Page MenuHomeVyOS Platform
Create Task
Maniphest T6442

CGNAT add address allocation logs to syslog during commit
Closed, ResolvedPublicFEATURE REQUEST
Actions

Description

Add the ability to get all address and port block allocation in syslog.
Changing the external address range could change the combination of external address and port allocation. It will be to get the actual allocations in the syslog during the commit.

Initial config

set nat cgnat pool external ext-01 external-port-range '4000-8000'
set nat cgnat pool external ext-01 per-user-limit port '2000'
set nat cgnat pool external ext-01 range 192.168.122.222/32
set nat cgnat pool external ext-01 range 192.168.122.225/32
set nat cgnat pool internal int-01 range '100.64.0.1-100.64.0.4'
set nat cgnat rule 10 source pool 'int-01'
set nat cgnat rule 10 translation pool 'ext-01'

Allocations:

vyos@r4# run show nat cgnat allocation 
Internal IP    External IP      Port range
-------------  ---------------  ------------
100.64.0.1     192.168.122.222  4000-5999
100.64.0.2     192.168.122.222  6000-7999
100.64.0.3     192.168.122.225  4000-5999
100.64.0.4     192.168.122.225  6000-7999
[edit]
vyos@r4#

Change external pool

delete nat cgnat pool external ext-01 range 192.168.122.222/32
set nat cgnat pool external ext-01 range 192.168.122.254/32
commit

Check after the change. External address and port 192.168.122.225:4000-5999 are different for the same internal IP

vyos@r4# run show nat cgnat allocation 
Internal IP    External IP      Port range
-------------  ---------------  ------------
100.64.0.1     192.168.122.225  4000-5999
100.64.0.2     192.168.122.225  6000-7999
100.64.0.3     192.168.122.254  4000-5999
100.64.0.4     192.168.122.254  6000-7999

It's nice to have this information in the syslog when it was changed to log the actual info allocation.

Details

Difficulty level
Unknown (require assessment)
Version
-
Why the issue appeared?
Will be filled on close
Is it a breaking change?
Unspecified (possibly destroys the router)
Issue type
Feature (new functionality)

Related Objects
Search...

StatusSubtypeAssignedTask
 Needs testingFEATURE REQUESTNoneT5169 Add CGNAT Carrier-Grade NAT based on nftables
 ResolvedFEATURE REQUESTViacheslavT6442 CGNAT add address allocation logs to syslog during commit

Event Timeline

Viacheslav created this task.Jun 3 2024, 4:27 PM
Viacheslav triaged this task as Wishlist priority.
Viacheslav added a parent task: T5169: Add CGNAT Carrier-Grade NAT based on nftables.
pasik subscribed.Jun 3 2024, 4:58 PM
Viacheslav added a comment.Jun 10 2024, 11:21 AM

PR https://github.com/vyos/vyos-1x/pull/3621

set nat cgnat log-allocation
set nat cgnat pool external ext-01 external-port-range '1024-65535'
set nat cgnat pool external ext-01 per-user-limit port '2000'
set nat cgnat pool external ext-01 range 192.168.122.222/32
set nat cgnat pool internal int-01 range '100.64.0.0/28'
set nat cgnat rule 10 source pool 'int-01'
set nat cgnat rule 10 translation pool 'ext-01'

check logs:

Jun 10 14:10:02 r4 sudo[9057]:     vyos : TTY=pts/0 ; PWD=/home/vyos ; USER=root ; COMMAND=/usr/bin/sh -c ' /usr/libexec/vyos/conf_mode/nat_cgnat.py'
Jun 10 14:10:02 r4 sudo[9057]: pam_unix(sudo:session): session opened for user root(uid=0) by vyos(uid=1003)
Jun 10 14:10:03 r4 cgnat[9059]: Internal host: 100.64.0.0, external host: 192.168.122.222, Port range: 1024-3023
Jun 10 14:10:03 r4 cgnat[9059]: Internal host: 100.64.0.1, external host: 192.168.122.222, Port range: 3024-5023
Jun 10 14:10:03 r4 cgnat[9059]: Internal host: 100.64.0.2, external host: 192.168.122.222, Port range: 5024-7023
Jun 10 14:10:03 r4 cgnat[9059]: Internal host: 100.64.0.3, external host: 192.168.122.222, Port range: 7024-9023
Jun 10 14:10:03 r4 cgnat[9059]: Internal host: 100.64.0.4, external host: 192.168.122.222, Port range: 9024-11023
Jun 10 14:10:03 r4 cgnat[9059]: Internal host: 100.64.0.5, external host: 192.168.122.222, Port range: 11024-13023
Jun 10 14:10:03 r4 cgnat[9059]: Internal host: 100.64.0.6, external host: 192.168.122.222, Port range: 13024-15023
Jun 10 14:10:03 r4 cgnat[9059]: Internal host: 100.64.0.7, external host: 192.168.122.222, Port range: 15024-17023
Jun 10 14:10:03 r4 cgnat[9059]: Internal host: 100.64.0.8, external host: 192.168.122.222, Port range: 17024-19023
Jun 10 14:10:03 r4 cgnat[9059]: Internal host: 100.64.0.9, external host: 192.168.122.222, Port range: 19024-21023
Jun 10 14:10:03 r4 cgnat[9059]: Internal host: 100.64.0.10, external host: 192.168.122.222, Port range: 21024-23023
Jun 10 14:10:03 r4 cgnat[9059]: Internal host: 100.64.0.11, external host: 192.168.122.222, Port range: 23024-25023
Jun 10 14:10:03 r4 cgnat[9059]: Internal host: 100.64.0.12, external host: 192.168.122.222, Port range: 25024-27023
Jun 10 14:10:03 r4 cgnat[9059]: Internal host: 100.64.0.13, external host: 192.168.122.222, Port range: 27024-29023
Jun 10 14:10:03 r4 cgnat[9059]: Internal host: 100.64.0.14, external host: 192.168.122.222, Port range: 29024-31023
Jun 10 14:10:03 r4 cgnat[9059]: Internal host: 100.64.0.15, external host: 192.168.122.222, Port range: 31024-33023
Jun 10 14:10:03 r4 sudo[9057]: pam_unix(sudo:session): session closed for user root
Viacheslav changed the task status from Open to In progress.Jun 10 2024, 11:29 AM
Viacheslav claimed this task.
Viacheslav closed this task as Resolved.Jun 12 2024, 6:12 AM
Viacheslav moved this task from Need Triage to Finished on the VyOS 1.5 Circinus board.