go.ligato.io/vpp-agent/v3@v3.5.0/proto/ligato/vpp/nat/nat.proto (about) 1 syntax = "proto3"; 2 3 package ligato.vpp.nat; 4 5 option go_package = "go.ligato.io/vpp-agent/v3/proto/ligato/vpp/nat;vpp_nat"; 6 7 import "ligato/annotations.proto"; 8 9 // Nat44Global defines global NAT44 configuration. 10 // In VPP version 21.01 and newer the NAT44 plugin has to be explicitly enabled (by default it is 11 // disabled so that it doesn't consume any computational resources). With ligato control-plane 12 // the NAT44 plugin is enabled by submitting the NAT44Global configuration (even default values 13 // will make the plugin enabled). Without Nat44Global, all other NAT44 configuration items 14 // (DNat44, Nat44Interface and Nat44AddressPool) will be in the PENDING state. 15 message Nat44Global { 16 // Enable/disable forwarding. By default it is disabled. 17 bool forwarding = 1; 18 // Enable/disable endpoint-independent mode. 19 // In endpoint-independent (also known as "simple") mode the VPP NAT plugin holds 20 // less information for each session, but only works with outbound NAT and static mappings. 21 // In endpoint-dependent mode, which ligato selects as the default, the VPP NAT plugin uses 22 // more information to track each session, which in turn enables additional features 23 // such as out-to-in-only and twice-nat. 24 // In older versions of VPP (<= 20.09) this field is ignored because mode at which the NAT44 plugin 25 // operates is given by the VPP startup configuration file (i.e. config created before VPP even starts, 26 // therefore not managed by ligato). The endpoint-independent mode is the default and the dependent mode 27 // is turned on with this config stanza (included in vpp.conf used by ligato for older VPPs): 28 // nat { 29 // endpoint-dependent 30 // } 31 bool endpoint_independent = 5; 32 33 // Interface defines a network interface enabled for NAT. 34 message Interface { 35 // Interface name (logical). 36 string name = 1; 37 // Distinguish between inside/outside interface. 38 bool is_inside = 2; 39 // Enable/disable output feature. 40 bool output_feature = 3; 41 } 42 // List of NAT-enabled interfaces. Deprecated - use separate Nat44Interface entries instead. 43 repeated Interface nat_interfaces = 2 [deprecated=true]; 44 45 // Address defines an address to be used for source IP NAT. 46 message Address { 47 // IPv4 address. 48 string address = 1 [(ligato_options).type = IPV4]; 49 // VRF id of tenant, 0xFFFFFFFF means independent of VRF. 50 // Non-zero (and not all-ones) VRF has to be explicitly created (see api/models/vpp/l3/vrf.proto). 51 uint32 vrf_id = 2; 52 // Enable/disable twice NAT. 53 bool twice_nat = 3; 54 } 55 // Address pool used for source IP NAT. Deprecated - use separate Nat44AddressPool entries instead. 56 repeated Address address_pool = 3 [deprecated=true]; 57 58 // Virtual reassembly for IPv4. 59 VirtualReassembly virtual_reassembly = 4; 60 } 61 62 // DNat44 defines destination NAT44 configuration. 63 message DNat44 { 64 // Unique identifier for the DNAT configuration. 65 string label = 1; 66 67 // Available protocols. 68 enum Protocol { 69 TCP = 0; 70 UDP = 1; 71 // ICMP is not permitted for load balanced entries. 72 ICMP = 2; 73 }; 74 75 // StaticMapping defines a list of static mappings in DNAT. 76 message StaticMapping { 77 // Interface to use external IP from; preferred over external_ip. 78 string external_interface = 1; 79 // External address. 80 string external_ip = 2 [(ligato_options).type = IPV4]; 81 // Port (do not set for address mapping). 82 uint32 external_port = 3 [(ligato_options).int_range = {minimum: 0 maximum: 65535}]; 83 84 // LocalIP defines a local IP addresses. 85 message LocalIP { 86 // VRF (table) ID. Non-zero VRF has to be explicitly created (see api/models/vpp/l3/vrf.proto). 87 uint32 vrf_id = 1; 88 // Local IP address). 89 string local_ip = 2 [(ligato_options).type = IPV4]; 90 // Port (do not set for address mapping). 91 uint32 local_port = 3 [(ligato_options).int_range = {minimum: 0 maximum: 65535}]; 92 // Probability level for load-balancing mode. 93 uint32 probability = 4; 94 } 95 // List of local IP addresses. If there is more than one entry, load-balancing is enabled. 96 repeated LocalIP local_ips = 4; 97 98 // Protocol used for static mapping. 99 Protocol protocol = 5; 100 101 // Available twice-NAT modes. 102 enum TwiceNatMode { 103 DISABLED = 0; 104 ENABLED = 1; 105 SELF = 2; 106 }; 107 // Enable/disable (self-)twice NAT. 108 TwiceNatMode twice_nat = 6; 109 110 // IP address from Twice-NAT address pool that should be used as source IP in twice-NAT processing. 111 // This is override for default behaviour of choosing the first IP address from twice-NAT pool that 112 // has available at least one free port (NAT is tracking translation sessions and exhausts free ports 113 // for given IP address). This is needed for example in use cases when multiple twice-NAT 114 // translations need to use different IP Addresses as source IP addresses. 115 // This functionality works with VPP 20.09 and newer. It also needs to have twice_nat set to ENABLED. 116 // It doesn't work for load-balanced static mappings (=local_ips has multiple values). 117 string twice_nat_pool_ip = 8 [(ligato_options).type = IPV4]; 118 119 // Session affinity. 0 means disabled, otherwise client IP affinity sticky time in seconds. 120 uint32 session_affinity = 7; 121 } 122 // A list of static mappings in DNAT. 123 repeated StaticMapping st_mappings = 2; 124 125 // IdentityMapping defines an identity mapping in DNAT. 126 message IdentityMapping { 127 // VRF (table) ID. Non-zero VRF has to be explicitly created (see api/models/vpp/l3/vrf.proto). 128 uint32 vrf_id = 1; 129 // Name of the interface to use address from; preferred over ip_address. 130 string interface = 2; 131 // IP address. 132 string ip_address = 3 [(ligato_options).type = IPV4]; 133 // Port (do not set for address mapping). 134 uint32 port = 4 [(ligato_options).int_range = {minimum: 0 maximum: 65535}]; 135 // Protocol used for identity mapping. 136 Protocol protocol = 5; 137 138 } 139 // A list of identity mappings in DNAT. 140 repeated IdentityMapping id_mappings = 3; 141 } 142 143 // Nat44Interface defines a local network interfaces enabled for NAT44. 144 message Nat44Interface { 145 // Interface name (logical). 146 string name = 1; 147 // Enable/disable NAT on inside. 148 bool nat_inside = 2; 149 // Enable/disable NAT on outside. 150 bool nat_outside = 3; 151 // Enable/disable output feature. 152 bool output_feature = 4; 153 } 154 155 // Nat44AddressPool defines an address pool used for NAT44. 156 message Nat44AddressPool { 157 // Unique name for address pool 158 string name = 5; 159 // VRF id of tenant, 0xFFFFFFFF means independent of VRF. 160 // Non-zero (and not all-ones) VRF has to be explicitly created (see api/models/vpp/l3/vrf.proto). 161 uint32 vrf_id = 1; 162 // First IP address of the pool. 163 string first_ip = 2 [(ligato_options).type = IPV4]; 164 // Last IP address of the pool. Should be higher than first_ip or empty. 165 string last_ip = 3 [(ligato_options).type = IPV4]; 166 // Enable/disable twice NAT. 167 bool twice_nat = 4; 168 } 169 170 // VirtualReassembly defines NAT virtual reassembly settings. 171 message VirtualReassembly { 172 // Reassembly timeout. 173 uint32 timeout = 1; 174 // Maximum number of concurrent reassemblies. 175 uint32 max_reassemblies = 2; 176 // Maximum number of fragments per reassembly. 177 uint32 max_fragments = 3; 178 // If set to true fragments are dropped, translated otherwise. 179 bool drop_fragments = 4; 180 }