Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Static-NAT update #642

Merged
merged 2 commits into from
Nov 30, 2023
Merged

Static-NAT update #642

merged 2 commits into from
Nov 30, 2023

Conversation

Chr1st0ph3rTurn3r
Copy link
Contributor

Static-NAT update for non-svr traffic, per note from Chao

MichaelBaj
MichaelBaj requested changes Nov 29, 2023
View reviewed changes
docs/config_nat.md Outdated
@@ -106,6 +106,29 @@ exit

```

### Non-SVR Traffic

The `ingress-source-nat-pool` and the `source-nat` settings of `bidirectional-nat` are both `ingress source-nat` that are intended for SVR traffic targeted towards an inter-router peer. In this situation, the NAT will be applied on the ingress router rather than the final egress router.
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I had to read the first sentence four times and I still don't think I grok it. This statement needs to be changed for readability.
Additionally, ingress-source-nat-pool is being referenced for the first time here. Definitions would help.

Copy link

@chao-128t chao-128t Nov 29, 2023
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@MichaelBaj below is the "annotation" for the first sentence.

Depending on when and where a packet gets source NAT'd, there are two types of source NAT - ingress and egress.

The bidirectional-nat config is in the form of local-ip and remote-ip pair.

  • source-nat (local-ip -> remote-ip) is performed for packet ingressing the interface where bidirectional-nat is configured.
  • dest-nat (remote-ip -> local-ip) is performed for packet egressing the interface where bidirectional-nat is configured.

In this sense, along with ingress-source-nat-pool, the source-nat part of bidirectional-nat falls into the ingress source-nat category and will be handled accordingly.

docs/config_nat.md Outdated

The `ingress-source-nat-pool` and the `source-nat` settings of `bidirectional-nat` are both `ingress source-nat` that are intended for SVR traffic targeted towards an inter-router peer. In this situation, the NAT will be applied on the ingress router rather than the final egress router.

If you want to configure `ingress source-nat` for non-SVR traffic, for example LAN-to-LAN traffic traversing a single SSR router, you can use the configuration above. However, you must also disable `egress source-nat` at the service level by setting `service->source-nat` to `disabled` as shown below:
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

convention for referencing config path is to use a single right angle bracket between objects. e.g.
service > source-nat

@Chr1st0ph3rTurn3r Chr1st0ph3rTurn3r merged commit af477e9 into master Nov 30, 2023
1 check passed
@Chr1st0ph3rTurn3r Chr1st0ph3rTurn3r deleted the static-nat-update branch November 30, 2023 21:27
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@chao-128t chao-128t chao-128t approved these changes

@MichaelBaj MichaelBaj MichaelBaj approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@Chr1st0ph3rTurn3r @MichaelBaj @chao-128t