To reproduce, set specific timeouts for the VPP NAT:
set interfaces ethernet eth0 address '192.168.122.14/24' set interfaces ethernet eth0 description 'WAN' set interfaces ethernet eth1 address '100.64.0.1/24' set interfaces ethernet eth1 description 'LAN' set vpp nat44 address-pool translation address '192.168.122.101-192.168.122.102' set vpp nat44 exclude rule 100 local-address '100.64.0.52' set vpp nat44 exclude rule 100 local-port '22' set vpp nat44 interface inside 'eth1' set vpp nat44 interface outside 'eth0' set vpp nat44 static rule 100 external address '192.0.2.55' set vpp nat44 static rule 100 local address '100.64.0.55' set vpp settings interface eth0 driver 'dpdk' set vpp settings interface eth1 driver 'dpdk' set vpp settings nat44 no-forwarding set vpp settings nat44 session-limit '64000' set vpp settings nat44 timeout icmp '30' set vpp settings nat44 timeout tcp-established '600' set vpp settings nat44 timeout tcp-transitory '120' set vpp settings nat44 timeout udp '150' set vpp settings unix poll-sleep-usec '222'
Check (timeouts do not match):
vyos@r14# sudo vppctl show nat timeouts udp timeout: 300sec tcp-established timeout: 7440sec tcp-transitory timeout: 240sec icmp timeout: 60sec [edit] vyos@r14#