Learning VPP: NAT

logo_fdio-300x184

Overview

We will use NAT feature to enable hosts connected to VPP router access the Internet.

Configuration

We will need NAT extra features that are enabled only in endpoint dependent mode. Also, we need to increase limits for NAT translations that are too small by default.

So we need to add the following lines into startup.conf file.

nat {
    endpoint-dependent
    translation hash buckets 1048576
    translation hash memory 268435456
    user hash buckets 1024
    max translations per user 10000
 }

After VPP is started the following commands will enable NAT on two interfaces.

nat44 add interface address GigabitEthernet0/3/0
nat addr-port-assignment-alg default
set interface nat44 in GigabitEthernet0/8/0 out GigabitEthernet0/3/0 output-feature
nat44 forwarding enable

Bypassing NAT

To access VPP using ssh the following command is applied.

nat44 add static mapping local 192.168.31.130 22 external GigabitEthernet0/3/0 22 tcp

To forbid NAT change source port of the outgoing specific traffic the following command is used.

nat44 add identity mapping 192.168.31.130 udp 4789

References

4 thoughts on “Learning VPP: NAT

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s