Skip to content
This repository was archived by the owner on Aug 15, 2025. It is now read-only.

T7283: VPP add static NAT support #24

Merged
merged 5 commits into from
Apr 1, 2025
Merged

T7283: VPP add static NAT support #24

merged 5 commits into from
Apr 1, 2025

Conversation

@natali-rs1985
Copy link
Contributor

@natali-rs1985 natali-rs1985 commented Mar 25, 2025
edited
Loading

Add static mapping NAT implementation

set vpp nat44 static rule 10 outbound-interface 'eth0'
set vpp nat44 static rule 10 inbound-interface 'eth1'
set vpp nat44 static rule 10 destination address 192.168.122.10    # optional, if not set outbound interface ip address is used
set vpp nat44 static rule 10 destination port 6545                 # optional
set vpp nat44 static rule 10 protocol tcp|udp|icmp|all             # optional, defaults to "all"
set vpp nat44 static rule 10 translation address 100.64.0.10
set vpp nat44 static rule 10 translation port 64010                # optional

Change Summary

Types of changes

  • Bug fix (non-breaking change which fixes an issue)
  • New feature (non-breaking change which adds functionality)
  • Code style update (formatting, renaming)
  • Refactoring (no functional changes)
  • Other (please describe):

Related Task(s)

Related PR(s)

Proposed changes

How to test

set interfaces ethernet eth0 address '192.168.122.210/24'
set interfaces ethernet eth1 address '100.64.0.1/24'

set vpp settings interface eth0 driver 'dpdk'
set vpp settings interface eth1 driver 'dpdk'
set vpp settings interface eth2 driver 'dpdk'
set vpp settings lcp ignore-kernel-routes
set vpp settings unix poll-sleep-usec '122'

set vpp nat44 static rule 10 destination address '192.168.122.54'
set vpp nat44 static rule 10 outbound-interface 'eth0'
set vpp nat44 static rule 10 translation address '100.64.0.10'

Check VPP NAT44

vyos@vyos:~$ show vpp nat44 static
Des_address/interface    Dest_port    Trans_address    Trans_port    Protocol
-----------------------  -----------  ---------------  ------------  ----------
192.168.122.54                        100.64.0.10                    all
vyos@vyos:~$ show vpp nat44 sessions
NAT44 ED sessions:
-------- thread 0 vpp_main: 1 sessions --------
    i2o 100.64.0.10 proto ICMP port 6440 fib 0
    o2i 192.168.122.54 proto ICMP port 6440 fib 0
       external host 8.8.8.8:6440
       i2o flow: match: saddr 100.64.0.10 sport 6440 daddr 8.8.8.8 dport 6440 proto ICMP fib_idx 0 rewrite: saddr 192.168.122.54 daddr 8.8.8.8 icmp-id 6440 txfib 0
       o2i flow: match: saddr 8.8.8.8 sport 6440 daddr 192.168.122.54 dport 6440 proto ICMP fib_idx 0 rewrite: saddr 8.8.8.8 daddr 100.64.0.10 icmp-id 6440 txfib 0
       index 0
       last heard 138.04
       timeout in 59.96
       total pkts 266, total bytes 24206
       static translation

vyos@vyos:~$ show vpp nat44 summary
max translations per thread: 64512 fib 0
icmp LRU min session timeout 1129 (now 1070)
total sessions: 1 (timed out: 0)
tcp sessions:
    total: 0 (timed out: 0)
        established: 0 (timed out: 0)
        transitory: 0 (timed out: 0)
udp sessions:
    total: 0 (timed out: 0)
icmp sessions:
    total: 1 (timed out: 0)
other sessions:
    total: 0 (timed out: 0)

Checklist:

  • I have read the CONTRIBUTING document
  • I have linked this PR to one or more Phabricator Task(s)
  • My commit headlines contain a valid Task id
  • My change requires a change to the documentation
  • I have updated the documentation accordingly

dmbaturin
dmbaturin suggested changes Mar 25, 2025
View reviewed changes
@natali-rs1985 natali-rs1985 force-pushed the T7283 branch 2 times, most recently from d2e066f to 97e44e5 Compare March 26, 2025 16:14
@sever-sever sever-sever requested a review from dmbaturin March 27, 2025 13:11
zdc
zdc suggested changes Mar 27, 2025
View reviewed changes
@natali-rs1985 natali-rs1985 changed the title T7283: VPP add 1:1 NAT support T7283: VPP add static NAT support Mar 31, 2025
@natali-rs1985 natali-rs1985 force-pushed the T7283 branch 2 times, most recently from 451384d to d73016a Compare March 31, 2025 15:13
@natali-rs1985 natali-rs1985 requested a review from zdc March 31, 2025 15:27
zdc
zdc approved these changes Apr 1, 2025
View reviewed changes
python/vyos/vpp/utils.py Outdated
Comment on lines 161 to 176
def vpp_iface_name_by_index(vpp_api, index: int) -> str | None:
"""Find interface name by interface index in VPP
Args:
vpp_api (_type_): VPP API object
index (int): interface index inside VPP
Returns:
str | None: Interface name or None (if was not found)
"""
for iface in vpp_api.sw_interface_dump():
if iface.sw_if_index == index:
return iface.interface_name
return None


Copy link
Contributor

@zdc zdc Apr 1, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Just an idea: should we keep this and this together?

Copy link
Contributor Author

@natali-rs1985 natali-rs1985 Apr 1, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Put them together in the control_vpp.py

@natali-rs1985
T7283: VPP add static NAT support
b0623ec 
Add static mapping NAT implementation

```
set vpp nat44 static rule 10 outbound-interface 'eth0'
set vpp nat44 static rule 10 inbound-interface 'eth1'
set vpp nat44 static rule 10 destination address 192.168.122.10    # optional, if not set outbound interface ip address is used
set vpp nat44 static rule 10 destination port 6545                 # optional
set vpp nat44 static rule 10 protocol tcp|udp|icmp|all             # optional, defaults to "all"
set vpp nat44 static rule 10 translation address 100.64.0.10
set vpp nat44 static rule 10 translation port 64010                # optional
```
dmbaturin
dmbaturin approved these changes Apr 1, 2025
View reviewed changes
python/vyos/vpp/nat/nat44.py
"""Add NAT44 interface"""
self.vpp.api.nat44_interface_add_del_feature(
flags=1,
flags=0x20,
Copy link
Contributor

@dmbaturin dmbaturin Apr 1, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This should be a constant. If there are issues with constants in the VPP module, we can just add it at the top of the script. Magic numbers are easy to forget, and we never know if VPP may change them.

@dmbaturin dmbaturin merged commit 07a3b0f into vyos-legacy:current Apr 1, 2025
1 check passed
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.

Reviewers

@jestabro jestabro Awaiting requested review from jestabro

@sever-sever sever-sever Awaiting requested review from sever-sever

2 more reviewers

@dmbaturin dmbaturin dmbaturin approved these changes

@zdc zdc zdc approved these changes

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@natali-rs1985 @dmbaturin @zdc @sever-sever