Learning VPP: NAT



We will use NAT feature to enable hosts connected to VPP router access the Internet.


We will need NAT extra features that are enabled only in endpoint dependent mode. Also, we need to increase limits for NAT translations that are too small by default.

So we need to add the following lines into startup.conf file.

nat {
    translation hash buckets 1048576
    translation hash memory 268435456
    user hash buckets 1024
    max translations per user 10000

After VPP is started the following commands will enable NAT on two interfaces.

nat44 add interface address GigabitEthernet0/3/0
nat addr-port-assignment-alg default
set interface nat44 in GigabitEthernet0/8/0 out GigabitEthernet0/3/0 output-feature
nat44 forwarding enable

Bypassing NAT

To access VPP using ssh the following command is applied.

nat44 add static mapping local 22 external GigabitEthernet0/3/0 22 tcp

To forbid NAT change source port of the outgoing specific traffic the following command is used.

nat44 add identity mapping udp 4789