#include <nat/nat_inlines.h>
#include <nat/nat_affinity.h>
#include <vnet/fib/fib_table.h>
+#include <nat/nat_ha.h>
#define UNSUPPORTED_IN_DET_MODE_STR \
"This command is unsupported in deterministic mode"
/* Get a line of input. */
if (!unformat_user (input, unformat_line_input, line_input))
- return 0;
+ {
+ rv = snat_ipfix_logging_enable_disable (enable, domain_id,
+ (u16) src_port);
+ if (rv)
+ return clib_error_return (0, "ipfix logging enable failed");
+ return 0;
+ }
while (unformat_check_input (line_input) != UNFORMAT_END_OF_INPUT)
{
return 0;
}
+static clib_error_t *
+nat_ha_failover_command_fn (vlib_main_t * vm, unformat_input_t * input,
+ vlib_cli_command_t * cmd)
+{
+ unformat_input_t _line_input, *line_input = &_line_input;
+ ip4_address_t addr;
+ u32 port, session_refresh_interval = 10;
+ int rv;
+ clib_error_t *error = 0;
+
+ /* Get a line of input. */
+ if (!unformat_user (input, unformat_line_input, line_input))
+ return 0;
+
+ while (unformat_check_input (line_input) != UNFORMAT_END_OF_INPUT)
+ {
+ if (unformat (line_input, "%U:%u", unformat_ip4_address, &addr, &port))
+ ;
+ else
+ if (unformat
+ (line_input, "refresh-interval %u", &session_refresh_interval))
+ ;
+ else
+ {
+ error = clib_error_return (0, "unknown input '%U'",
+ format_unformat_error, line_input);
+ goto done;
+ }
+ }
+
+ rv = nat_ha_set_failover (&addr, (u16) port, session_refresh_interval);
+ if (rv)
+ error = clib_error_return (0, "set HA failover failed");
+
+done:
+ unformat_free (line_input);
+
+ return error;
+}
+
+static clib_error_t *
+nat_ha_listener_command_fn (vlib_main_t * vm, unformat_input_t * input,
+ vlib_cli_command_t * cmd)
+{
+ unformat_input_t _line_input, *line_input = &_line_input;
+ ip4_address_t addr;
+ u32 port, path_mtu = 512;
+ int rv;
+ clib_error_t *error = 0;
+
+ /* Get a line of input. */
+ if (!unformat_user (input, unformat_line_input, line_input))
+ return 0;
+
+ while (unformat_check_input (line_input) != UNFORMAT_END_OF_INPUT)
+ {
+ if (unformat (line_input, "%U:%u", unformat_ip4_address, &addr, &port))
+ ;
+ else if (unformat (line_input, "path-mtu %u", &path_mtu))
+ ;
+ else
+ {
+ error = clib_error_return (0, "unknown input '%U'",
+ format_unformat_error, line_input);
+ goto done;
+ }
+ }
+
+ rv = nat_ha_set_listener (&addr, (u16) port, path_mtu);
+ if (rv)
+ error = clib_error_return (0, "set HA listener failed");
+
+done:
+ unformat_free (line_input);
+
+ return error;
+}
+
+static clib_error_t *
+nat_show_ha_command_fn (vlib_main_t * vm, unformat_input_t * input,
+ vlib_cli_command_t * cmd)
+{
+ ip4_address_t addr;
+ u16 port;
+ u32 path_mtu, session_refresh_interval, resync_ack_missed;
+ u8 in_resync;
+
+ nat_ha_get_listener (&addr, &port, &path_mtu);
+ if (!port)
+ {
+ vlib_cli_output (vm, "NAT HA disabled\n");
+ return 0;
+ }
+
+ vlib_cli_output (vm, "LISTENER:\n");
+ vlib_cli_output (vm, " %U:%u path-mtu %u\n",
+ format_ip4_address, &addr, port, path_mtu);
+
+ nat_ha_get_failover (&addr, &port, &session_refresh_interval);
+ vlib_cli_output (vm, "FAILOVER:\n");
+ if (port)
+ vlib_cli_output (vm, " %U:%u refresh-interval %usec\n",
+ format_ip4_address, &addr, port,
+ session_refresh_interval);
+ else
+ vlib_cli_output (vm, " NA\n");
+
+ nat_ha_get_resync_status (&in_resync, &resync_ack_missed);
+ vlib_cli_output (vm, "RESYNC:\n");
+ if (in_resync)
+ vlib_cli_output (vm, " in progress\n");
+ else
+ vlib_cli_output (vm, " completed (%d ACK missed)\n", resync_ack_missed);
+
+ return 0;
+}
+
+static clib_error_t *
+nat_ha_flush_command_fn (vlib_main_t * vm, unformat_input_t * input,
+ vlib_cli_command_t * cmd)
+{
+ nat_ha_flush (0);
+ return 0;
+}
+
+static clib_error_t *
+nat_ha_resync_command_fn (vlib_main_t * vm, unformat_input_t * input,
+ vlib_cli_command_t * cmd)
+{
+ clib_error_t *error = 0;
+
+ if (nat_ha_resync (0, 0, 0))
+ error = clib_error_return (0, "NAT HA resync already running");
+
+ return error;
+}
+
static clib_error_t *
add_address_command_fn (vlib_main_t * vm,
unformat_input_t * input, vlib_cli_command_t * cmd)
rv = snat_add_static_mapping (l_addr, e_addr, (u16) l_port, (u16) e_port,
vrf_id, addr_only, sw_if_index, proto, is_add,
- twice_nat, out2in_only, 0);
+ twice_nat, out2in_only, 0, 0);
switch (rv)
{
rv = snat_add_static_mapping (addr, addr, (u16) port, (u16) port,
vrf_id, addr_only, sw_if_index, proto, is_add,
- 0, 0, 0);
+ 0, 0, 0, 1);
switch (rv)
{
if (unformat (line_input, "local %U:%u probability %u",
unformat_ip4_address, &l_addr, &l_port, &probability))
{
- memset (&local, 0, sizeof (local));
+ clib_memset (&local, 0, sizeof (local));
local.addr = l_addr;
local.port = (u16) l_port;
local.probability = (u8) probability;
unformat_ip4_address, &l_addr, &l_port, &vrf_id,
&probability))
{
- memset (&local, 0, sizeof (local));
+ clib_memset (&local, 0, sizeof (local));
local.addr = l_addr;
local.port = (u16) l_port;
local.probability = (u8) probability;
return error;
}
+static clib_error_t *
+add_lb_backend_command_fn (vlib_main_t * vm,
+ unformat_input_t * input, vlib_cli_command_t * cmd)
+{
+ unformat_input_t _line_input, *line_input = &_line_input;
+ snat_main_t *sm = &snat_main;
+ clib_error_t *error = 0;
+ ip4_address_t l_addr, e_addr;
+ u32 l_port = 0, e_port = 0, vrf_id = 0, probability = 0;
+ int is_add = 1;
+ int rv;
+ snat_protocol_t proto;
+ u8 proto_set = 0;
+
+ if (sm->deterministic)
+ return clib_error_return (0, UNSUPPORTED_IN_DET_MODE_STR);
+
+ /* Get a line of input. */
+ if (!unformat_user (input, unformat_line_input, line_input))
+ return 0;
+
+ while (unformat_check_input (line_input) != UNFORMAT_END_OF_INPUT)
+ {
+ if (unformat (line_input, "local %U:%u probability %u",
+ unformat_ip4_address, &l_addr, &l_port, &probability))
+ ;
+ else if (unformat (line_input, "local %U:%u vrf %u probability %u",
+ unformat_ip4_address, &l_addr, &l_port, &vrf_id,
+ &probability))
+ ;
+ else if (unformat (line_input, "external %U:%u", unformat_ip4_address,
+ &e_addr, &e_port))
+ ;
+ else if (unformat (line_input, "protocol %U", unformat_snat_protocol,
+ &proto))
+ proto_set = 1;
+ else if (unformat (line_input, "del"))
+ is_add = 0;
+ else
+ {
+ error = clib_error_return (0, "unknown input: '%U'",
+ format_unformat_error, line_input);
+ goto done;
+ }
+ }
+
+ if (!l_port || !e_port)
+ {
+ error = clib_error_return (0, "local or external must be set");
+ goto done;
+ }
+
+ if (!proto_set)
+ {
+ error = clib_error_return (0, "missing protocol");
+ goto done;
+ }
+
+ rv =
+ nat44_lb_static_mapping_add_del_local (e_addr, (u16) e_port, l_addr,
+ l_port, proto, vrf_id, probability,
+ is_add);
+
+ switch (rv)
+ {
+ case VNET_API_ERROR_INVALID_VALUE:
+ error = clib_error_return (0, "External is not load-balancing static "
+ "mapping.");
+ goto done;
+ case VNET_API_ERROR_NO_SUCH_ENTRY:
+ error = clib_error_return (0, "Mapping or back-end not exist.");
+ goto done;
+ case VNET_API_ERROR_VALUE_EXIST:
+ error = clib_error_return (0, "Back-end already exist.");
+ goto done;
+ case VNET_API_ERROR_FEATURE_DISABLED:
+ error =
+ clib_error_return (0, "Available only for endpoint-dependent mode.");
+ goto done;
+ case VNET_API_ERROR_UNSPECIFIED:
+ error = clib_error_return (0, "At least two back-ends must remain");
+ goto done;
+ default:
+ break;
+ }
+
+done:
+ unformat_free (line_input);
+
+ return error;
+}
+
static clib_error_t *
nat44_show_static_mappings_command_fn (vlib_main_t * vm,
unformat_input_t * input,
* vpp# nat mss-clamping 1452
* To disbale TCP MSS rewriting use:
* vpp# nat mss-clamping disable
+ * @cliexend
?*/
VLIB_CLI_COMMAND (nat_set_mss_clamping_command, static) = {
.path = "nat mss-clamping",
/*?
* @cliexpar
- * @cliexstart{nat mss-clamping}
+ * @cliexstart{show nat mss-clamping}
* Show TCP MSS rewriting configuration
+ * @cliexend
?*/
VLIB_CLI_COMMAND (nat_show_mss_clamping_command, static) = {
.path = "show nat mss-clamping",
.function = nat_show_mss_clamping_command_fn,
};
+/*?
+ * @cliexpar
+ * @cliexstart{nat ha failover}
+ * Set HA failover (remote settings)
+ * @cliexend
+?*/
+VLIB_CLI_COMMAND (nat_ha_failover_command, static) = {
+ .path = "nat ha failover",
+ .short_help = "nat ha failover <ip4-address>:<port> [refresh-interval <sec>]",
+ .function = nat_ha_failover_command_fn,
+};
+
+/*?
+ * @cliexpar
+ * @cliexstart{nat ha listener}
+ * Set HA listener (local settings)
+ * @cliexend
+?*/
+VLIB_CLI_COMMAND (nat_ha_listener_command, static) = {
+ .path = "nat ha listener",
+ .short_help = "nat ha listener <ip4-address>:<port> [path-mtu <path-mtu>]",
+ .function = nat_ha_listener_command_fn,
+};
+
+/*?
+ * @cliexpar
+ * @cliexstart{show nat ha}
+ * Show HA configuration/status
+ * @cliexend
+?*/
+VLIB_CLI_COMMAND (nat_show_ha_command, static) = {
+ .path = "show nat ha",
+ .short_help = "show nat ha",
+ .function = nat_show_ha_command_fn,
+};
+
+/*?
+ * @cliexpar
+ * @cliexstart{nat ha flush}
+ * Flush the current HA data (for testing)
+ * @cliexend
+?*/
+VLIB_CLI_COMMAND (nat_ha_flush_command, static) = {
+ .path = "nat ha flush",
+ .short_help = "nat ha flush",
+ .function = nat_ha_flush_command_fn,
+};
+
+/*?
+ * @cliexpar
+ * @cliexstart{nat ha resync}
+ * Resync HA (resend existing sessions to new failover)
+ * @cliexend
+?*/
+VLIB_CLI_COMMAND (nat_ha_resync_command, static) = {
+ .path = "nat ha resync",
+ .short_help = "nat ha resync",
+ .function = nat_ha_resync_command_fn,
+};
+
/*?
* @cliexpar
* @cliexstart{show nat44 hash tables}
"[affinity <timeout-seconds>] [del]",
};
+/*?
+ * @cliexpar
+ * @cliexstart{nat44 add load-balancing static mapping}
+ * Modify service load balancing using NAT44
+ * To add new back-end server 10.100.10.30:8080 for service load balancing
+ * static mapping with external IP address 1.2.3.4 and TCP port 80 use:
+ * vpp# nat44 add load-balancing back-end protocol tcp external 1.2.3.4:80 local 10.100.10.30:8080 probability 25
+ * @cliexend
+?*/
+VLIB_CLI_COMMAND (add_lb_backend_command, static) = {
+ .path = "nat44 add load-balancing back-end",
+ .function = add_lb_backend_command_fn,
+ .short_help =
+ "nat44 add load-balancing back-end protocol tcp|udp "
+ "external <addr>:<port> local <addr>:<port> [vrf <table-id>] "
+ "probability <n> [del]",
+};
+
/*?
* @cliexpar
* @cliexstart{show nat44 static mappings}