diff options
| author | Viacheslav Hletenko <v.gletenko@vyos.io> | 2024-04-07 14:15:36 +0000 |
|---|---|---|
| committer | Viacheslav Hletenko <v.gletenko@vyos.io> | 2024-04-09 15:36:43 +0000 |
| commit | 6f9e6159be265ca91f873576d15ccbbc061fed8d (patch) | |
| tree | 7d315599a2ed0f9191822ab43c486a0c351d965e /src/migration-scripts/reverse-proxy | |
| parent | 41abc307f4236bb68b1b6a2ba0f2a8eec6b3b314 (diff) | |
| download | vyos-1x-6f9e6159be265ca91f873576d15ccbbc061fed8d.tar.gz vyos-1x-6f9e6159be265ca91f873576d15ccbbc061fed8d.zip | |
T5169: Add PoC for generating CGNAT rules rfc6888
Add PoC for generating CGNAT rules
https://datatracker.ietf.org/doc/html/rfc6888
Not all requirements are implemented, but some of them.
Implemented:
REQ-2
```
A CGN MUST have a default "IP address pooling" behavior of "Paired"
CGN must use the same external IP
address mapping for all sessions associated with the same internal
IP address, be they TCP, UDP, ICMP, something else, or a mix of
different protocols.
```
REQ-3
```
The CGN function SHOULD NOT have any limitations on the size
or the contiguity of the external address pool
```
REQ-4
```
A CGN MUST support limiting the number of external ports (or,
equivalently, "identifiers" for ICMP) that are assigned per
subscriber
```
CLI:
```
set nat cgnat pool external ext1 external-port-range '1024-65535'
set nat cgnat pool external ext1 per-user-limit port '1000'
set nat cgnat pool external ext1 range 192.0.2.222/32
set nat cgnat pool internal int1 range '100.64.0.0/28'
set nat cgnat rule 10 source pool 'int1'
set nat cgnat rule 10 translation pool 'ext1'
```
Diffstat (limited to 'src/migration-scripts/reverse-proxy')
0 files changed, 0 insertions, 0 deletions