Loading...

Type: Bug
Resolution: Done
Priority: High
Fix Version/s: None
Affects Version/s: 20.09
Component/s: nat
Labels:
None

Version: v20.05-14~gd4b5fdde4

Reproduce:

1.create a vrf

ip table add 1001

2.add nat44 out address for vrf 1001

nat44 add address 221.1.1.11 tenant-vrf 1001

3.add the first interface to the vrf

create sub-interfaces TenGigabitEthernet1a/0/1 1001
set interface state TenGigabitEthernet1a/0/1.1001 up
set interface l2 tag-rewrite TenGigabitEthernet1a/0/1.1001 push dot1q 1001
set interface ip table TenGigabitEthernet1a/0/1.1001 1001
set interface ip address TenGigabitEthernet1a/0/1.1001 169.254.101.1/30
ip route add 192.168.101.0/24 table 1001 via 169.254.101.2 TenGigabitEthernet1a/0/1.1001

3.add the second interface to the vrf

pipe create instance 1001
set interface state pipe1001 up
set interface state pipe1001.1 up
set interface ip table pipe1001.1 1001
set interface ip address pipe1001.1 169.254.101.6/30

4.current ip4 route table for vrf 1001:

ipv4-VRF:1001, fib_index:5, flow hash:[src dst sport dport proto ] epoch:0 flags:none locks:[CLI:2, nat-low:1, ]
0.0.0.0/0
unicast-ip4-chain
[@0]: dpo-load-balance: [proto:ip4 index:46 buckets:1 uRPF:52 to:[0:0]]
[0] [@0]: dpo-drop ip4
0.0.0.0/32
unicast-ip4-chain
[@0]: dpo-load-balance: [proto:ip4 index:47 buckets:1 uRPF:53 to:[0:0]]
[0] [@0]: dpo-drop ip4
169.254.101.4/32
unicast-ip4-chain
[@0]: dpo-load-balance: [proto:ip4 index:54 buckets:1 uRPF:61 to:[0:0]]
[0] [@0]: dpo-drop ip4
169.254.101.4/30
unicast-ip4-chain
[@0]: dpo-load-balance: [proto:ip4 index:55 buckets:1 uRPF:62 to:[0:0]]
[0] [@5]: ipv4 via 0.0.0.0 pipe1001.1: mtu:9000 0000000000000000000000e90800
169.254.101.6/32
unicast-ip4-chain
[@0]: dpo-load-balance: [proto:ip4 index:52 buckets:1 uRPF:63 to:[0:0]]
[0] [@2]: dpo-receive: 169.254.101.6 on pipe1001.1
169.254.101.7/32
unicast-ip4-chain
[@0]: dpo-load-balance: [proto:ip4 index:53 buckets:1 uRPF:57 to:[0:0]]
[0] [@0]: dpo-drop ip4
192.168.101.0/24
unicast-ip4-chain
[@0]: dpo-load-balance: [proto:ip4 index:51 buckets:1 uRPF:58 to:[0:0]]
[0] [@0]: dpo-drop ip4
224.0.0.0/4
unicast-ip4-chain
[@0]: dpo-load-balance: [proto:ip4 index:49 buckets:1 uRPF:55 to:[0:0]]
[0] [@0]: dpo-drop ip4
240.0.0.0/4
unicast-ip4-chain
[@0]: dpo-load-balance: [proto:ip4 index:48 buckets:1 uRPF:54 to:[0:0]]
[0] [@0]: dpo-drop ip4
255.255.255.255/32
unicast-ip4-chain
[@0]: dpo-load-balance: [proto:ip4 index:50 buckets:1 uRPF:56 to:[0:0]]
[0] [@0]: dpo-drop ip4

5.set pipe1001.1 nat44 out interface for vrf1001

set interface nat44 out pipe1001.1

6.show ip route for vrf 1001

pv4-VRF:1001, fib_index:4, flow hash:[src dst sport dport proto ] epoch:0 flags:none locks:[CLI:3, nat-low:1, ]
0.0.0.0/0
unicast-ip4-chain
[@0]: dpo-load-balance: [proto:ip4 index:41 buckets:1 uRPF:44 to:[0:0]]
[0] [@0]: dpo-drop ip4
0.0.0.0/32
unicast-ip4-chain
[@0]: dpo-load-balance: [proto:ip4 index:42 buckets:1 uRPF:48 to:[0:0]]
[0] [@0]: dpo-drop ip4
169.254.101.0/32
unicast-ip4-chain
[@0]: dpo-load-balance: [proto:ip4 index:47 buckets:1 uRPF:54 to:[0:0]]
[0] [@0]: dpo-drop ip4
169.254.101.0/30
unicast-ip4-chain
[@0]: dpo-load-balance: [proto:ip4 index:46 buckets:1 uRPF:53 to:[0:0]]
[0] [@4]: ipv4-glean: TenGigabitEthernet1a/0/1.1001: mtu:9000 ffffffffffff48dc2d00d1e8810003e90806
169.254.101.1/32
unicast-ip4-chain
[@0]: dpo-load-balance: [proto:ip4 index:49 buckets:1 uRPF:58 to:[0:0]]
[0] [@2]: dpo-receive: 169.254.101.1 on TenGigabitEthernet1a/0/1.1001
169.254.101.3/32
unicast-ip4-chain
[@0]: dpo-load-balance: [proto:ip4 index:48 buckets:1 uRPF:56 to:[0:0]]
[0] [@0]: dpo-drop ip4
169.254.101.4/32
unicast-ip4-chain
[@0]: dpo-load-balance: [proto:ip4 index:52 buckets:1 uRPF:61 to:[0:0]]
[0] [@0]: dpo-drop ip4
169.254.101.4/30
unicast-ip4-chain
[@0]: dpo-load-balance: [proto:ip4 index:51 buckets:1 uRPF:60 to:[0:0]]
[0] [@5]: ipv4 via 0.0.0.0 pipe1001.1: mtu:9000 0000000000000000000000e90800
169.254.101.6/32
unicast-ip4-chain
[@0]: dpo-load-balance: [proto:ip4 index:54 buckets:1 uRPF:65 to:[0:0]]
[0] [@2]: dpo-receive: 169.254.101.6 on pipe1001.1
169.254.101.7/32
unicast-ip4-chain
[@0]: dpo-load-balance: [proto:ip4 index:53 buckets:1 uRPF:63 to:[0:0]]
[0] [@0]: dpo-drop ip4
192.168.101.0/24
unicast-ip4-chain
[@0]: dpo-load-balance: [proto:ip4 index:59 buckets:1 uRPF:70 to:[0:0]]
[0] [@2]: dpo-receive: 211.1.1.219 on pipe1001.1
221.1.1.11/32
unicast-ip4-chain
[@0]: dpo-load-balance: [proto:ip4 index:57 buckets:1 uRPF:68 to:[0:0]]
[0] [@2]: dpo-receive: 221.1.1.11 on pipe1001.1
224.0.0.0/4
unicast-ip4-chain
[@0]: dpo-load-balance: [proto:ip4 index:44 buckets:1 uRPF:50 to:[0:0]]
[0] [@0]: dpo-drop ip4
240.0.0.0/4
unicast-ip4-chain
[@0]: dpo-load-balance: [proto:ip4 index:43 buckets:1 uRPF:49 to:[0:0]]
[0] [@0]: dpo-drop ip4
255.255.255.255/32
unicast-ip4-chain
[@0]: dpo-load-balance: [proto:ip4 index:45 buckets:1 uRPF:51 to:[0:0]]
[0] [@0]: dpo-drop ip4

7.set the second nat44 out interface for vrf 1001

set interface nat44 out TenGigabitEthernet1a/0/1.1001

8.show ip route for vrf1001

pv4-VRF:1001, fib_index:4, flow hash:[src dst sport dport proto ] epoch:0 flags:none locks:[CLI:3, nat-low:1, ]
0.0.0.0/0
unicast-ip4-chain
[@0]: dpo-load-balance: [proto:ip4 index:41 buckets:1 uRPF:44 to:[0:0]]
[0] [@0]: dpo-drop ip4
0.0.0.0/32
unicast-ip4-chain
[@0]: dpo-load-balance: [proto:ip4 index:42 buckets:1 uRPF:48 to:[0:0]]
[0] [@0]: dpo-drop ip4
169.254.101.0/32
unicast-ip4-chain
[@0]: dpo-load-balance: [proto:ip4 index:47 buckets:1 uRPF:54 to:[0:0]]
[0] [@0]: dpo-drop ip4
169.254.101.0/30
unicast-ip4-chain
[@0]: dpo-load-balance: [proto:ip4 index:46 buckets:1 uRPF:53 to:[0:0]]
[0] [@4]: ipv4-glean: TenGigabitEthernet1a/0/1.1001: mtu:9000 ffffffffffff48dc2d00d1e8810003e90806
169.254.101.1/32
unicast-ip4-chain
[@0]: dpo-load-balance: [proto:ip4 index:49 buckets:1 uRPF:58 to:[0:0]]
[0] [@2]: dpo-receive: 169.254.101.1 on TenGigabitEthernet1a/0/1.1001
169.254.101.3/32
unicast-ip4-chain
[@0]: dpo-load-balance: [proto:ip4 index:48 buckets:1 uRPF:56 to:[0:0]]
[0] [@0]: dpo-drop ip4
169.254.101.4/32
unicast-ip4-chain
[@0]: dpo-load-balance: [proto:ip4 index:52 buckets:1 uRPF:61 to:[0:0]]
[0] [@0]: dpo-drop ip4
169.254.101.4/30
unicast-ip4-chain
[@0]: dpo-load-balance: [proto:ip4 index:51 buckets:1 uRPF:60 to:[0:0]]
[0] [@5]: ipv4 via 0.0.0.0 pipe1001.1: mtu:9000 0000000000000000000000e90800
169.254.101.6/32
unicast-ip4-chain
[@0]: dpo-load-balance: [proto:ip4 index:54 buckets:1 uRPF:65 to:[0:0]]
[0] [@2]: dpo-receive: 169.254.101.6 on pipe1001.1
169.254.101.7/32
unicast-ip4-chain
[@0]: dpo-load-balance: [proto:ip4 index:53 buckets:1 uRPF:63 to:[0:0]]
[0] [@0]: dpo-drop ip4
192.168.101.0/24
unicast-ip4-chain
[@0]: dpo-load-balance: [proto:ip4 index:59 buckets:1 uRPF:70 to:[0:0]]
[0] [@2]: dpo-receive: 211.1.1.219 on pipe1001.1
221.1.1.11/32
unicast-ip4-chain
[@0]: dpo-load-balance: [proto:ip4 index:57 buckets:1 uRPF:68 to:[0:0]]
[0] [@2]: dpo-receive: 221.1.1.11 on pipe1001.1
224.0.0.0/4
unicast-ip4-chain
[@0]: dpo-load-balance: [proto:ip4 index:44 buckets:1 uRPF:50 to:[0:0]]
[0] [@0]: dpo-drop ip4
240.0.0.0/4
unicast-ip4-chain
[@0]: dpo-load-balance: [proto:ip4 index:43 buckets:1 uRPF:49 to:[0:0]]
[0] [@0]: dpo-drop ip4
255.255.255.255/32
unicast-ip4-chain
[@0]: dpo-load-balance: [proto:ip4 index:45 buckets:1 uRPF:51 to:[0:0]]
[0] [@0]: dpo-drop ip4

9.remove the unnecessary out interface

set interface nat44 out TenGigabitEthernet1a/0/1.1001 del

10.now the rotue for nat44 out address 221.1.1.11 is removed

ipv4-VRF:1001, fib_index:1, flow hash:[src dst sport dport proto ] epoch:0 flags:none locks:[CLI:3, nat-low:1, ]
0.0.0.0/0
unicast-ip4-chain
[@0]: dpo-load-balance: [proto:ip4 index:9 buckets:1 uRPF:7 to:[0:0]]
[0] [@0]: dpo-drop ip4
0.0.0.0/32
unicast-ip4-chain
[@0]: dpo-load-balance: [proto:ip4 index:10 buckets:1 uRPF:8 to:[0:0]]
[0] [@0]: dpo-drop ip4
169.254.101.4/32
unicast-ip4-chain
[@0]: dpo-load-balance: [proto:ip4 index:16 buckets:1 uRPF:15 to:[0:0]]
[0] [@0]: dpo-drop ip4
169.254.101.4/30
unicast-ip4-chain
[@0]: dpo-load-balance: [proto:ip4 index:15 buckets:1 uRPF:14 to:[0:0]]
[0] [@5]: ipv4 via 0.0.0.0 pipe1001.1: mtu:9000 0000000000000000000000e90800
169.254.101.6/32
unicast-ip4-chain
[@0]: dpo-load-balance: [proto:ip4 index:18 buckets:1 uRPF:19 to:[0:0]]
[0] [@2]: dpo-receive: 169.254.101.6 on pipe1001.1
169.254.101.7/32
unicast-ip4-chain
[@0]: dpo-load-balance: [proto:ip4 index:17 buckets:1 uRPF:17 to:[0:0]]
[0] [@0]: dpo-drop ip4
192.168.101.0/24
unicast-ip4-chain
[@0]: dpo-load-balance: [proto:ip4 index:14 buckets:1 uRPF:12 to:[0:0]]
[0] [@0]: dpo-drop ip4
224.0.0.0/4
unicast-ip4-chain
[@0]: dpo-load-balance: [proto:ip4 index:12 buckets:1 uRPF:10 to:[0:0]]
[0] [@0]: dpo-drop ip4
240.0.0.0/4
unicast-ip4-chain
[@0]: dpo-load-balance: [proto:ip4 index:11 buckets:1 uRPF:9 to:[0:0]]
[0] [@0]: dpo-drop ip4
255.255.255.255/32
unicast-ip4-chain
[@0]: dpo-load-balance: [proto:ip4 index:13 buckets:1 uRPF:11 to:[0:0]]
[0] [@0]: dpo-drop ip4

Details

Description

Attachments

Activity

People

Dates