Hello,
I've got a problème with openVswitch and iptables/DNAT
On an hypervisor with openvswitch, I have two VM. One of this VM is a linux
firewall and the other a web server.
The network topology is simble :
== LAN ==
|
|
| LAN IP : 10.x.x.x
[VM Firewall]
| Pv IP : 192.168.7.1
|
|
| Pv IP : 192.168.7.10
[VM WebServer]
So I've done simple rules on the firewall to DNAT the port 80 to the
webserver.
When I try to connect to the LAN IP on port 80, the connection is really
slow, about some octet/s.
With tcpdump, i saw that lot's of Retransmission of tcp packets (missing
ack). Some packets are in state "Tcp segment of a reassembled pdu".
I've check the IP configuration, routing configuration on the Vm, and vlan
configuration on openvswitch. Didn't see any missconfiguration ...
Have you experiment DNAT with openVswitch ? any drawback ? any idea ?
Sofware version :
openvswitch : 1.0.3
rhel6/KVM
I will work to have 1.1 up and ready but i've no time to do it for now ...
Thank you in advance.
Regards,
_______________________________________________
discuss mailing list
[email protected]
http://openvswitch.org/mailman/listinfo/discuss
