Learning VPP: NAT



We will use NAT feature to enable hosts connected to VPP router access the Internet.


We will need NAT extra features that are enabled only in endpoint dependent mode. Also, we need to increase limits for NAT translations that are too small by default.

So we need to add the following lines into startup.conf file.

nat {
    translation hash buckets 1048576
    translation hash memory 268435456
    user hash buckets 1024
    max translations per user 10000

After VPP is started the following commands will enable NAT on two interfaces.

nat44 add interface address GigabitEthernet0/3/0
nat addr-port-assignment-alg default
set interface nat44 in GigabitEthernet0/8/0 out GigabitEthernet0/3/0 output-feature
nat44 forwarding enable

Bypassing NAT

To access VPP using ssh the following command is applied.

nat44 add static mapping local 22 external GigabitEthernet0/3/0 22 tcp

To forbid NAT change source port of the outgoing specific traffic the following command is used.

nat44 add identity mapping udp 4789


4 thoughts on “Learning VPP: NAT

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s