Page MenuHomeVyOS Platform
Create Task
Maniphest T6364

CGNAT drop hard limit that allowed only one translation rule
Closed, ResolvedPublicFEATURE REQUEST
Actions

Description

As PoC for CGNAT here was a hard limit of using only one translation rule for one internal pool https://github.com/vyos/vyos-1x/blob/9a5897682a6d7fb59e2e90eb50b87dbbe8babaea/src/conf_mode/nat_cgnat.py#L192-L195
Drop this limit and extend the usage number of the rules

This config has two external and two internal pools and should work until the pools are unique per rule.

set nat cgnat pool external ext-01 external-port-range '40000-60000'
set nat cgnat pool external ext-01 per-user-limit port '5000'
set nat cgnat pool external ext-01 range 192.0.2.1-192.0.2.2
set nat cgnat pool external ext-01 range 192.0.2.11/32

set nat cgnat pool external vyos-ext-02 external-port-range '2000-22000'
set nat cgnat pool external vyos-ext-02 per-user-limit port '2000'
set nat cgnat pool external vyos-ext-02 range 203.0.113.55/32

set nat cgnat pool internal int-01 range '100.64.0.0/29'
set nat cgnat pool internal vyos-int-02 range '100.64.222.10-100.64.222.12'

set nat cgnat rule 100 source pool 'int-01'
set nat cgnat rule 100 translation pool 'ext-01'
set nat cgnat rule 120 source pool 'vyos-int-02'
set nat cgnat rule 120 translation pool 'vyos-ext-02'

Details

Difficulty level
Unknown (require assessment)
Version
-
Why the issue appeared?
Will be filled on close
Is it a breaking change?
Perfectly compatible
Issue type
Improvement (missing useful functionality)

Related Objects
Search...

StatusSubtypeAssignedTask
 Needs testingFEATURE REQUESTNoneT5169 Add CGNAT Carrier-Grade NAT based on nftables
 ResolvedFEATURE REQUESTViacheslavT6364 CGNAT drop hard limit that allowed only one translation rule

Event Timeline

Viacheslav created this task.May 18 2024, 1:43 PM
Viacheslav changed the task status from Open to In progress.
Viacheslav claimed this task.
Viacheslav triaged this task as Low priority.
Viacheslav added a parent task: T5169: Add CGNAT Carrier-Grade NAT based on nftables.
pasik subscribed.May 18 2024, 2:34 PM
Viacheslav added a comment.May 18 2024, 3:26 PM

PR https://github.com/vyos/vyos-1x/pull/3483

set nat cgnat pool external ext-01 external-port-range '40000-60000'
set nat cgnat pool external ext-01 per-user-limit port '5000'
set nat cgnat pool external ext-01 range 192.0.2.1-192.0.2.2
set nat cgnat pool external ext-01 range 192.0.2.11/32

set nat cgnat pool external vyos-ext-02 external-port-range '2000-22000'
set nat cgnat pool external vyos-ext-02 per-user-limit port '2000'
set nat cgnat pool external vyos-ext-02 range 203.0.113.55/32

set nat cgnat pool internal int-01 range '100.64.0.0/29'
set nat cgnat pool internal vyos-int-02 range '100.64.222.10-100.64.222.12'

set nat cgnat rule 100 source pool 'int-01'
set nat cgnat rule 100 translation pool 'ext-01'
set nat cgnat rule 120 source pool 'vyos-int-02'
set nat cgnat rule 120 translation pool 'vyos-ext-02'

check address/port allocations:

vyos@r4# run show nat cgnat allocation 
Internal IP    External IP    Port range
-------------  -------------  ------------
100.64.0.0     192.0.2.1      40000-44999
100.64.0.1     192.0.2.1      45000-49999
100.64.0.2     192.0.2.1      50000-54999
100.64.0.3     192.0.2.1      55000-59999
100.64.0.4     192.0.2.2      40000-44999
100.64.0.5     192.0.2.2      45000-49999
100.64.0.6     192.0.2.2      50000-54999
100.64.0.7     192.0.2.2      55000-59999
100.64.222.10  203.0.113.55   2000-3999
100.64.222.11  203.0.113.55   4000-5999
100.64.222.12  203.0.113.55   6000-7999
[edit]
vyos@r4#
Viacheslav closed this task as Resolved.May 20 2024, 7:24 AM
Viacheslav moved this task from Need Triage to Finished on the VyOS 1.5 Circinus board.