OSPF databases empty with enabled NAT44 VPP
Open, HighPublicBUG
Actions

Assigned To

None

Authored By

	pautiina
	Sep 3 2025, 12:31 PM

Description

The database of external routes is not filled after turning on NAT44 VPP.
I think it is necessary to somehow disable NAT44 for the OSPF protocol

set protocols ospf area 0.0.0.0 network '10.31.31.0/24'
set protocols ospf interface eth1 mtu-ignore

set vpp nat44 address-pool translation address '1.120.251.0-1.120.251.255'
set vpp nat44 exclude rule 10 external-interface 'eth0'
set vpp nat44 exclude rule 10 local-port '22'
set vpp nat44 exclude rule 10 protocol 'tcp'
set vpp nat44 exclude rule 15 external-interface 'eth1'
set vpp nat44 exclude rule 15 local-port '22'
set vpp nat44 exclude rule 15 protocol 'tcp'
set vpp nat44 exclude rule 20 local-address '2.200.60.11'
set vpp nat44 exclude rule 20 protocol 'all'
set vpp nat44 exclude rule 30 local-address '10.31.31.202'
set vpp nat44 exclude rule 30 protocol 'all'
set vpp nat44 interface inside 'eth1'
set vpp nat44 interface outside 'eth0'
set vpp settings cpu main-core '7'
set vpp settings interface eth0 driver 'dpdk'
set vpp settings interface eth1 driver 'dpdk'
set vpp settings lcp netlink rx-buffer-size '536870912'
set vpp settings memory main-heap-page-size 'default-hugepage'
set vpp settings memory main-heap-size '4G'
set vpp settings nat44 no-forwarding
set vpp settings nat44 timeout icmp '30'
set vpp settings nat44 timeout tcp-established '1800'
set vpp settings nat44 timeout udp '30'
set vpp settings physmem max-size '16G'
set vpp settings statseg page-size 'default-hugepage'
set vpp settings statseg size '256M'
set vpp settings unix poll-sleep-usec '12'

#show ip ospf 

 OSPF Routing Process, Router ID: 2.200.60.11
 Supports only single TOS (TOS0) routes
 This implementation conforms to RFC2328
 RFC1583Compatibility flag is disabled
 OpaqueCapability flag is disabled
 Initial SPF scheduling delay 200 millisec(s)
 Minimum hold time between consecutive SPFs 1000 millisec(s)
 Maximum hold time between consecutive SPFs 10000 millisec(s)
 Hold time multiplier is currently 1
 SPF algorithm last executed 15h03m46s ago
 Last SPF duration 16 usecs
 SPF timer is inactive
 LSA minimum interval 5000 msecs
 LSA minimum arrival 1000 msecs
 Write Multiplier set to 20 
 Refresh timer 10 secs
 Maximum multiple paths(ECMP) supported 256
 Administrative distance 110
 Number of external LSA 0. Checksum Sum 0x00000000
 Number of opaque AS LSA 0. Checksum Sum 0x00000000
 Number of areas attached to this router: 1
 Area ID: 0.0.0.0 (Backbone)
   Number of interfaces in this area: Total: 1, Active: 1
   Number of fully adjacent neighbors in this area: 0
   Area has no authentication
   SPF algorithm executed 2 times
   Number of LSA 1
   Number of router LSA 1. Checksum Sum 0x00005ff5
   Number of network LSA 0. Checksum Sum 0x00000000
   Number of summary LSA 0. Checksum Sum 0x00000000
   Number of ASBR summary LSA 0. Checksum Sum 0x00000000
   Number of NSSA LSA 0. Checksum Sum 0x00000000
   Number of opaque link LSA 0. Checksum Sum 0x00000000
   Number of opaque area LSA 0. Checksum Sum 0x00000000

#show ip ospf neighbor

Neighbor ID     Pri State           Up Time         Dead Time Address         Interface                        RXmtL RqstL DBsmL
172.16.1.1      128 2-Way/DROther   15h04m13s         35.010s 10.31.31.1      eth1:10.31.31.202                    0     0     0
2.200.60.6      1 2-Way/DROther   15h04m12s         37.716s 10.31.31.101    eth1:10.31.31.202                    0     0     0
2.200.60.8      1 2-Way/DROther   15h04m12s         37.716s 10.31.31.201    eth1:10.31.31.202                    0     0     0
2.200.60.2      1 2-Way/DROther   15h04m12s         37.716s 10.31.31.245    eth1:10.31.31.202                    0     0     0
2.200.60.14     1 2-Way/DROther   15h04m09s         33.383s 10.31.31.250    eth1:10.31.31.202                    0     0     0
192.168.254.1   128 ExStart/Backup  15h04m12s         31.228s 10.31.31.253    eth1:10.31.31.202                    0     0     0
2.200.60.9    180 ExStart/DR      15h04m12s         37.716s 10.31.31.254    eth1:10.31.31.202                    0     0     0

 show ip ospf interface eth1 
eth1 is up
  ifindex 6, MTU 1500 bytes, BW 40000 Mbit <UP,LOWER_UP,BROADCAST,RUNNING,MULTICAST>
  Internet Address 10.31.31.202/24, Broadcast 10.31.31.255, Area 0.0.0.0
  MTU mismatch detection: disabled
  Router ID 2.200.60.11, Network Type BROADCAST, Cost: 1
  Transmit Delay is 1 sec, State DROther, Priority 1
  Designated Router (ID) 2.200.60.9 Interface Address 10.31.31.254/24
  Backup Designated Router (ID) 192.168.254.1, Interface Address 10.31.31.253
  Multicast group memberships: OSPFAllRouters
  Timer intervals configured, Hello 10s, Dead 40s, Wait 40s, Retransmit 5
    Hello due in 3.012s
  Neighbor Count is 7, Adjacent neighbor count is 0
  Graceful Restart hello delay: 10s
  LSA retransmissions: 0

       OSPF Router with ID (2.200.60.11)

                Router Link States (Area 0.0.0.0)

Link ID         ADV Router      Age  Seq#       CkSum  Link count
2.200.60.11  2.200.60.11   1195 0x80000022 0x5ff5 1

Details

Version: 2025.08.28-0019-rolling
Is it a breaking change?: Unspecified (possibly destroys the router)
Issue type: Bug (incorrect behavior)

Related Objects
Search...

		Status	Subtype	Assigned	Task
		Open	BUG	None	T7070 VPP related bugs the root task
		Open	BUG	None	T7780 OSPF databases empty with enabled NAT44 VPP

Event Timeline

pautiina created this task.Sep 3 2025, 12:31 PM

pasik subscribed.Sep 3 2025, 3:49 PM

Viacheslav added a parent task: T7070: VPP related bugs the root task.Sep 4 2025, 8:18 AM

Unknown Object (User) triaged this task as High priority.Sep 5 2025, 7:24 AM

vpp-1

set interfaces ethernet eth0 address '192.168.122.21/24'
set interfaces ethernet eth0 description 'WAN'
set interfaces ethernet eth1 address '10.31.31.21/24'
set interfaces ethernet eth1 description 'LAN'
set protocols ospf area 0.0.0.0 network '10.31.31.0/24'
set protocols ospf interface eth1 mtu-ignore
set protocols static route 0.0.0.0/0 next-hop 192.168.122.1
set service ssh
set system host-name 'n1'
set system option kernel memory hugepage-size 2M hugepage-count '1690'
set vpp nat44 address-pool translation address '203.0.113.1-203.0.113.250'
set vpp nat44 exclude rule 10 external-interface 'eth0'
set vpp nat44 exclude rule 10 local-port '22'
set vpp nat44 exclude rule 10 protocol 'tcp'
set vpp nat44 interface inside 'eth1'
set vpp nat44 interface outside 'eth0'
set vpp settings interface eth0 driver 'dpdk'
set vpp settings interface eth1 driver 'dpdk'
set vpp settings unix poll-sleep-usec '222'

Other nodes the config is similar, but without NAT
Show neighbors:

vyos@n1:~$ show ip ospf neighbor 

Neighbor ID     Pri State           Up Time         Dead Time Address         Interface                        RXmtL RqstL DBsmL
192.168.122.22    1 ExStart/Backup  40m49s            30.297s 10.31.31.22     eth1:10.31.31.21                     0     0     0
192.168.122.23    1 ExStart/DR      40m49s            36.617s 10.31.31.23     eth1:10.31.31.21                     0     0     0

vyos@n1:~$

show trace:

vyos@n1:~$ sudo vppctl trace add dpdk-input 7
vyos@n1:~$ 
vyos@n1:~$ sudo vppctl show trace
------------------- Start of thread 0 vpp_main -------------------
Packet 1

00:43:14:240821: dpdk-input
  eth1 rx queue 0
  buffer 0x9862d: current data 0, length 42, buffer-pool 0, ref-count 1, trace handle 0x0
                  ext-hdr-valid 
  PKT MBUF: port 1, nb_segs 1, pkt_len 42
    buf_len 2176, data_len 42, ol_flags 0x0, data_off 128, phys_addr 0x9418bc0
    packet_type 0x0 l2_len 0 l3_len 0 outer_l2_len 0 outer_l3_len 0 
    rss 0x0 fdir.hi 0x0 fdir.lo 0x0
  ARP: 0c:26:69:ce:00:01 -> 0c:8b:23:97:00:01
  request, type ethernet/IP4, address size 6/4
  0c:26:69:ce:00:01/10.31.31.22 -> 00:00:00:00:00:00/10.31.31.21
00:43:14:241156: ethernet-input
  frame: flags 0x1, hw-if-index 2, sw-if-index 2
  ARP: 0c:26:69:ce:00:01 -> 0c:8b:23:97:00:01
00:43:14:241170: arp-input
  request, type ethernet/IP4, address size 6/4
  0c:26:69:ce:00:01/10.31.31.22 -> 00:00:00:00:00:00/10.31.31.21
00:43:14:241174: linux-cp-arp-phy
  rx-sw-if-index: 2 opcode: 1
00:43:14:241178: arp-reply
  request, type ethernet/IP4, address size 6/4
  0c:26:69:ce:00:01/10.31.31.22 -> 00:00:00:00:00:00/10.31.31.21
00:43:14:241195: eth1-output
  eth1 flags 0x0218000d
  ARP: 0c:8b:23:97:00:01 -> 0c:26:69:ce:00:01
  reply, type ethernet/IP4, address size 6/4
  0c:8b:23:97:00:01/10.31.31.21 -> 0c:26:69:ce:00:01/10.31.31.22
00:43:14:241198: eth1-tx
  eth1 tx queue 0
  buffer 0x9862d: current data 0, length 42, buffer-pool 0, ref-count 1, trace handle 0x0
                  ext-hdr-valid 
                  local l2-hdr-offset 0 l3-hdr-offset 14 
  PKT MBUF: port 1, nb_segs 1, pkt_len 42
    buf_len 2176, data_len 42, ol_flags 0x0, data_off 128, phys_addr 0x9418bc0
    packet_type 0x0 l2_len 0 l3_len 0 outer_l2_len 0 outer_l3_len 0 
    rss 0x0 fdir.hi 0x0 fdir.lo 0x0
  ARP: 0c:8b:23:97:00:01 -> 0c:26:69:ce:00:01
  reply, type ethernet/IP4, address size 6/4
  0c:8b:23:97:00:01/10.31.31.21 -> 0c:26:69:ce:00:01/10.31.31.22


Packet 3

00:43:15:274670: dpdk-input
  eth1 rx queue 0
  buffer 0x921ef: current data 0, length 86, buffer-pool 0, ref-count 1, trace handle 0x2
                  ext-hdr-valid 
  PKT MBUF: port 1, nb_segs 1, pkt_len 86
    buf_len 2176, data_len 86, ol_flags 0x0, data_off 128, phys_addr 0x9687c40
    packet_type 0x0 l2_len 0 l3_len 0 outer_l2_len 0 outer_l3_len 0 
    rss 0x0 fdir.hi 0x0 fdir.lo 0x0
  IP4: 0c:26:69:ce:00:01 -> 01:00:5e:00:00:05
  OSPF: 10.31.31.22 -> 224.0.0.5
    tos 0xc0, ttl 1, length 72, checksum 0xf714 dscp CS6 ecn NON_ECN
    fragment id 0xb84e
00:43:15:274985: ethernet-input
  frame: flags 0x1, hw-if-index 2, sw-if-index 2
  IP4: 0c:26:69:ce:00:01 -> 01:00:5e:00:00:05
00:43:15:274992: ip4-input
  OSPF: 10.31.31.22 -> 224.0.0.5
    tos 0xc0, ttl 1, length 72, checksum 0xf714 dscp CS6 ecn NON_ECN
    fragment id 0xb84e
00:43:15:274995: ip4-mfib-forward-lookup
  fib 0 entry 9
00:43:15:274997: ip4-mfib-forward-rpf
  entry 9 itf 2 flags Accept,
00:43:15:274999: ip4-replicate
  replicate: 7 via [@1]: dpo-receive
00:43:15:275002: ip4-receive
    fib:0 adj:9 flow:0x00000000
  OSPF: 10.31.31.22 -> 224.0.0.5
    tos 0xc0, ttl 1, length 72, checksum 0xf714 dscp CS6 ecn NON_ECN
    fragment id 0xb84e
00:43:15:275006: ip4-punt
    fib:0 adj:274 flow:0x00000000
  OSPF: 10.31.31.22 -> 224.0.0.5
    tos 0xc0, ttl 1, length 72, checksum 0xf714 dscp CS6 ecn NON_ECN
    fragment id 0xb84e
00:43:15:275007: ip4-punt-redirect
  via redirect:2
00:43:15:275008: ip4-dvr-dpo
     sw_if_index:4
00:43:15:275009: ip4-dvr-reinject
     sw_if_index:4
00:43:15:275012: tap4097-output
  tap4097 flags 0x0219000d
  IP4: 0c:26:69:ce:00:01 -> 01:00:5e:00:00:05
  OSPF: 10.31.31.22 -> 224.0.0.5
    tos 0xc0, ttl 1, length 72, checksum 0xf714 dscp CS6 ecn NON_ECN
    fragment id 0xb84e
00:43:15:275015: tap4097-tx
    buffer 0x921ef: current data 0, length 86, buffer-pool 0, ref-count 1, trace handle 0x2
                    ext-hdr-valid 
                    local dvr l2-hdr-offset 0 l3-hdr-offset 14 
  hdr-sz 0 l2-hdr-offset 0 l3-hdr-offset 14 l4-hdr-offset 0 l4-hdr-sz 0
  IP4: 0c:26:69:ce:00:01 -> 01:00:5e:00:00:05
  OSPF: 10.31.31.22 -> 224.0.0.5
    tos 0xc0, ttl 1, length 72, checksum 0xf714 dscp CS6 ecn NON_ECN
    fragment id 0xb84e

Packet 4

00:43:15:337772: dpdk-input
  eth1 rx queue 0
  buffer 0x93854: current data 0, length 66, buffer-pool 0, ref-count 1, trace handle 0x3
                  ext-hdr-valid 
  PKT MBUF: port 1, nb_segs 1, pkt_len 66
    buf_len 2176, data_len 66, ol_flags 0x0, data_off 128, phys_addr 0x96e1580
    packet_type 0x0 l2_len 0 l3_len 0 outer_l2_len 0 outer_l3_len 0 
    rss 0x0 fdir.hi 0x0 fdir.lo 0x0
  IP4: 0c:26:69:ce:00:01 -> 0c:8b:23:97:00:01
  OSPF: 10.31.31.22 -> 10.31.31.21
    tos 0xc0, ttl 1, length 52, checksum 0xadf9 dscp CS6 ecn NON_ECN
    fragment id 0xb84f
00:43:15:338072: ethernet-input
  frame: flags 0x1, hw-if-index 2, sw-if-index 2
  IP4: 0c:26:69:ce:00:01 -> 0c:8b:23:97:00:01
00:43:15:338077: ip4-input
  OSPF: 10.31.31.22 -> 10.31.31.21
    tos 0xc0, ttl 1, length 52, checksum 0xadf9 dscp CS6 ecn NON_ECN
    fragment id 0xb84f
00:43:15:338079: ip4-sv-reassembly-feature
  [not-fragmented]
00:43:15:338081: nat-pre-in2out
  in2out next_index 2 arc_next_index 10
00:43:15:338082: nat44-ed-in2out
  NAT44_IN2OUT_ED_FAST_PATH: sw_if_index 2, next index 1
  search key local 0.0.0.0:0 remote 0.0.0.0:0 proto IP6_HOP_BY_HOP_OPTIONS fib 0 thread-index 0 session-index 0
00:43:15:338084: ip4-icmp-error
  OSPF: 10.31.31.22 -> 10.31.31.21
    tos 0xc0, ttl 1, length 52, checksum 0xadf9 dscp CS6 ecn NON_ECN
    fragment id 0xb84f
00:43:15:338089: ip4-lookup
  fib 0 dpo-idx 12 flow hash: 0x00000000
  ICMP: 10.31.31.21 -> 10.31.31.22
    tos 0x00, ttl 255, length 80, checksum 0x6944 dscp CS0 ecn NON_ECN
    fragment id 0x0000
  ICMP time_exceeded ttl_exceeded_in_transit checksum 0xf4ff
00:43:15:338091: ip4-drop
    fib:0 adj:0 flow:0x0000000b
  OSPF: 10.31.31.22 -> 10.31.31.21
    tos 0xc0, ttl 1, length 52, checksum 0xadf9 dscp CS6 ecn NON_ECN
    fragment id 0xb84f
00:43:15:338092: ip4-rewrite
  tx_sw_if_index 2 dpo-idx 12 : ipv4 via 10.31.31.22 eth1: mtu:1500 next:6 flags:[] 0c2669ce00010c8b239700010800 flow hash: 0x00000000
  00000000: 0c2669ce00010c8b2397000108004500005000000000ff0169440a1f1f150a1f
  00000020: 1f160b00f4ff0000000045c00034b84f00000159adf90a1f1f160a1f
00:43:15:338094: error-drop
  rx:eth1
00:43:15:338095: eth1-output
  eth1 flags 0x02000001
  IP4: 0c:8b:23:97:00:01 -> 0c:26:69:ce:00:01
  ICMP: 10.31.31.21 -> 10.31.31.22
    tos 0x00, ttl 255, length 80, checksum 0x6944 dscp CS0 ecn NON_ECN
    fragment id 0x0000
  ICMP time_exceeded ttl_exceeded_in_transit checksum 0xf4ff
00:43:15:338097: drop
  dpdk-input: no error
00:43:15:338099: eth1-tx
  eth1 tx queue 0
  buffer 0x8f76e: current data -28, length 94, buffer-pool 0, ref-count 1, trace handle 0x3
                  local 
  PKT MBUF: port 65535, nb_segs 1, pkt_len 94
    buf_len 2176, data_len 94, ol_flags 0x0, data_off 100, phys_addr 0x99ddc00
    packet_type 0x0 l2_len 0 l3_len 0 outer_l2_len 0 outer_l3_len 0 
    rss 0x0 fdir.hi 0x0 fdir.lo 0x0
  IP4: 0c:8b:23:97:00:01 -> 0c:26:69:ce:00:01
  ICMP: 10.31.31.21 -> 10.31.31.22
    tos 0x00, ttl 255, length 80, checksum 0x6944 dscp CS0 ecn NON_ECN
    fragment id 0x0000
  ICMP time_exceeded ttl_exceeded_in_transit checksum 0xf4ff

PCAP

vpp_eth1.pcap908 BDownload

	F18359350: vpp_eth1.pcap
	Oct 3 2025, 2:05 PM

	F18358777: vpp-nat-ospf.png
	Oct 3 2025, 2:05 PM

OSPF databases empty with enabled NAT44 VPPOpen, HighPublicBUGActions

Description

Details

Related ObjectsSearch...

Event Timeline

OSPF databases empty with enabled NAT44 VPP
Open, HighPublicBUG
Actions

Related Objects
Search...