Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Deterministic NAT mode breaks VPP

    Scheduled Pinned Locked Moved TNSR
    4 Posts 3 Posters 736 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • 0daymaster0
      0daymaster
      last edited by

      When I try to change the NAT mode to deterministic, after restarting the data plane, VPP crashes. Journalctl -xe reveals that VPP is complaining about a loopback interface. VPP stays crashed until I go into the running_db with Vim and change the NAT mode back to endpoint-dependent then reboot the system. Editing the config gets me back to a usable system but even after I edit the running_db and reboot I wind up having to negate part of my config related to BFD and re-apply the same config. Any ideas?

      1 Reply Last reply Reply Quote 0
      • jimpJ
        jimp Rebel Alliance Developer Netgate
        last edited by

        What was the exact error message(s) from the log?

        Nothing immediately comes to mind that would break in that way.

        Remember: Upvote with the 👍 button for any user/post you find to be helpful, informative, or deserving of recognition!

        Need help fast? Netgate Global Support!

        Do not Chat/PM for help!

        1 Reply Last reply Reply Quote 0
        • 0daymaster0
          0daymaster
          last edited by

          I was able to switch to deterministic NAT mode. Somehow I set an MTU of 1500 for a loopback interface so I negated that part of the config. Also, I was attempting to restart the dataplane from in-band interface. After I negated the MTU and restarted the dataplane from the managment interface I was able to change the NAT mode to deterministic successfully.

          I have a new problem now. gi1/0/0 and gi1/0/1 are my inside interfaces and gi1/0/3 is my outside interface. I'm running BFD consumed by OSPF on the inside interfaces. My local neighbor is an ROS device. When I change the NAT mode to deterministic, my BFD sessions go down and the adjacency breaks. I saw a note in the docs about outside NAT breaking services in deterministic NAT mode but these are inside interfaces,

          1 Reply Last reply Reply Quote 0
          • J
            jwt Netgate
            last edited by

            Deterministic NAT is a "CG-NAT". The design goal is to scale out against a very large number of endpoints with reduced (need for) logging. See, for example, RFC 7422.

            As noted, (thought the docs could be more clear), there isn't much chance of making inbound services work on the outside interface for the interface address in deterministic NAT mode.

            It could possibly work for services on the inside interfaces if the in2out node becomes an output feature on the outside interface, but that work isn't currently contemplated. If it's important to your use case, please get in-touch so we can help determine how to best proceed.

            1 Reply Last reply Reply Quote 0
            • First post
              Last post
            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.