summaryrefslogtreecommitdiff
path: root/interface-definitions
diff options
context:
space:
mode:
authorViacheslav Hletenko <v.gletenko@vyos.io>2024-04-07 14:15:36 +0000
committerViacheslav Hletenko <v.gletenko@vyos.io>2024-04-09 15:36:43 +0000
commit6f9e6159be265ca91f873576d15ccbbc061fed8d (patch)
tree7d315599a2ed0f9191822ab43c486a0c351d965e /interface-definitions
parent41abc307f4236bb68b1b6a2ba0f2a8eec6b3b314 (diff)
downloadvyos-1x-6f9e6159be265ca91f873576d15ccbbc061fed8d.tar.gz
vyos-1x-6f9e6159be265ca91f873576d15ccbbc061fed8d.zip
T5169: Add PoC for generating CGNAT rules rfc6888
Add PoC for generating CGNAT rules https://datatracker.ietf.org/doc/html/rfc6888 Not all requirements are implemented, but some of them. Implemented: REQ-2 ``` A CGN MUST have a default "IP address pooling" behavior of "Paired" CGN must use the same external IP address mapping for all sessions associated with the same internal IP address, be they TCP, UDP, ICMP, something else, or a mix of different protocols. ``` REQ-3 ``` The CGN function SHOULD NOT have any limitations on the size or the contiguity of the external address pool ``` REQ-4 ``` A CGN MUST support limiting the number of external ports (or, equivalently, "identifiers" for ICMP) that are assigned per subscriber ``` CLI: ``` set nat cgnat pool external ext1 external-port-range '1024-65535' set nat cgnat pool external ext1 per-user-limit port '1000' set nat cgnat pool external ext1 range 192.0.2.222/32 set nat cgnat pool internal int1 range '100.64.0.0/28' set nat cgnat rule 10 source pool 'int1' set nat cgnat rule 10 translation pool 'ext1' ```
Diffstat (limited to 'interface-definitions')
-rw-r--r--interface-definitions/nat_cgnat.xml.in197
1 files changed, 197 insertions, 0 deletions
diff --git a/interface-definitions/nat_cgnat.xml.in b/interface-definitions/nat_cgnat.xml.in
new file mode 100644
index 000000000..caa26b4d9
--- /dev/null
+++ b/interface-definitions/nat_cgnat.xml.in
@@ -0,0 +1,197 @@
+<?xml version="1.0"?>
+<interfaceDefinition>
+ <node name="nat">
+ <children>
+ <node name="cgnat" owner="${vyos_conf_scripts_dir}/nat_cgnat.py">
+ <properties>
+ <help>Carrier-grade NAT (CGNAT) parameters</help>
+ <priority>221</priority>
+ </properties>
+ <children>
+ <node name="pool">
+ <properties>
+ <help>External and internal pool parameters</help>
+ </properties>
+ <children>
+ <tagNode name="external">
+ <properties>
+ <help>External pool name</help>
+ <valueHelp>
+ <format>txt</format>
+ <description>External pool name</description>
+ </valueHelp>
+ <constraint>
+ #include <include/constraint/alpha-numeric-hyphen-underscore-dot.xml.i>
+ </constraint>
+ <constraintErrorMessage>Name of pool can only contain alpha-numeric letters, hyphen and underscores</constraintErrorMessage>
+ </properties>
+ <children>
+ <leafNode name="external-port-range">
+ <properties>
+ <help>Port range</help>
+ <valueHelp>
+ <format>range</format>
+ <description>Numbered port range (e.g., 1001-1005)</description>
+ </valueHelp>
+ <constraint>
+ <validator name="port-range"/>
+ </constraint>
+ </properties>
+ <defaultValue>1024-65535</defaultValue>
+ </leafNode>
+ <node name="per-user-limit">
+ <properties>
+ <help>Per user limits for the pool</help>
+ </properties>
+ <children>
+ <leafNode name="port">
+ <properties>
+ <help>Ports per user</help>
+ <valueHelp>
+ <format>u32:1-65535</format>
+ <description>Numeric IP port</description>
+ </valueHelp>
+ <constraint>
+ <validator name="numeric" argument="--range 1-65535"/>
+ </constraint>
+ </properties>
+ <defaultValue>2000</defaultValue>
+ </leafNode>
+ </children>
+ </node>
+ <tagNode name="range">
+ <properties>
+ <help>Range of IP addresses</help>
+ <valueHelp>
+ <format>ipv4net</format>
+ <description>IPv4 prefix</description>
+ </valueHelp>
+ <valueHelp>
+ <format>ipv4range</format>
+ <description>IPv4 address range</description>
+ </valueHelp>
+ <constraint>
+ <validator name="ipv4-prefix"/>
+ <validator name="ipv4-host"/>
+ <validator name="ipv4-range"/>
+ </constraint>
+ </properties>
+ <children>
+ <leafNode name="seq">
+ <properties>
+ <help>Sequence</help>
+ <valueHelp>
+ <format>u32:1-999999</format>
+ <description>Sequence number</description>
+ </valueHelp>
+ <constraint>
+ <validator name="numeric" argument="--range 1-999999"/>
+ </constraint>
+ <constraintErrorMessage>Sequence number must be between 1 and 999999</constraintErrorMessage>
+ </properties>
+ </leafNode>
+ </children>
+ </tagNode>
+ </children>
+ </tagNode>
+ <tagNode name="internal">
+ <properties>
+ <help>Internal pool name</help>
+ <valueHelp>
+ <format>txt</format>
+ <description>Internal pool name</description>
+ </valueHelp>
+ <constraint>
+ #include <include/constraint/alpha-numeric-hyphen-underscore-dot.xml.i>
+ </constraint>
+ <constraintErrorMessage>Name of pool can only contain alpha-numeric letters, hyphen and underscores</constraintErrorMessage>
+ </properties>
+ <children>
+ <leafNode name="range">
+ <properties>
+ <help>Range of IP addresses</help>
+ <valueHelp>
+ <format>ipv4net</format>
+ <description>IPv4 prefix</description>
+ </valueHelp>
+ <valueHelp>
+ <format>ipv4range</format>
+ <description>IPv4 address range</description>
+ </valueHelp>
+ <constraint>
+ <validator name="ipv4-prefix"/>
+ <validator name="ipv4-host"/>
+ <validator name="ipv4-range"/>
+ </constraint>
+ </properties>
+ </leafNode>
+ </children>
+ </tagNode>
+ </children>
+ </node>
+ <tagNode name="rule">
+ <properties>
+ <help>Rule</help>
+ <valueHelp>
+ <format>u32:1-999999</format>
+ <description>Number for this CGNAT rule</description>
+ </valueHelp>
+ <constraint>
+ <validator name="numeric" argument="--range 1-999999"/>
+ </constraint>
+ <constraintErrorMessage>Rule number must be between 1 and 999999</constraintErrorMessage>
+ </properties>
+ <children>
+ <node name="source">
+ <properties>
+ <help>Source parameters</help>
+ </properties>
+ <children>
+ <leafNode name="pool">
+ <properties>
+ <help>Source internal pool</help>
+ <completionHelp>
+ <path>nat cgnat pool internal</path>
+ </completionHelp>
+ <valueHelp>
+ <format>txt</format>
+ <description>Source internal pool name</description>
+ </valueHelp>
+ <constraint>
+ #include <include/constraint/alpha-numeric-hyphen-underscore-dot.xml.i>
+ </constraint>
+ <constraintErrorMessage>Name of pool can only contain alpha-numeric letters, hyphen and underscores</constraintErrorMessage>
+ </properties>
+ </leafNode>
+ </children>
+ </node>
+ <node name="translation">
+ <properties>
+ <help>Translation parameters</help>
+ </properties>
+ <children>
+ <leafNode name="pool">
+ <properties>
+ <help>Translation external pool</help>
+ <completionHelp>
+ <path>nat cgnat pool external</path>
+ </completionHelp>
+ <valueHelp>
+ <format>txt</format>
+ <description>Translation external pool name</description>
+ </valueHelp>
+ <constraint>
+ #include <include/constraint/alpha-numeric-hyphen-underscore-dot.xml.i>
+ </constraint>
+ <constraintErrorMessage>Name of pool can only contain alpha-numeric letters, hyphen and underscores</constraintErrorMessage>
+ </properties>
+ </leafNode>
+ </children>
+ </node>
+ </children>
+ </tagNode>
+ </children>
+ </node>
+ </children>
+ </node>
+</interfaceDefinition>
generated by cgit v1.2.3 (git 2.39.1) at 2024-11-05 09:23:22 +0000