projectcalico
diff --git a/‎calico-vpp-agent/cni/pod_interface/common.go‎
Lines changed: 5 additions & 1 deletion b/‎calico-vpp-agent/cni/pod_interface/common.go‎
Lines changed: 5 additions & 1 deletion
diff --git a/‎calico-vpp-agent/connectivity/connectivity_server.go‎
Lines changed: 17 additions & 0 deletions b/‎calico-vpp-agent/connectivity/connectivity_server.go‎
Lines changed: 17 additions & 0 deletions
diff --git a/‎calico-vpp-agent/connectivity/ipip.go‎
Lines changed: 1 addition & 1 deletion b/‎calico-vpp-agent/connectivity/ipip.go‎
Lines changed: 1 addition & 1 deletion
diff --git a/‎calico-vpp-agent/connectivity/ipsec.go‎
Lines changed: 1 addition & 1 deletion b/‎calico-vpp-agent/connectivity/ipsec.go‎
Lines changed: 1 addition & 1 deletion
diff --git a/‎calico-vpp-agent/connectivity/vxlan.go‎
Lines changed: 1 addition & 1 deletion b/‎calico-vpp-agent/connectivity/vxlan.go‎
Lines changed: 1 addition & 1 deletion
diff --git a/‎calico-vpp-agent/connectivity/wireguard.go‎
Lines changed: 1 addition & 1 deletion b/‎calico-vpp-agent/connectivity/wireguard.go‎
Lines changed: 1 addition & 1 deletion
diff --git a/‎calico-vpp-agent/policy/policy_server.go‎
Lines changed: 20 additions & 32 deletions b/‎calico-vpp-agent/policy/policy_server.go‎
Lines changed: 20 additions & 32 deletions
diff --git a/‎calico-vpp-agent/services/service_server.go‎
Lines changed: 17 additions & 9 deletions b/‎calico-vpp-agent/services/service_server.go‎
Lines changed: 17 additions & 9 deletions
diff --git a/‎vpp-manager/vpp_runner.go‎
Lines changed: 2 additions & 17 deletions b/‎vpp-manager/vpp_runner.go‎
Lines changed: 2 additions & 17 deletions
diff --git a/‎vpplink/cnat.go‎
Lines changed: 33 additions & 15 deletions b/‎vpplink/cnat.go‎
Lines changed: 33 additions & 15 deletions
@@ -105,7 +105,7 @@ func (i *PodInterfaceDriverData) DoPodIfNatConfiguration(podSpec *storage.LocalP
 		stack.Push(i.vpp.RemovePodInterface, swIfIndex)
 	}
 
-	err = i.vpp.CnatEnableFeatures(swIfIndex)
+	err = i.vpp.CnatEnableFeatures(swIfIndex, true, podSpec.GetVrfId(vpplink.IpFamilyV4), podSpec.GetVrfId(vpplink.IpFamilyV6))
 	if err != nil {
 		return errors.Wrapf(err, "error configuring nat on pod interface")
 	}
@@ -129,6 +129,10 @@ func (i *PodInterfaceDriverData) DoPodInterfaceConfiguration(podSpec *storage.Lo
 		}
 	}
 
+	err = i.vpp.EnableCnatSNATOnInterfaceVRF(swIfIndex)
+	if err != nil {
+		return errors.Wrapf(err, "error configuring cnat snat on pod VRF")
+	}
 	if !*ifSpec.IsL3 {
 		/* L2 */
 		err = i.vpp.SetPromiscOn(swIfIndex)
 
@@ -137,6 +137,21 @@ func (s *ConnectivityServer) updateAllIPConnectivity() {
 	}
 }
 
+func (s *ConnectivityServer) configureRemoteNodeSnat(node *common.LocalNodeSpec, isAdd bool) {
+	if node.IPv4Address != nil {
+		err := s.vpp.CnatAddDelSnatPrefix(common.ToMaxLenCIDR(node.IPv4Address.IP), isAdd)
+		if err != nil {
+			s.log.Errorf("error configuring snat prefix for current node (%v): %v", node.IPv4Address.IP, err)
+		}
+	}
+	if node.IPv6Address != nil {
+		err := s.vpp.CnatAddDelSnatPrefix(common.ToMaxLenCIDR(node.IPv6Address.IP), isAdd)
+		if err != nil {
+			s.log.Errorf("error configuring snat prefix for current node (%v): %v", node.IPv6Address.IP, err)
+		}
+	}
+}
+
 func (s *ConnectivityServer) ServeConnectivity(t *tomb.Tomb) error {
 	/**
 	 * There might be leftover state in VPP in case we restarted
@@ -189,6 +204,7 @@ func (s *ConnectivityServer) ServeConnectivity(t *tomb.Tomb) error {
 					if old.IPv6Address != nil {
 						delete(s.nodeByAddr, old.IPv6Address.IP.String())
 					}
+					s.configureRemoteNodeSnat(old, false /* isAdd */)
 				}
 				if new != nil {
 					if new.IPv4Address != nil {
@@ -197,6 +213,7 @@ func (s *ConnectivityServer) ServeConnectivity(t *tomb.Tomb) error {
 					if new.IPv6Address != nil {
 						s.nodeByAddr[new.IPv6Address.IP.String()] = *new
 					}
+					s.configureRemoteNodeSnat(new, true /* isAdd */)
 				}
 			case common.FelixConfChanged:
 				old, _ := evt.Old.(*felixConfig.Config)
 
@@ -127,7 +127,7 @@ func (p *IpipProvider) AddConnectivity(cn *common.NodeConnectivity) error {
 			return errors.Wrapf(err, "Error enabling gso for ipip interface")
 		}
 
-		err = p.vpp.CnatEnableFeatures(swIfIndex)
+		err = p.vpp.CnatEnableFeatures(swIfIndex, true, 0, 0)
 		if err != nil {
 			p.errorCleanup(tunnel)
 			return errors.Wrapf(err, "Error enabling nat for ipip interface")
 
@@ -197,7 +197,7 @@ func (p *IpsecProvider) createIPSECTunnel(tunnel *IpsecTunnel, psk string, stack
 		return errors.Wrapf(err, "Error enabling gso for ipip interface")
 	}
 
-	err = p.vpp.CnatEnableFeatures(swIfIndex)
+	err = p.vpp.CnatEnableFeatures(swIfIndex, true, 0, 0)
 	if err != nil {
 		return errors.Wrapf(err, "Error enabling nat for ipip interface")
 	}
 
@@ -177,7 +177,7 @@ func (p *VXLanProvider) AddConnectivity(cn *common.NodeConnectivity) error {
 			return errors.Wrapf(err, "Error enabling gso for vxlan interface")
 		}
 
-		err = p.vpp.CnatEnableFeatures(swIfIndex)
+		err = p.vpp.CnatEnableFeatures(swIfIndex, true, 0, 0)
 		if err != nil {
 			// TODO : delete tunnel
 			return errors.Wrapf(err, "Error enabling nat for vxlan interface")
 
@@ -217,7 +217,7 @@ func (p *WireguardProvider) createWireguardTunnels() error {
 				return errors.Wrapf(err, "Error enabling gso for wireguard interface")
 			}
 
-			err = p.vpp.CnatEnableFeatures(swIfIndex)
+			err = p.vpp.CnatEnableFeatures(swIfIndex, true, 0, 0)
 			if err != nil {
 				p.errorCleanup(tunnel)
 				return errors.Wrapf(err, "Error enabling nat for wireguard interface")
 
@@ -1205,21 +1205,17 @@ func (s *Server) handleWireguardEndpointRemove(msg *proto.WireguardEndpointRemov
 }
 
 func (s *Server) onNodeUpdated(old *common.LocalNodeSpec, node *common.LocalNodeSpec) (err error) {
-	// This is used by the routing server to process Wireguard key updates
-	// As a result we only send an event when a node is updated, not when it is added or deleted
-	common.SendEvent(common.CalicoVppEvent{
-		Type: common.PeerNodeStateChanged,
-		Old:  old,
-		New:  node,
-	})
 	change := common.GetIpNetChangeType(old.IPv4Address, node.IPv4Address) | common.GetIpNetChangeType(old.IPv6Address, node.IPv6Address)
 	if change&(common.ChangeDeleted|common.ChangeUpdated) != 0 && node.Name == *config.NodeName {
 		// restart if our BGP config changed
 		return NodeWatcherRestartError{}
 	}
 	if change != common.ChangeSame {
-		s.configureRemoteNodeSnat(old, false /* isAdd */)
-		s.configureRemoteNodeSnat(node, true /* isAdd */)
+		common.SendEvent(common.CalicoVppEvent{
+			Type: common.PeerNodeStateChanged,
+			Old:  old,
+			New:  node,
+		})
 	}
 
 	return nil
@@ -1232,12 +1228,21 @@ func (s *Server) onNodeAdded(node *common.LocalNodeSpec) (err error) {
 			/* We found a BGP Spec that seems valid enough */
 			s.GotOurNodeBGPchan <- node
 		}
+		ip4 := net.IP{}
+		ip6 := net.IP{}
 		if node.IPv4Address != nil {
 			s.ip4 = &node.IPv4Address.IP
+			ip4 = node.IPv4Address.IP
 		}
 		if node.IPv6Address != nil {
 			s.ip6 = &node.IPv6Address.IP
+			ip6 = node.IPv6Address.IP
+		}
+		err = s.vpp.CnatSetSnatAddresses(ip4, ip6)
+		if err != nil {
+			s.log.Errorf("Failed to configure SNAT addresses %v", err)
 		}
+
 		err = s.createAllowFromHostPolicy()
 		if err != nil {
 			return errors.Wrap(err, "Error in creating AllowFromHostPolicy")
@@ -1252,26 +1257,10 @@ func (s *Server) onNodeAdded(node *common.LocalNodeSpec) (err error) {
 		Type: common.PeerNodeStateChanged,
 		New:  node,
 	})
-	s.configureRemoteNodeSnat(node, true /* isAdd */)
 
 	return nil
 }
 
-func (s *Server) configureRemoteNodeSnat(node *common.LocalNodeSpec, isAdd bool) {
-	if node.IPv4Address != nil {
-		err := s.vpp.CnatAddDelSnatPrefix(common.ToMaxLenCIDR(node.IPv4Address.IP), isAdd)
-		if err != nil {
-			s.log.Errorf("error configuring snat prefix for current node (%v): %v", node.IPv4Address.IP, err)
-		}
-	}
-	if node.IPv6Address != nil {
-		err := s.vpp.CnatAddDelSnatPrefix(common.ToMaxLenCIDR(node.IPv6Address.IP), isAdd)
-		if err != nil {
-			s.log.Errorf("error configuring snat prefix for current node (%v): %v", node.IPv6Address.IP, err)
-		}
-	}
-}
-
 func (s *Server) onNodeDeleted(old *common.LocalNodeSpec, node *common.LocalNodeSpec) error {
 	common.SendEvent(common.CalicoVppEvent{
 		Type: common.PeerNodeStateChanged,
@@ -1282,7 +1271,6 @@ func (s *Server) onNodeDeleted(old *common.LocalNodeSpec, node *common.LocalNode
 		return NodeWatcherRestartError{}
 	}
 
-	s.configureRemoteNodeSnat(old, false /* isAdd */)
 	return nil
 }
 
@@ -1305,8 +1293,8 @@ func (s *Server) handleIpamPoolUpdate(msg *proto.IPAMPoolUpdate, pending bool) (
 			if msg.Pool.Cidr != existing.Pool.Cidr ||
 				msg.Pool.Masquerade != existing.Pool.Masquerade {
 				var err, err2 error
-				err = s.addDelSnatPrefix(&existing, false /* isAdd */)
-				err2 = s.addDelSnatPrefix(msg, true /* isAdd */)
+				err = s.addDelSnatPrefixForIPPool(&existing, false /* isAdd */)
+				err2 = s.addDelSnatPrefixForIPPool(msg, true /* isAdd */)
 				if err != nil || err2 != nil {
 					return errors.Errorf("error updating snat prefix del:%s, add:%s", err, err2)
 				}
@@ -1320,7 +1308,7 @@ func (s *Server) handleIpamPoolUpdate(msg *proto.IPAMPoolUpdate, pending bool) (
 			s.log.Infof("Adding pool: %s, nat:%t", key, msg.Pool.Masquerade)
 			s.ippoolmap[key] = *msg
 			s.log.Debugf("Pool %v Added, handler called", msg)
-			err = s.addDelSnatPrefix(msg, true /* isAdd */)
+			err = s.addDelSnatPrefixForIPPool(msg, true /* isAdd */)
 			if err != nil {
 				return errors.Wrap(err, "error handling ipam add")
 			}
@@ -1348,7 +1336,7 @@ func (s *Server) handleIpamPoolRemove(msg *proto.IPAMPoolRemove, pending bool) (
 			delete(s.ippoolmap, key)
 			s.log.Infof("Deleting pool: %s", key)
 			s.log.Debugf("Pool %s deleted, handler called", existing.Pool.Cidr)
-			err = s.addDelSnatPrefix(&existing, false /* isAdd */)
+			err = s.addDelSnatPrefixForIPPool(&existing, false /* isAdd */)
 			if err != nil {
 				return errors.Wrap(err, "error handling ipam deletion")
 			}
@@ -1386,12 +1374,12 @@ func equalPools(a *proto.IPAMPoolUpdate, b *proto.IPAMPoolUpdate) bool {
 	return true
 }
 
-// addDelSnatPrefix configures IP Pool prefixes so that we don't source-NAT the packets going
+// addDelSnatPrefixForIPPool configures IP Pool prefixes so that we don't source-NAT the packets going
 // to these addresses. All the IP Pools prefixes are configured that way so that pod <-> pod
 // communications are never source-nated in the cluster
 // Note(aloaugus) - I think the iptables dataplane behaves differently and uses the k8s level
 // pod CIDR for this rather than the individual pool prefixes
-func (s *Server) addDelSnatPrefix(pool *proto.IPAMPoolUpdate, isAdd bool) (err error) {
+func (s *Server) addDelSnatPrefixForIPPool(pool *proto.IPAMPoolUpdate, isAdd bool) (err error) {
 	_, ipNet, err := net.ParseCIDR(pool.Pool.Cidr)
 	if err != nil {
 		return errors.Wrapf(err, "Couldn't parse pool CIDR %s", pool.Pool.Cidr)
 
@@ -257,10 +257,6 @@ func serviceID(meta *metav1.ObjectMeta) string {
 }
 
 func (s *Server) configureSnat() (err error) {
-	err = s.vpp.CnatSetSnatAddresses(s.getNodeIP(false /* isv6 */), s.getNodeIP(true /* isv6 */))
-	if err != nil {
-		s.log.Errorf("Failed to configure SNAT addresses %v", err)
-	}
 	nodeIP4, nodeIP6 := common.GetBGPSpecAddresses(s.nodeBGPSpec)
 	if nodeIP6 != nil {
 		err = s.vpp.CnatAddSnatPrefix(common.FullyQualified(*nodeIP6))
@@ -280,6 +276,23 @@ func (s *Server) configureSnat() (err error) {
 			s.log.Errorf("Failed to Add Service CIDR %s %v", serviceCIDR, err)
 		}
 	}
+	err = s.vpp.SetK8sSnatPolicy()
+	if err != nil {
+		return errors.Wrap(err, "Error configuring cnat source policy")
+	}
+	for _, uplink := range common.VppManagerInfo.UplinkStatuses {
+		// register vpptap0
+		err = s.vpp.RegisterPodInterface(uplink.TapSwIfIndex)
+		if err != nil {
+			return errors.Wrap(err, "error configuring vpptap0 as pod intf")
+		}
+
+		err = s.vpp.RegisterHostInterface(uplink.TapSwIfIndex)
+		if err != nil {
+			return errors.Wrap(err, "error configuring vpptap0 as host intf")
+		}
+	}
+
 	return nil
 }
 
@@ -442,11 +455,6 @@ func (s *Server) ServeService(t *tomb.Tomb) error {
 		})
 	}
 
-	err = s.vpp.CnatPurge()
-	if err != nil {
-		return err
-	}
-
 	if *config.GetCalicoVppDebug().ServicesEnabled {
 		s.t.Go(func() error { s.serviceInformer.Run(t.Dying()); return nil })
 		s.t.Go(func() error { s.endpointInformer.Run(t.Dying()); return nil })
 
@@ -464,7 +464,7 @@ func (v *VppRunner) configureVppUplinkInterface(
 		return errors.Wrap(err, "Error disabling ipv6 RA on uplink interface")
 	}
 
-	err = v.vpp.CnatEnableFeatures(ifSpec.SwIfIndex)
+	err = v.vpp.CnatEnableFeatures(ifSpec.SwIfIndex, true, 0, 0)
 	if err != nil {
 		return errors.Wrap(err, "Error configuring NAT on uplink interface")
 	}
@@ -610,21 +610,11 @@ func (v *VppRunner) configureVppUplinkInterface(
 		log.Errorf("Error SetInterfaceRxMode on vpptap0 %v", err)
 	}
 
-	err = v.vpp.CnatEnableFeatures(tapSwIfIndex)
+	err = v.vpp.CnatEnableFeatures(tapSwIfIndex, true, 0, 0)
 	if err != nil {
 		return errors.Wrap(err, "Error configuring NAT on vpptap0")
 	}
 
-	err = v.vpp.RegisterPodInterface(tapSwIfIndex)
-	if err != nil {
-		return errors.Wrap(err, "error configuring vpptap0 as pod intf")
-	}
-
-	err = v.vpp.RegisterHostInterface(tapSwIfIndex)
-	if err != nil {
-		return errors.Wrap(err, "error configuring vpptap0 as host intf")
-	}
-
 	// Linux side tap setup
 	link, err := netlink.LinkByName(ifSpec.InterfaceName)
 	if err != nil {
@@ -663,11 +653,6 @@ func (v *VppRunner) doVppGlobalConfiguration() (err error) {
 		return errors.Wrap(err, "Error creating static VRFs in VPP")
 	}
 
-	err = v.vpp.SetK8sSnatPolicy()
-	if err != nil {
-		return errors.Wrap(err, "Error configuring cnat source policy")
-	}
-
 	err = v.vpp.ConfigureNeighborsV4(&types.NeighborConfig{
 		MaxNumber: *config.GetCalicoVppInitialConfig().IP4NeighborsMaxNumber,
 		MaxAge:    *config.GetCalicoVppInitialConfig().IP4NeighborsMaxAge,
 
@@ -59,12 +59,12 @@ func (v *VppLink) CnatTranslateAdd(tr *types.CnatTranslateEntry) (uint32, error)
 
 	response, err := client.CnatTranslationUpdate(v.GetContext(), &cnat.CnatTranslationUpdate{
 		Translation: cnat.CnatTranslation{
-			Vip:      types.ToCnatEndpoint(tr.Endpoint),
-			IPProto:  types.ToVppIPProto(tr.Proto),
-			Paths:    paths,
-			IsRealIP: BoolToU8(tr.IsRealIP),
-			Flags:    uint8(cnat.CNAT_TRANSLATION_ALLOC_PORT),
-			LbType:   cnat.CnatLbType(tr.LbType),
+			Vip:            types.ToCnatEndpoint(tr.Endpoint),
+			IPProto:        types.ToVppIPProto(tr.Proto),
+			Paths:          paths,
+			IsRealIP:       BoolToU8(tr.IsRealIP),
+			Flags:          uint8(cnat.CNAT_TRANSLATION_ALLOC_PORT | cnat.CNAT_TRANSLATION_NO_CLIENT),
+			LbType:         cnat.CnatLbType(tr.LbType),
 		},
 	})
 	if err != nil {
@@ -95,6 +95,7 @@ func (v *VppLink) CnatSetSnatAddresses(v4, v6 net.IP) error {
 		SnatIP4:   types.ToVppIP4Address(v4),
 		SnatIP6:   types.ToVppIP6Address(v6),
 		SwIfIndex: types.InvalidInterface,
+		Flags:     cnat.CNAT_TRANSLATION_NO_CLIENT,
 	})
 	if err != nil {
 		return fmt.Errorf("setting SNAT addresses failed: %w", err)
@@ -123,14 +124,18 @@ func (v *VppLink) CnatDelSnatPrefix(prefix *net.IPNet) error {
 	return v.CnatAddDelSnatPrefix(prefix, false)
 }
 
-func (v *VppLink) CnatEnableFeatures(swIfIndex uint32) (err error) {
-	err = v.EnableFeatureArc46(swIfIndex, FeatureArcCnatInput)
-	if err != nil {
-		return fmt.Errorf("enabling arc dnat input failed: %w", err)
+func (v *VppLink) CnatEnableFeatures(swIfIndex uint32, isEnable bool, vrfIdV4 uint32, vrfIdV6 uint32) error {
+	client := cnat.NewServiceClient(v.GetConnection())
+
+	request := &cnat.FeatureCnatEnableDisable{
+		SwIfIndex:     interface_types.InterfaceIndex(swIfIndex),
+		EnableDisable: isEnable,
+		TableIDIP4:    vrfIdV4,
+		TableIDIP6:    vrfIdV6,
 	}
-	err = v.EnableFeatureArc46(swIfIndex, FeatureArcCnatOutput)
+	_, err := client.FeatureCnatEnableDisable(v.GetContext(), request)
 	if err != nil {
-		return fmt.Errorf("enabling arc dnat output failed: %w", err)
+		return fmt.Errorf("FeatureEnableDisable %+v failed: %w", request, err)
 	}
 	return nil
 }
@@ -187,7 +192,7 @@ func (v *VppLink) disableCnatSNAT(swIfIndex uint32, isIp6 bool) (err error) {
 	return v.cnatSnatPolicyAddDelPodInterface(swIfIndex, false /* isAdd */, cnat.CNAT_POLICY_INCLUDE_V4)
 }
 
-func (v *VppLink) cnatSetSnatPolicy(pol cnat.CnatSnatPolicies) error {
+func (v *VppLink) cnatSetSnatPolicyForDefaultVRF(pol cnat.CnatSnatPolicies) error {
 	client := cnat.NewServiceClient(v.GetConnection())
 
 	_, err := client.CnatSetSnatPolicy(v.GetContext(), &cnat.CnatSetSnatPolicy{
@@ -200,9 +205,22 @@ func (v *VppLink) cnatSetSnatPolicy(pol cnat.CnatSnatPolicies) error {
 }
 
 func (v *VppLink) SetK8sSnatPolicy() (err error) {
-	return v.cnatSetSnatPolicy(cnat.CNAT_POLICY_K8S)
+	return v.cnatSetSnatPolicyForDefaultVRF(cnat.CNAT_POLICY_K8S)
 }
 
 func (v *VppLink) ClearSnatPolicy() (err error) {
-	return v.cnatSetSnatPolicy(cnat.CNAT_POLICY_NONE)
+	return v.cnatSetSnatPolicyForDefaultVRF(cnat.CNAT_POLICY_NONE)
+}
+
+func (v *VppLink) EnableCnatSNATOnInterfaceVRF(swifindex uint32) (err error) {
+	client := cnat.NewServiceClient(v.GetConnection())
+
+	_, err = client.DuplicateCnatSnatDefaultPolicyToVrf(v.GetContext(), &cnat.DuplicateCnatSnatDefaultPolicyToVrf{
+		SwIfIndex: interface_types.InterfaceIndex(swifindex),
+	})
+	if err != nil {
+		return fmt.Errorf("DuplicateCnatSnatDefaultPolicyToVrf for interface %d failed: %w", swifindex, err)
+	}
+	return nil
+
 }
Original file line number	Diff line number	Diff line change
`@@ -105,7 +105,7 @@ func (i PodInterfaceDriverData) DoPodIfNatConfiguration(podSpec storage.LocalP`
`105`	`105`	`stack.Push(i.vpp.RemovePodInterface, swIfIndex)`
`106`	`106`	`}`
`107`	`107`
`108`		`- err = i.vpp.CnatEnableFeatures(swIfIndex)`
	`108`	`+ err = i.vpp.CnatEnableFeatures(swIfIndex, true, podSpec.GetVrfId(vpplink.IpFamilyV4), podSpec.GetVrfId(vpplink.IpFamilyV6))`
`109`	`109`	`if err != nil {`
`110`	`110`	`return errors.Wrapf(err, "error configuring nat on pod interface")`
`111`	`111`	`}`
`@@ -129,6 +129,10 @@ func (i PodInterfaceDriverData) DoPodInterfaceConfiguration(podSpec storage.Lo`
`129`	`129`	`}`
`130`	`130`	`}`
`131`	`131`
	`132`	`+ err = i.vpp.EnableCnatSNATOnInterfaceVRF(swIfIndex)`
	`133`	`+ if err != nil {`
	`134`	`+ return errors.Wrapf(err, "error configuring cnat snat on pod VRF")`
	`135`	`+ }`
`132`	`136`	`if !*ifSpec.IsL3 {`
`133`	`137`	`/* L2 */`
`134`	`138`	`err = i.vpp.SetPromiscOn(swIfIndex)`
Original file line number	Diff line number	Diff line change
`@@ -127,7 +127,7 @@ func (p IpipProvider) AddConnectivity(cn common.NodeConnectivity) error {`
`127`	`127`	`return errors.Wrapf(err, "Error enabling gso for ipip interface")`
`128`	`128`	`}`
`129`	`129`
`130`		`- err = p.vpp.CnatEnableFeatures(swIfIndex)`
	`130`	`+ err = p.vpp.CnatEnableFeatures(swIfIndex, true, 0, 0)`
`131`	`131`	`if err != nil {`
`132`	`132`	`p.errorCleanup(tunnel)`
`133`	`133`	`return errors.Wrapf(err, "Error enabling nat for ipip interface")`
Original file line number	Diff line number	Diff line change
`@@ -197,7 +197,7 @@ func (p IpsecProvider) createIPSECTunnel(tunnel IpsecTunnel, psk string, stack`
`197`	`197`	`return errors.Wrapf(err, "Error enabling gso for ipip interface")`
`198`	`198`	`}`
`199`	`199`
`200`		`- err = p.vpp.CnatEnableFeatures(swIfIndex)`
	`200`	`+ err = p.vpp.CnatEnableFeatures(swIfIndex, true, 0, 0)`
`201`	`201`	`if err != nil {`
`202`	`202`	`return errors.Wrapf(err, "Error enabling nat for ipip interface")`
`203`	`203`	`}`
Original file line number	Diff line number	Diff line change
`@@ -177,7 +177,7 @@ func (p VXLanProvider) AddConnectivity(cn common.NodeConnectivity) error {`
`177`	`177`	`return errors.Wrapf(err, "Error enabling gso for vxlan interface")`
`178`	`178`	`}`
`179`	`179`
`180`		`- err = p.vpp.CnatEnableFeatures(swIfIndex)`
	`180`	`+ err = p.vpp.CnatEnableFeatures(swIfIndex, true, 0, 0)`
`181`	`181`	`if err != nil {`
`182`	`182`	`// TODO : delete tunnel`
`183`	`183`	`return errors.Wrapf(err, "Error enabling nat for vxlan interface")`
Original file line number	Diff line number	Diff line change
`@@ -217,7 +217,7 @@ func (p *WireguardProvider) createWireguardTunnels() error {`
`217`	`217`	`return errors.Wrapf(err, "Error enabling gso for wireguard interface")`
`218`	`218`	`}`
`219`	`219`
`220`		`- err = p.vpp.CnatEnableFeatures(swIfIndex)`
	`220`	`+ err = p.vpp.CnatEnableFeatures(swIfIndex, true, 0, 0)`
`221`	`221`	`if err != nil {`
`222`	`222`	`p.errorCleanup(tunnel)`
`223`	`223`	`return errors.Wrapf(err, "Error enabling nat for wireguard interface")`