Usage

In this section, it is assumed that Virtual Accelerator has been properly installed and configured. See Getting Started for more details.

# modprobe nf_conntrack_netlink

Example

1. Set up a NAT rule under Linux:

   # echo 1 > /proc/sys/net/ipv4/conf/all/forwarding
   # echo 1 > /proc/sys/net/netfilter/nf_conntrack_tcp_be_liberal
   # ip link set eth1 up
   # ip link set eth2 up
   # ip ad ad 2.0.0.1/24 dev eth1
   # ip ad ad 2.1.0.1/24 dev eth2
   # ip route add 100.2.2.1/32 via 2.0.0.5
   # ip route add 110.2.2.1/32 via 2.1.0.5
   # iptables -P INPUT ACCEPT
   # iptables -P FORWARD ACCEPT
   # iptables -P OUTPUT ACCEPT
   # iptables -t nat -F
   # iptables -t nat -A POSTROUTING -s 100.0.0.0/8 -o eth2 -j SNAT --to-source 2.1.0.1
   # iptables -vL -t nat
     Chain PREROUTING (policy ACCEPT 0 packets, 0 bytes)
      pkts bytes target     prot opt in     out     source       destination
   
     Chain INPUT (policy ACCEPT 0 packets, 0 bytes)
      pkts bytes target     prot opt in     out     source       destination
   
     Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes)
      pkts bytes target     prot opt in     out     source       destination
   
     Chain POSTROUTING (policy ACCEPT 0 packets, 0 bytes)
      pkts bytes target     prot opt in     out     source       destination
         0     0 SNAT       all  --  any    eth2    100.0.0.0/8  anywhere     to:2.1.0.1
   

   Note

   Address pool and port range are also supported, see below:

   # iptables -t nat -A POSTROUTING -p tcp -o eth2 -j SNAT --to-source 2.0.0.1-2.0.0.50:1024-2048
   

2. Launch the fp-cli module and check fast path statistics:

   # fp-cli
   

   <fp-0> nf4-rules nat
   Chain PREROUTING (policy ACCEPT 0 packets 0 bytes)
       pkts      bytes target    prot opt  in     out    source       destination
   
   Chain INPUT (policy ACCEPT 0 packets 0 bytes)
       pkts      bytes target    prot opt  in     out    source       destination
   
   Chain OUTPUT (policy ACCEPT 0 packets 0 bytes)
       pkts      bytes target    prot opt  in     out    source       destination
   
   Chain POSTROUTING (policy ACCEPT 0 packets 0 bytes)
       pkts      bytes target    prot opt  in     out    source       destination
          0          0 SNAT      all  --   any    eth2   100.0.0.0/8  anywhere
   

The NAT rule is correctly implemented on the fast path.

NAT management

Displaying the NAT status in the fast path

Use the nf4-hook command.

Example

<fp-0> nf4-hook priority
FP_NF_IP_PRE_ROUTING:
        ct nat
FP_NF_IP_LOCAL_IN:
        nat
FP_NF_IP_FORWARD:

FP_NF_IP_LOCAL_OUT:
        ct nat
FP_NF_IP_POST_ROUTING:
        nat

Enabling or disabling the NAT in the fast path

Use the nf4-hook-set command.

Example

<fp-0> nf4-hook-set nat all_hooks on
Set nat pre_routing: on
Set nat local_in: on
Set nat local_out: on
Set nat post_routing: on
<fp-0> nf4-hook-set ct all_hooks on
Set ct pre_routing: on
Set ct local_out: on