High Problem Description:
When configuring their respective snats in multiple vrf, configure one interface in each vrf as an out port, and found that only the first vrf configured with snat can work normally, and other vrf snat functions cannot work normally.Through trace analysis, it is found that the icmp reply packet cannot match the session when entering the nat44-out2in node.
Abnormal packet trace:
nat44 sessions:
Analysis:
It is found that the vrf where the out2in key of all sessions is located is the first vrf configured. According to normal conditions, each out2in session key should be in the vrf of each out interface.
Test topology:
Configure CMDs:
pipe create instance 1001
pipe create instance 1002
pipe create instance 1003
create host-interface name vpp0
set interface state host-vpp0 up
create sub-interfaces host-vpp0 1000
set interface state host-vpp0.1000 up
set interface l2 tag-rewrite host-vpp0.1000 push dot1q 1000
set interface ip table host-vpp0.1000 0
set interface ip address host-vpp0.1000 169.254.100.1/30
ip route add 0.0.0.0/0 table 0 via 169.254.100.2 host-vpp0.1000
ip table add 1001
create sub-interfaces host-vpp0 1001
set interface state host-vpp0.1001 up
set interface l2 tag-rewrite host-vpp0.1001 push dot1q 1001
set interface ip table host-vpp0.1001 1001
set interface ip address host-vpp0.1001 169.254.101.1/30
ip route add 192.168.101.0/24 table 1001 via 169.254.101.2 host-vpp0.1001
ip table add 1002
create sub-interfaces host-vpp0 1002
set interface state host-vpp0.1002 up
set interface l2 tag-rewrite host-vpp0.1002 push dot1q 1002
set interface ip table host-vpp0.1002 1002
set interface ip address host-vpp0.1002 169.254.102.1/30
ip route add 192.168.102.0/24 table 1002 via 169.254.102.2 host-vpp0.1002
ip table add 1003
create sub-interfaces host-vpp0 1003
set interface state host-vpp0.1003 up
set interface l2 tag-rewrite host-vpp0.1003 push dot1q 1003
set interface ip table host-vpp0.1003 1003
set interface ip address host-vpp0.1003 169.254.103.1/30
ip route add 192.168.103.0/24 table 1003 via 169.254.103.2 host-vpp0.1003
set interface state pipe1001 up
set interface state pipe1002 up
set interface state pipe1003 up
set interface state pipe1001.0 up
set interface state pipe1002.0 up
set interface state pipe1003.0 up
set interface state pipe1001.1 up
set interface state pipe1002.1 up
set interface state pipe1003.1 up
set interface ip table pipe1001.0 0
set interface ip table pipe1002.0 0
set interface ip table pipe1003.0 0
set interface ip table pipe1001.1 1001
set interface ip table pipe1002.1 1002
set interface ip table pipe1003.1 1003
set interface ip address pipe1001.0 169.254.101.5/30
set interface ip address pipe1002.0 169.254.102.5/30
set interface ip address pipe1003.0 169.254.103.5/30
set interface ip address pipe1001.1 169.254.101.6/30
set interface ip address pipe1002.1 169.254.102.6/30
set interface ip address pipe1003.1 169.254.103.6/30
ip route add 0.0.0.0/0 table 1001 via 169.254.101.5 pipe1001.1
ip route add 0.0.0.0/0 table 1002 via 169.254.102.5 pipe1002.1
ip route add 0.0.0.0/0 table 1003 via 169.254.103.5 pipe1003.1
ip route add 221.1.1.11/32 table 0 via 169.254.101.6 pipe1001.0
ip route add 221.1.1.12/32 table 0 via 169.254.102.6 pipe1002.0
ip route add 221.1.1.13/32 table 0 via 169.254.103.6 pipe1003.0
ip route add 221.1.1.111/32 table 0 via 169.254.101.6 pipe1001.0
ip route add 221.1.1.112/32 table 0 via 169.254.102.6 pipe1002.0
ip route add 221.1.1.113/32 table 0 via 169.254.103.6 pipe1003.0
set interface nat44 out pipe1001.1
set interface nat44 out pipe1002.1
set interface nat44 out pipe1003.1
set interface nat44 in host-vpp0.1001
set interface nat44 in host-vpp0.1002
set interface nat44 in host-vpp0.1003
nat44 add address 221.1.1.11 tenant-vrf 1001
nat44 add address 221.1.1.12 tenant-vrf 1002
nat44 add address 221.1.1.13 tenant-vrf 1003
