> On Jan 26, 2016, at 10:25 PM, Chandra Vejendla <chandra.vejen...@gmail.com> > wrote: > > Hi Jarno, > > We are trying to install openflow rules to get floating-ips working in OVN > and have a question about DNAT action. > > When a DNAT action is committed, at what stage is the packets DIP actually > modified. If there are rules in the pipeline after the DNAT action that try > to match on the new DNAT address, those rules doesn't seem to match the > packet. >
Any CT/NAT modifications are done only when the CT action is executed by the datapath. If the rest of the OpenFlow pipeline needs to match on those changed fields, you will need to recirculate instead of resubmit. That is done by adding a “table=1” parameter to the CT action. Jarno > In a simple setup with following rules, the packets always match the 3rd > rule. Is there a way to match on the DNAT IP after a DNAT action is committed. > > cookie=0x0, duration=726.320s, table=0, n_packets=2, n_bytes=196, > idle_age=613, ip,in_port=1 > actions=ct(commit,zone=1,nat(dst=10.1.1.2)),resubmit(,1) > cookie=0x0, duration=674.391s, table=1, n_packets=0, n_bytes=0, idle_age=674, > priority=100,ip,nw_dst=10.1.1.2 actions=output:2 > cookie=0x0, duration=664.212s, table=1, n_packets=2, n_bytes=196, > idle_age=613, priority=50,ip,nw_dst=10.1.1.64 actions=output:2 > > The use case we are trying to solve is to be able to look at the DNAT IP of a > packet from a public network -> a floating IP and accordingly route the > packet based on the virtual network the DNAT IP belongs to. > > Thanks, > Chandra > _______________________________________________ dev mailing list dev@openvswitch.org http://openvswitch.org/mailman/listinfo/dev
