Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

T6364: CGNAT drop hard limit that allows only one translation rule #3483

Merged
merged 2 commits into from
May 19, 2024
Merged

T6364: CGNAT drop hard limit that allows only one translation rule #3483

merged 2 commits into from
May 19, 2024

Conversation

sever-sever
Copy link
Member

Change Summary

As PoC for CGNAT had a hard limit in using only one translation rule for one internal pool,
Drop this limit and extend the usage number of the rules.

Types of changes

  • Bug fix (non-breaking change which fixes an issue)
  • New feature (non-breaking change which adds functionality)
  • Code style update (formatting, renaming)
  • Refactoring (no functional changes)
  • Migration from an old Vyatta component to vyos-1x, please link to related PR inside obsoleted component
  • Other (please describe):

Related Task(s)

Related PR(s)

Component(s) name

cgnat

Proposed changes

How to test

And configuration with several translation rules (before it was possible only one rule):

set nat cgnat pool external ext-01 external-port-range '40000-60000'
set nat cgnat pool external ext-01 per-user-limit port '5000'
set nat cgnat pool external ext-01 range 192.0.2.1-192.0.2.2
set nat cgnat pool external ext-01 range 192.0.2.11/32

set nat cgnat pool external vyos-ext-02 external-port-range '2000-22000'
set nat cgnat pool external vyos-ext-02 per-user-limit port '2000'
set nat cgnat pool external vyos-ext-02 range 203.0.113.55/32

set nat cgnat pool internal int-01 range '100.64.0.0/29'
set nat cgnat pool internal vyos-int-02 range '100.64.222.10-100.64.222.12'

set nat cgnat rule 100 source pool 'int-01'
set nat cgnat rule 100 translation pool 'ext-01'
set nat cgnat rule 120 source pool 'vyos-int-02'
set nat cgnat rule 120 translation pool 'vyos-ext-02'

Check allocation to be sure that we see addresses in both pools:

vyos@r4# run show nat cgnat allocation 
Internal IP    External IP    Port range
-------------  -------------  ------------
100.64.0.0     192.0.2.1      40000-44999
100.64.0.1     192.0.2.1      45000-49999
100.64.0.2     192.0.2.1      50000-54999
100.64.0.3     192.0.2.1      55000-59999
100.64.0.4     192.0.2.2      40000-44999
100.64.0.5     192.0.2.2      45000-49999
100.64.0.6     192.0.2.2      50000-54999
100.64.0.7     192.0.2.2      55000-59999
100.64.222.10  203.0.113.55   2000-3999
100.64.222.11  203.0.113.55   4000-5999
100.64.222.12  203.0.113.55   6000-7999
[edit]
vyos@r4#

Smoketest result

vyos@r4:~$ /usr/libexec/vyos/tests/smoke/cli/test_cgnat.py
test_cgnat (__main__.TestCGNAT.test_cgnat) ... ok

----------------------------------------------------------------------
Ran 1 test in 20.654s

OK
vyos@r4:~$

Checklist:

  • I have read the CONTRIBUTING document
  • I have linked this PR to one or more Phabricator Task(s)
  • I have run the components SMOKETESTS if applicable
  • My commit headlines contain a valid Task id
  • My change requires a change to the documentation
  • I have updated the documentation accordingly

@sever-sever
T6364: CGNAT drop hard limit that allows only one translation rule
a9e461e 
As PoC for CGNAT had a hard limit of using only one translation
rule for one internal pool.
Drop this limit and extend the usage number of the rules.

```
set nat cgnat rule 100 source pool 'int-01'
set nat cgnat rule 100 translation pool 'ext-01'
set nat cgnat rule 120 source pool 'vyos-int-02'
set nat cgnat rule 120 translation pool 'vyos-ext-02'
```
@sever-sever
T5169: Allow to set CGNAT multiple internal pools
2371c26 
Allow to set multiple CGNAT internal pools
```
set nat cgnat pool internal int-01 range '100.64.0.0/28'
set nat cgnat pool internal int-01 range '100.64.222.11-100.64.222.14'
```
@sever-sever sever-sever requested review from a team, dmbaturin, sarthurdev, zdc, jestabro and c-po and removed request for a team May 18, 2024 17:29
@dmbaturin dmbaturin merged commit bc34540 into vyos:current May 19, 2024
6 of 7 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@dmbaturin dmbaturin dmbaturin approved these changes

@c-po c-po c-po approved these changes

@sarthurdev sarthurdev Awaiting requested review from sarthurdev sarthurdev is a code owner automatically assigned from vyos/reviewers

@zdc zdc Awaiting requested review from zdc zdc is a code owner automatically assigned from vyos/reviewers

@jestabro jestabro Awaiting requested review from jestabro jestabro is a code owner automatically assigned from vyos/reviewers

Assignees

@sever-sever sever-sever

Labels
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@sever-sever @dmbaturin @c-po