[opencontrail-dev] SNAT issue

Jean-Philippe Braun Mon, 05 Oct 2015 07:30:18 -0700

Hello,

On a devstack with contrail master (build 09/28/2015) the SNAT is not working 
properly.


The setup has only one node with a public network on vgw
(172.16.1.0/24). A VN (10.0.0.0/24) with a VM in it is connected to a router 
which
gateway points to the public network.

The SNAT namespace is created properly:

2d [cloud@juno-28092015:~] $ ip netns
vrouter-bb3b015d-8586-4c2a-ba3c-e7f5009a5871
2d [cloud@juno-28092015:~] $ sudo ip netns exec 
vrouter-bb3b015d-8586-4c2a-ba3c-e7f5009a5871 ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group 
default 
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host 
       valid_lft forever preferred_lft forever
2: int-725bac88-6: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast 
state UP group default qlen 1000
    link/ether 02:c2:58:80:45:d6 brd ff:ff:ff:ff:ff:ff
    inet 100.64.0.4/29 brd 100.64.0.7 scope global int-725bac88-6
       valid_lft forever preferred_lft forever
3: gw-0f588355-bd: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast 
state UP group default qlen 1000
    link/ether 02:29:c9:41:13:a1 brd ff:ff:ff:ff:ff:ff
    inet 172.16.1.3/24 brd 172.16.1.255 scope global gw-0f588355-bd
       valid_lft forever preferred_lft forever
2d [cloud@juno-28092015:~] 1 $ sudo ip netns exec 
vrouter-bb3b015d-8586-4c2a-ba3c-e7f5009a5871 iptables -nvL -t nat
Chain PREROUTING (policy ACCEPT 12 packets, 1008 bytes)
 pkts bytes target     prot opt in     out     source               destination 
        

Chain INPUT (policy ACCEPT 2 packets, 168 bytes)
 pkts bytes target     prot opt in     out     source               destination 
        

Chain OUTPUT (policy ACCEPT 3 packets, 236 bytes)
 pkts bytes target     prot opt in     out     source               destination 
        

Chain POSTROUTING (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination 
        
   13  1076 MASQUERADE  all  --  *      gw-0f588355-bd  0.0.0.0/0            
0.0.0.0/0           

When I run a ping from the VM (10.0.0.4) to the vhost0 IP (192.168.60.2) I can 
see it coming to the int iface:

# tcpdump -enli int-725bac88-6:
listening on int-725bac88-6:, link-type EN10MB (Ethernet), capture size 65535 
bytes
14:17:53.311569 00:00:5e:00:01:00 > 02:c2:58:80:45:d6, ethertype IPv4 (0x0800), 
length 98: 10.0.0.4 > 192.168.60.2: ICMP echo request, id 27905, seq 3857, 
length 6

But on the gw interface the MAC adresses are not resolved:

# tcpdump -enli gw-0f588355-bd:
14:18:31.348084 02:29:c9:41:13:a1 > ff:ff:ff:ff:ff:ff, ethertype ARP (0x0806), 
length 42: Request who-has 192.168.60.2 tell 172.16.1.3, length 28
14:18:31.351022 02:29:c9:41:13:a1 > ff:ff:ff:ff:ff:ff, ethertype ARP (0x0806), 
length 42: Request who-has 10.0.0.4 tell 172.16.1.3, length 28

Obviously nothing is coming up on the vgw interface.

Even if I populate the ARP table manually I can see the echo request going 
through gw-0f588355-bd but nothing on vgw nor vhost0.

Not sure what could go wrong here. Any pointers ?

Thanks

Jean-Philippe

_______________________________________________
Dev mailing list
[email protected]
http://lists.opencontrail.org/mailman/listinfo/dev_lists.opencontrail.org

[opencontrail-dev] SNAT issue

Reply via email to