abattye
commented
6 years ago Currently this is being worked around by using a interface rather than pool on the dynamic NAT statement. We are forced down this route anyway due to NAT behaviour.
Closed abattye closed 6 years ago
abattye
commented
6 years ago Currently this is being worked around by using a interface rather than pool on the dynamic NAT statement. We are forced down this route anyway due to NAT behaviour.
abattye
commented
6 years ago This behaviour also occurs with interface base nat. Current workaround is to fallback to netconf legacy where we can force removal
abattye
commented
6 years ago Short term solution is to apply VRF specific ACLs and also to enable/disable dynamic NAT via the ACL preventing issues with existing translations. This is in no way ideal and we need a proper solution in the yang-models/API
abattye
commented
6 years ago Solved by Cisco
The CLI command to remove NAT pools includes
forcedparameter to remove even if active translations exist.So far (despite it appearing the the Yang model) we can't get this to work via Yang. Leads to this workaround https://github.com/sapcc/asr1k-neutron-l3/blob/master/asr1k_neutron_l3/models/netconf_legacy/nat.py using legacy Netconf.
Need to retest and clarify with Cisco