> On Jan 28, 2016, at 3:27 PM, Chandra Vejendla <chandra.vejen...@gmail.com> > wrote: > > Hi Jarno, > > On my simple OVS setup i setup flows to do DNAT with recirculation and the > flows match on the DNAT IP. > > I tried to do the same on my OVN setup, but the flows don't match the DNAT > IP. The flows below try to match the DST NAT IP network and accordingly route > the packet, but the flows are matching on the original DST IP of the packet. >
You could check if the nat kernel modules are loaded. Try this on both systems and see if there are differences that might explain what is going on: ‘lsmod | grep nat’. Jarno > Is there something i am missing here. > > cookie=0x0, duration=419.960s, table=16, n_packets=10, n_bytes=980, > idle_age=374, priority=60,reg6=0x1,ip,metadata=0x3,dl_dst=fa:16:3e:25:26:49 > actions=ct(commit,table=17,nat(dst=10.0.0.99)) > > cookie=0x0, duration=559.343s, table=17, n_packets=17, n_bytes=1533, > idle_age=374, priority=0,metadata=0x3 actions=resubmit(,18) > > cookie=0x0, duration=559.343s, table=18, n_packets=10, n_bytes=980, > idle_age=374, priority=24,ip,metadata=0x3,nw_dst=172.16.0.0/24 > <http://172.16.0.0/24> > actions=dec_ttl(),move:NXM_OF_IP_DST[]->NXM_NX_REG0[],resubmit(,19) > > cookie=0x0, duration=557.831s, table=18, n_packets=0, n_bytes=98, > idle_age=534, priority=24,ip,metadata=0x3,nw_dst=10.0.0.0/24 > <http://10.0.0.0/24> > actions=dec_ttl(),move:NXM_OF_IP_DST[]->NXM_NX_REG0[],resubmit(,19) > > > Thanks, > Chandra > > On Wed, Jan 27, 2016 at 11:34 AM, Jarno Rajahalme <ja...@ovn.org > <mailto:ja...@ovn.org>> wrote: > >> On Jan 26, 2016, at 10:25 PM, Chandra Vejendla <chandra.vejen...@gmail.com >> <mailto:chandra.vejen...@gmail.com>> wrote: >> >> Hi Jarno, >> >> We are trying to install openflow rules to get floating-ips working in OVN >> and have a question about DNAT action. >> >> When a DNAT action is committed, at what stage is the packets DIP actually >> modified. If there are rules in the pipeline after the DNAT action that try >> to match on the new DNAT address, those rules doesn't seem to match the >> packet. >> > > Any CT/NAT modifications are done only when the CT action is executed by the > datapath. If the rest of the OpenFlow pipeline needs to match on those > changed fields, you will need to recirculate instead of resubmit. That is > done by adding a “table=1” parameter to the CT action. > > Jarno > >> In a simple setup with following rules, the packets always match the 3rd >> rule. Is there a way to match on the DNAT IP after a DNAT action is >> committed. >> >> cookie=0x0, duration=726.320s, table=0, n_packets=2, n_bytes=196, >> idle_age=613, ip,in_port=1 >> actions=ct(commit,zone=1,nat(dst=10.1.1.2)),resubmit(,1) >> cookie=0x0, duration=674.391s, table=1, n_packets=0, n_bytes=0, >> idle_age=674, priority=100,ip,nw_dst=10.1.1.2 actions=output:2 >> cookie=0x0, duration=664.212s, table=1, n_packets=2, n_bytes=196, >> idle_age=613, priority=50,ip,nw_dst=10.1.1.64 actions=output:2 >> >> The use case we are trying to solve is to be able to look at the DNAT IP of >> a packet from a public network -> a floating IP and accordingly route the >> packet based on the virtual network the DNAT IP belongs to. >> >> Thanks, >> Chandra >> > > _______________________________________________ dev mailing list dev@openvswitch.org http://openvswitch.org/mailman/listinfo/dev
