0.0.3 24488 udp vrf 0
To show NAT64 ICMP session table use:
#vpp show nat64 session table icmp
NAT64 icmp session table:
fd01:1::2 64:ff9b::ac10:202 6305 10.0.0.3 172.16.2.2 63209 icmp vrf 0
Declaration: show_nat64_st_command (src/plugins/nat/nat64_cli.c line 936)
Implementation: nat64_show_st_command_fn.
show nat64 timeouts.
vpp# show nat64 timeoutss
Show NAT64 session timeouts:
vpp# show nat64 timeouts
NAT64 session timeouts:
UDP 300sec
ICMP 60sec
TCP transitory 240sec
TCP established 7440sec
TCP incoming SYN 6sec
Declaration: show_nat64_timeouts_command (src/plugins/nat/nat64_cli.c line 908)
Implementation: nat64_show_timeouts_command_fn.