VPP/NAT
From fd.io
S-NAT
Introduction
What are we building? A general purpose stateful NAT44 that can be used as IPv4 CPE NAT, CGN or as an 1:1 NAT in a data centre environment. It can also be combined with other features to build e.g. 464XLAT or a MAP-E CE. General features: Stateful NAT44, stateful NAT64. We do not intend to support any ALGs. Support for millions of static and dynamic sessions. Wth the goal of 10Mpps /core. Ability to enforce per-user (aka inside address) session limitations. Configurable address and port selection algorithm. Dynamically choose between endpoint dependent and endpoint independent behaviour. Logging, initially with Netflow and telemetry. Integration with MAP-E, MAP-T, LW46 to build MAP CEs.
Work list
| Task | Owner | Priority | Status | Description |
|---|---|---|---|---|
| 1:1 NAT | Matus | 0 | Committed | VPP-339 |
| 1:1 NAT with ports | Matus | 0 | Committed | https://jira.fd.io/browse/VPP-339 VPP-339] |
| 1:1 NAT with disabled dynamic translation | Matus | 0 | Committed | https://jira.fd.io/browse/VPP-339 VPP-339] add "static mapping only [connection tracking]" to snat startup config. |
| VRF awareness | Matus | 0 | WIP | |
| Multiple inside interface - Multiple subnets | 0 | Multiple inside interfaces for the same "tenant" with non-overlapping address space. | ||
| Inside overlapping interfaces | 0 | Tenants on separate interfaces, separate VRFs with overlapping address space. | ||
| Thread safe | 0 | |||
| Hairpinning | 1 | Hosts communicating behind the same NAT using the external representation of their address. | ||
| Logging | 1 | Netflow - IPFix | ||
| API (Java and Python) | ||||
| Input ACL support before NAT | ||||
| Multiple outside interfaces | ||||
| ICMP error packet translation | ||||
| DS-lite | ||||
| NAT64 |
