________
This plugin covers specific NAT use-cases that come mostly
-from the container networking world. On the contraty of the
+from the container networking world. On the contrary of the
NAT concepts used for e.g. a home gateway, there is no notion
of 'outside' and 'inside'. We handle Virtual (or Real) IPs and
translations of the packets destined to them
until the flow is reset or a timeout is reached
A ``session`` is a fully resolved 9-tuple of ``src_ip, src_port, dest_ip, dest_port, proto``
-to match incoming packets, and their new attributes ``new_src_ip, new_src_port, new_dest_ip, new_dest_port``. It allows for ``backend`` stickyness and a fast-path for established connections.
+to match incoming packets, and their new attributes ``new_src_ip, new_src_port, new_dest_ip, new_dest_port``. It allows for ``backend`` stickiness and a fast-path for established connections.
-These ``sessions`` expire after 30s for regular ``sessions`` and 1h for estabished
+These ``sessions`` expire after 30s for regular ``sessions`` and 1h for established
TCP connections. These can be changed in vpp's configuration file
.. code-block:: console
If ``30.0.0.2`` is the address of an interface, we can use the following
-to do the same translation, and additionnaly change the source.
+to do the same translation, and additionally change the source.
address with ``1.2.3.4``
.. code-block:: console
SourceNATing outgoing traffic
-----------------------------
-A independant part of the plugin allows changing the source address
+A independent part of the plugin allows changing the source address
of outgoing traffic on a per-interface basis.
-In the following example, all traffic comming from ``tap0`` and NOT
+In the following example, all traffic coming from ``tap0`` and NOT
going to ``20.0.0.0/24`` will be source NAT-ed with ``30.0.0.1``.
On the way back the translation will be undone.
Known limitations
_________________
-This plugin is still under developpment, it lacks the following features :
+This plugin is still under development, it lacks the following features :
* Load balancing doesn't support parametric probabilities
* VRFs aren't supported. All rules apply to fib table 0 only
* Programmatic session handling (deletion, lifetime updates) aren't supported
/*?
* This command adds the 'ip4-geneve-bypass' graph node for a given interface.
* By adding the IPv4 geneve-bypass graph node to an interface, the node checks
- * for and validate input geneve packet and bypass ip4-lookup, ip4-local,
+ * for and validate input geneve packet and bypass ip4-lookup, ip4-local,
* ip4-udp-lookup nodes to speedup geneve packet forwarding. This node will
* cause extra overhead to for non-geneve packets which is kept at a minimum.
*
*
* Example of graph node after ip4-geneve-bypass is enabled:
* @cliexstart{show vlib graph ip4-geneve-bypass}
- * Name Next Previous
- * ip4-geneve-bypass error-drop [0] ip4-input
- * geneve4-input [1] ip4-input-no-checksum
- * ip4-lookup [2]
+ * Name Next Previous
+ * ip4-geneve-bypass error-drop [0] ip4-input
+ * geneve4-input [1] ip4-input-no-checksum
+ * ip4-lookup [2]
* @cliexend
*
- * Example of how to display the feature enabed on an interface:
+ * Example of how to display the feature enabled on an interface:
* @cliexstart{show ip interface features GigabitEthernet2/0/0}
* IP feature paths configured on GigabitEthernet2/0/0...
* ...
/*?
* This command adds the 'ip6-geneve-bypass' graph node for a given interface.
* By adding the IPv6 geneve-bypass graph node to an interface, the node checks
- * for and validate input geneve packet and bypass ip6-lookup, ip6-local,
+ * for and validate input geneve packet and bypass ip6-lookup, ip6-local,
* ip6-udp-lookup nodes to speedup geneve packet forwarding. This node will
* cause extra overhead to for non-geneve packets which is kept at a minimum.
*
*
* Example of graph node after ip6-geneve-bypass is enabled:
* @cliexstart{show vlib graph ip6-geneve-bypass}
- * Name Next Previous
- * ip6-geneve-bypass error-drop [0] ip6-input
- * geneve6-input [1] ip4-input-no-checksum
- * ip6-lookup [2]
+ * Name Next Previous
+ * ip6-geneve-bypass error-drop [0] ip6-input
+ * geneve6-input [1] ip4-input-no-checksum
+ * ip6-lookup [2]
* @cliexend
*
- * Example of how to display the feature enabed on an interface:
+ * Example of how to display the feature enabled on an interface:
* @cliexstart{show ip interface features GigabitEthernet2/0/0}
* IP feature paths configured on GigabitEthernet2/0/0...
* ...
* to span multiple servers. This is done by building an L2 overlay on
* top of an L3 network underlay using GTPU tunnels.
*
- * GTPU can also be used to transport IP packetes as its PDU type to
+ * GTPU can also be used to transport IP packets as its PDU type to
* allow IP forwarding over underlay network, e.g. between RAN and UPF
- * for mobility deplyments.
+ * for mobility deployments.
*
* @cliexpar
* Example of how to create a GTPU Tunnel:
- * @cliexcmd{create gtpu tunnel src 10.0.3.1 dst 10.0.3.3 teid 13 tteid 55 encap-vrf-id 7}
+ * @cliexcmd{create gtpu tunnel src 10.0.3.1 dst 10.0.3.3 teid 13 tteid 55
+ * encap-vrf-id 7}
* Example of how to delete a GTPU Tunnel:
- * @cliexcmd{create gtpu tunnel src 10.0.3.1 dst 10.0.3.3 teid 13 encap-vrf-id 7 del}
+ * @cliexcmd{create gtpu tunnel src 10.0.3.1 dst 10.0.3.3 teid 13 encap-vrf-id
+ * 7 del}
* Example of how to update tx TEID of a GTPU Tunnel:
- * @cliexcmd{create gtpu tunnel src 10.0.3.1 dst 10.0.3.3 encap-vrf-id 7 upd-tteid 55}
+ * @cliexcmd{create gtpu tunnel src 10.0.3.1 dst 10.0.3.3 encap-vrf-id 7
+ * upd-tteid 55}
?*/
/* *INDENT-OFF* */
VLIB_CLI_COMMAND (create_gtpu_tunnel_command, static) = {
/*?
* This command adds the 'ip4-gtpu-bypass' graph node for a given interface.
* By adding the IPv4 gtpu-bypass graph node to an interface, the node checks
- * for and validate input gtpu packet and bypass ip4-lookup, ip4-local,
+ * for and validate input gtpu packet and bypass ip4-lookup, ip4-local,
* ip4-udp-lookup nodes to speedup gtpu packet forwarding. This node will
* cause extra overhead to for non-gtpu packets which is kept at a minimum.
*
/*?
* This command adds the 'ip6-gtpu-bypass' graph node for a given interface.
* By adding the IPv6 gtpu-bypass graph node to an interface, the node checks
- * for and validate input gtpu packet and bypass ip6-lookup, ip6-local,
+ * for and validate input gtpu packet and bypass ip6-lookup, ip6-local,
* ip6-udp-lookup nodes to speedup gtpu packet forwarding. This node will
* cause extra overhead to for non-gtpu packets which is kept at a minimum.
*
The interior node is neither pipelined nor dual-looped, because
it would be very unusual to see more than one LACP packet in
- a given input frame. So, it's a very simple / straighforward
+ a given input frame. So, it's a very simple / straightforward
example.
*/
* The load-balancer receives traffic destined to VIP (Virtual IP)
* addresses from one or multiple(ECMP) routers.
* The load-balancer tunnels the traffic toward many application servers
- * ensuring session stickyness (i.e. that a single sessions is tunneled
+ * ensuring session stickiness (i.e. that a single sessions is tunneled
* towards a single application server).
*
*/
/*?
* Enable or disable the MAP-E inbound security check
- * Specifiy if the inbound security check should be done on fragments
+ * Specify if the inbound security check should be done on fragments
*
* @cliexpar
* @cliexstart{map params security-check}
.function = map_security_check_command_fn,
};
-
/*?
- * Specifiy the IPv4 source address used for relayed ICMP error messages
+ * Specify the IPv4 source address used for relayed ICMP error messages
*
* @cliexpar
* @cliexstart{map params icmp source-address}
/*?
* This command enables or disables buffer metadata change tracking
*
- *@cliexpar
+ * @cliexpar
* To enable buffer metadata change tracking:
- *@cliexstart{buffer metadata tracking on}
+ * @cliexstart{buffer metadata tracking on}
* Tracking enabled
- *@cliexend
+ * @cliexend
*
- *@cliexstart{buffer metadata tracking off}
+ * @cliexstart{buffer metadata tracking off}
* Tracking disabled
- *@cliexend
+ * @cliexend
?*/
/* *INDENT-OFF* */
/*?
* This command displays buffer metadata change information
- *@cliexpar
+ * @cliexpar
* How to display buffer metadata change information
- *@cliexstart{show buffer metadata}
+ * @cliexstart{show buffer metadata}
* ethernet-input: current_data current_length flags error
* vnet_buffer_t: l2_hdr_offset l3_hdr_offset
* vnet_buffer2_t: no changes
- *@cliexend
+ * @cliexend
?*/
/* *INDENT-OFF* */
}
/*?
- * This command dispays the MAC Address entries of the PPPoE FIB table.
+ * This command displays the MAC Address entries of the PPPoE FIB table.
* Output can be filtered to just get the number of MAC Addresses or display
* each MAC Address.
*
* Example of how to display the number of MAC Address entries in the PPPoE
* FIB table:
* @cliexstart{show pppoe fib}
- * Mac Address session_id Interface sw_if_index session_index
- * 52:54:00:53:18:33 1 GigabitEthernet0/8/0 2 0
- * 52:54:00:53:18:55 2 GigabitEthernet0/8/1 3 1
+ * Mac Address session_id Interface sw_if_index session_index
+ * 52:54:00:53:18:33 1 GigabitEthernet0/8/0 2 0
+ * 52:54:00:53:18:55 2 GigabitEthernet0/8/1 3 1
* @cliexend
?*/
/* *INDENT-OFF* */
VLIB_INIT_FUNCTION (svs_api_init);
-/* *INDENT-OFF* */
VLIB_PLUGIN_REGISTER () = {
- .version = VPP_BUILD_VER,
- .description = "Source Virtual Routing and Fowarding (VRF) Select",
+ .version = VPP_BUILD_VER,
+ .description = "Source Virtual Routing and Forwarding (VRF) Select",
};
-/* *INDENT-ON* */
/*
* fd.io coding-style-patch-verification: ON
/* MFIB_TEST_NS(!mfib_test_entry_no_itf(mfei, tm->hw[3]->sw_if_index)); */
/*
- * remove the last path and the accpeting only interface,
+ * remove the last path and the accepting only interface,
* the entry still has flags so it remains
*/
vec_reset_length(two_paths);
*
* Example of graph node after range checking is enabled:
* @cliexstart{show vlib graph ip4-rx-urpf-loose}
- * Name Next Previous
- * ip4-rx-urpf-loose ip4-drop [0] ip4-input-no-checksum
- * ip4-source-and-port-range- ip4-input
+ * Name Next Previous
+ * ip4-rx-urpf-loose ip4-drop [0] ip4-input-no-checksum
+ * ip4-source-and-port-range- ip4-input
* @cliexend
*
- * Example of how to display the feature enabed on an interface:
+ * Example of how to display the feature enabled on an interface:
* @cliexstart{show ip interface features GigabitEthernet2/0/0}
* IP feature paths configured on GigabitEthernet2/0/0...
*