Hi Everyone,
I Configured openvswitch(type=ipsec_gre) in both the end devices, in
between both the end devices we have NAT device. Not able to establish the
tunnel in between both the end devices. Also attached file, where the
topology and openvswitch flows are listed out.
Do we have NAT-T support in openvswitch ?
Can any one help me on this ?
Thanks,
Venkata Santhosh
Topology:
=========
HostA (12.12.12.12 - br0) ------ (12.12.12.1) NAT-Device (13.13.13.1) --------
HostB(13.13.13.13 - br0)
ovs_version: "2.0.0"
I tried to configure type=ipsec_gre using openvswitch in HostA(remote_ip =
13.13.13.13) and HostB(remote_ip = 13.13.13.1).Also created br1 in both the
hosts(HostA - br1- 11.11.11.11 and HostB - br1 - 11.11.11.12).
After initiating the ping request from HostA(11.11.11.11 to 11.11.11.12), able
to see that phase 1 is successfully completed, but struck after sending first
packet in Quick Mode(Not getting any reply from HostB for Quick Mode first
Packet).
Then i initiated ping from HostB to HostA, then Quick mode is completed, but
not able to ping because the packets are being dropped in both the hosts
because of following flows.
Host A:
======
#ovs-vsctl show
0a6afd01-a849-4c7a-a9c6-238fbddcfe2a
Bridge "br1"
Port "vxlan0"
Interface "vxlan0"
type: ipsec_gre
options: {psk=password, remote_ip="13.13.13.13"}
Port "br1"
Interface "br1"
type: internal
Bridge "br0"
Port "br0"
Interface "br0"
type: internal
Port "eth0"
Interface "eth0"
# ovs-appctl dpif/show
system@ovs-system: hit:2416 missed:470
flows: cur: 4, avg: 1, max: 9, life span: 114139ms
overall avg: add rate: 14.833/min, del rate: 14.733/min
br0: hit:1959 missed:459
br0 65534/1: (internal)
eth0 1/3: (system)
br1: hit:457 missed:11
br1 65534/2: (internal)
vxlan 3/4: (ipsec_gre: remote_ip=13.13.13.13)
# ovs-dpctl dump-flows
skb_priority(0),in_port(3),eth(src=00:08:a1:45:d6:27,dst=14:18:77:c2:8a:50),eth_type(0x0800),ipv4(src=13.13.13.1/0.0.0.0,dst=12.12.12.12/0.0.0.0,proto=1/0,tos=0xc0/0,ttl=64/0,frag=no/0xff),
packets:297, bytes:35328, used:0.312s, actions:1
skb_priority(0),in_port(3),eth(src=00:08:a1:45:d6:27,dst=01:00:5e:00:00:05),eth_type(0x0800),ipv4(src=12.12.12.1/0.0.0.0,dst=224.0.0.5/0.0.0.0,proto=89/0,tos=0xc0/0,ttl=1/0,frag=no/0xff),
packets:0, bytes:0, used:never, actions:1
key20(bad key length 4, expected -1)(00 00 00 00/(bad mask length 4, expected
-1)(ff ff ff ff),key19(bad key length 4, expected -1)(00 00 00 00/(bad mask
length 4, expected -1)(ff ff ff
ff),skb_priority(0),tunnel(tun_id=0/0,src=13.13.13.13/255.255.255.255,dst=12.12.12.12/255.255.255.255,tos=0/0xff,ttl=63/0xff,flags()),in_port(4),skb_mark(0),eth(src=f2:09:c7:6e:47:45,dst=ff:ff:ff:ff:ff:ff),eth_type(0x0806),arp(sip=11.11.11.12/255.255.255.255,tip=11.11.11.11/255.255.255.255,op=1/0xff,sha=f2:09:c7:6e:47:45/ff:ff:ff:ff:ff:ff,tha=00:00:00:00:00:00/ff:ff:ff:ff:ff:ff),
packets:0, bytes:0, used:never, actions:drop
HostB :
=======
#ovs-vsctl show
0a6afd01-a849-4c7a-a9c6-238fbddcfe2a
Bridge "br1"
Port "vxlan0"
Interface "vxlan0"
type: ipsec_gre
options: {psk=password, remote_ip="13.13.13.1"}
Port "br1"
Interface "br1"
type: internal
Bridge "br0"
Port "br0"
Interface "br0"
type: internal
Port "eth1"
Interface "eth1"
ovs_version: "2.0.0"
# ovs-appctl dpif/show
system@ovs-system: hit:2670 missed:610
flows: cur: 4, avg: 4, max: 9, life span: 38571ms
overall avg: add rate: 15.921/min, del rate: 15.763/min
br0: hit:2077 missed:601
br0 65534/1: (internal)
eth1 1/2: (system)
br1: hit:593 missed:9
br1 65534/4: (internal)
vxlan0 3/3: (ipsec_gre: remote_ip=13.13.13.1)
# ovs-dpctl dump-flows
skb_priority(0),in_port(2),eth(src=00:1d:09:10:94:30,dst=ff:ff:ff:ff:ff:ff),eth_type(0x0806),arp(sip=13.13.13.1/255.255.255.255,tip=8.8.8.8/255.255.255.255,op=1/0xff,sha=00:1d:09:10:94:30/00:00:00:00:00:00,tha=00:00:00:00:00:00/00:00:00:00:00:00),
packets:36, bytes:2160, used:0.364s, actions:1
skb_priority(0),in_port(2),eth(src=00:1d:09:10:94:30,dst=08:00:27:fa:39:0d),eth_type(0x0800),ipv4(src=13.13.13.1/0.0.0.0,dst=13.13.13.13/0.0.0.0,proto=17/0,tos=0/0,ttl=63/0,frag=no/0xff),
packets:4, bytes:504, used:0.300s, actions:1
skb_priority(0),in_port(2),eth(src=00:1d:09:10:94:30,dst=ff:ff:ff:ff:ff:ff),eth_type(0x0806),arp(sip=13.13.13.1/255.255.255.255,tip=172.20.101.1/255.255.255.255,op=1/0xff,sha=00:1d:09:10:94:30/00:00:00:00:00:00,tha=00:00:00:00:00:00/00:00:00:00:00:00),
packets:36, bytes:2160, used:0.364s, actions:1
skb_priority(0),in_port(2),eth(src=00:1d:09:10:94:30,dst=01:00:5e:00:00:05),eth_type(0x0800),ipv4(src=13.13.13.1/0.0.0.0,dst=224.0.0.5/0.0.0.0,proto=89/0,tos=0xc0/0,ttl=1/0,frag=no/0xff),
packets:0, bytes:0, used:never, actions:1
skb_priority(0),tunnel(tun_id=0/0,src=13.13.13.1/255.255.255.255,dst=13.13.13.13/255.255.255.255,tos=0/0xff,ttl=63/0xff,flags()),in_port(3),skb_mark(0),eth(src=4a:8a:03:ee:63:49,dst=ff:ff:ff:ff:ff:ff),eth_type(0x0806),arp(sip=11.11.11.11/255.255.255.255,tip=11.11.11.12/255.255.255.255,op=1/0xff,sha=4a:8a:03:ee:63:49/ff:ff:ff:ff:ff:ff,tha=00:00:00:00:00:00/ff:ff:ff:ff:ff:ff),
packets:0, bytes:0, used:never, actions:drop
_______________________________________________
dev mailing list
[email protected]
https://mail.openvswitch.org/mailman/listinfo/ovs-dev
