We were testing external connectivity using floating IPs and SNAT. We assigned a floating IP for a VM running on vhost port, then we had a loopback interface as a gateway to the external network. Loopback is configured as nat inbound and one GigabitEthernet connected to external network is configured as NAT outside. Also routing was specified to allow such traffic.

With this setup we were able to ping IPs on external network, connect to the VM using ssh from external network. But we were not able to ping the VM from external network. Seems like SNAT is only allowing echo replies from external and incoming ping requests are dropped. See attached icmp packet that was dropped.

VPP version used: vpp-17.04-rc2~1_g5e189f1~b27.x86_64