aboutsummaryrefslogtreecommitdiffstats
path: root/src/plugins/svs/svs.api
blob: 4bed037be90b18123c8661d352f994851ed7b67c (plain) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72

@media only all and (prefers-color-scheme: dark) {
.highlight .hll { background-color: #49483e }
.highlight .c { color: #75715e } /* Comment */
.highlight .err { color: #960050; background-color: #1e0010 } /* Error */
.highlight .k { color: #66d9ef } /* Keyword */
.highlight .l { color: #ae81ff } /* Literal */
.highlight .n { color: #f8f8f2 } /* Name */
.highlight .o { color: #f92672 } /* Operator */
.highlight .p { color: #f8f8f2 } /* Punctuation */
.highlight .ch { color: #75715e } /* Comment.Hashbang */
.highlight .cm { color: #75715e } /* Comment.Multiline */
.highlight .cp { color: #75715e } /* Comment.Preproc */
.highlight .cpf { color: #75715e } /* Comment.PreprocFile */
.highlight .c1 { color: #75715e } /* Comment.Single */
.highlight .cs { color: #75715e } /* Comment.Special */
.highlight .gd { color: #f92672 } /* Generic.Deleted */
.highlight .ge { font-style: italic } /* Generic.Emph */
.highlight .gi { color: #a6e22e } /* Generic.Inserted */
.highlight .gs { font-weight: bold } /* Generic.Strong */
.highlight .gu { color: #75715e } /* Generic.Subheading */
.highlight .kc { color: #66d9ef } /* Keyword.Constant */
.highlight .kd { color: #66d9ef } /* Keyword.Declaration */
.highlight .kn { color: #f92672 } /* Keyword.Namespace */
.highlight .kp { color: #66d9ef } /* Keyword.Pseudo */
.highlight .kr { color: #66d9ef } /* Keyword.Reserved */
.highlight .kt { color: #66d9ef } /* Keyword.Type */
.highlight .ld { color: #e6db74 } /* Literal.Date */
.highlight .m { color: #ae81ff } /* Literal.Number */
.highlight .s { color: #e6db74 } /* Literal.String */
.highlight .na { color: #a6e22e } /* Name.Attribute */
.highlight .nb { color: #f8f8f2 } /* Name.Builtin */
.highlight .nc { color: #a6e22e } /* Name.Class */
.highlight .no { color: #66d9ef } /* Name.Constant */
.highlight .nd { color: #a6e22e } /* Name.Decorator */
.highlight .ni { color: #f8f8f2 } /* Name.Entity */
.highlight .ne { color: #a6e22e } /
# Stateful NAT64: Network Address and Protocol Translation from IPv6 Clients to IPv4 Servers {#nat64_doc}

## Introduction

Stateful NAT64 in VPP allows IPv6-only clients to contact IPv4 servers using unicast UDP, TCP, or ICMP based on RFC 6146.

## Configuration

### Enable/disable NAT64 feature on the interface

> set interface nat64 in|out <intfc> [del]

in: inside/local/IPv6 network
out: outside/external/IPv4 network
intfc: interface name

### Add/delete NAT64 pool address

One or more public IPv4 addresses assigned to a NAT64 are shared among several IPv6-only clients.

> nat64 add pool address <ip4-range-start> [- <ip4-range-end>] [tenant-vrf <tenant-vrf-id>] [del]

ip4-range-start: First IPv4 address of the range 
ip4-range-end: Last IPv4 address of the range (optional, not used for single address)
tenant-vrf-id: VRF id of the tenant associated with the pool address (optional, if not set pool address is global)

### Add/delete static BIB entry

Stateful NAT64 also supports IPv4-initiated communications to a subset of the IPv6 hosts through staticaly configured bindings.

> nat64 add static bib <ip6-addr> <in-port> <ip4-addr> <out-port> tcp|udp|icmp [vfr <table-id>] [del]

ip6-addr: inside IPv6 address of the host
in-port: inside port or ICMPv6 identifier
ip4-addr: outside IPv4 address of the host
out-port: outside port or ICMPv4 identifier
table-id: VRF id of the tenant associated with the BIB entry (optional, default use global VRF)

### Set NAT64 session timeouts

Session is deleted when timer expires. If all sessions corresponding to a dynamically create BIB entry are deleted, then the BIB entry is also deleted. When packets are flowing sessiom timer is refreshed to keep the session alive.

> set nat64 timeouts udp <sec> icmp <sec> tcp-trans <sec> tcp-est <sec> tcp-incoming-syn <sec> | reset

udp: UDP session timeout value (default 300sec)
icmp: ICMP session timeout value (default 60sec)
tcp-trans: transitory TCP session timeout value (default 240sec)
tcp-est: established TCP session timeout value (default 7440sec)
tcp-incoming-syn: incoming SYN TCP session timeout value (default 6sec)
reset: reset timers to default values

### Set NAT64 prefix 

Stateful NAT64 support the algorithm for generating IPv6 representations of IPv4 addresses defined in RFC 6052. If no prefix is configured, Well-Known Prefix (64:ff9b::/96) is used. 

> nat64 add prefix <ip6-prefix>/<plen> [tenant-vrf <vrf-id>] [del]

ip6-prefix: IPv6 prefix
plen: prefix length (valid values: 32, 40, 48, 56, 64, or 96)
tenant-vrf: VRF id of the tenant associated with the prefix

### Show commands

> show nat64 pool
> show nat64 interfaces
> show nat64 bib tcp|udp|icmp
> show nat64 session table tcp|udp|icmp
> show nat64 timeouts
> show nat64 prefix

## Notes

Multi thread is not supported yet (CLI/API commands are disabled when VPP runs with multiple threads).


utoreply define svs_table_add_del
{
  u32 client_index;
  u32 context;
  u8 is_add;
  vl_api_address_family_t af;
  u32 table_id;
};

/**
 * @brief Add a route into the source address matching table
 * @param client_index - opaque cookie to identify the sender
 * @param context - sender context, to match reply w/ request
 * @param prefix - prefix
 * @param table_id - The SVS table (from svs_table_add_del)
 * @param source_table_id - This is the table ID that will be used for
 *                          the subsequent lookup of the packet. The V in SVS.
 *                          this table must exist (from e.g. ip_table_add_del)
 */
autoreply define svs_route_add_del
{
  u32 client_index;
  u32 context;
  u8 is_add;
  vl_api_prefix_t prefix;
  u32 table_id;
  u32 source_table_id;
};

/**
 * @brief Enable SVS on a given interface by using the given table to match
 *        RX'd packets' source addresses
 * @param client_index - opaque cookie to identify the sender
 * @param context - sender context, to match reply w/ request
 * @param af - Address Family
 * @param table_id - The SVS table (from svs_table_add_del)
 * @param sw_if_index - Interface
 */
autoreply define svs_enable_disable
{
  u32 client_index;
  u32 context;
  u8 is_enable;
  vl_api_address_family_t af;
  u32 table_id;
  u32 sw_if_index;
};

/**
 * @brief Dump the SVS table mappings of table_id to interface
 *        To see the routes added to a given table use ip_fib_dump()
 */
define svs_dump
{
  u32 client_index;
  u32 context;
};

/**
 * @brief SVS table-id to interface mapping
 * @param context - sender context, to match reply w/ request
 * @param af - Address Family
 * @param table_id - The SVS table (from svs_table_add_del)
 * @param sw_if_index - Interface
 */
define svs_details
{
  u32 context;
  u32 table_id;
  u32 sw_if_index;
  vl_api_address_family_t af;
};