[ovs-dev] OVS with NAT Configuration

Sheroo Pratap sheroopratapresearch at gmail.com
Fri May 6 12:22:43 UTC 2016


Thanks Justin for quick response and clarifications.

 As suggested by Joe, i checked out OVS master and tried to build OVS in
upstream kernel it successfully installed and working fine (Thanks again
all).

 below are the steps i have followed.
 1) upgraded kernel to 4.6 (recommended on
https://github.com/openvswitch/ovs/blob/master/FAQ.md#q-are-all-features-available-with-all-datapaths
)
 2) Installed all the dependencies.
 3) checked-out master OVS code base from https://github.com/openvswitch/ovs
<https://github.com/openvswitch/ovs/blob/master/FAQ.md#q-are-all-features-available-with-all-datapaths>
 4) build and installed OVS without any error.
       root at osboxes:/home/osboxes/ovs# ovs-vswitchd --version
      * ovs-vswitchd (Open vSwitch) 2.5.90*
*       Compiled May  6 2016 10:27:16*
       root at osboxes:/home/osboxes/ovs#

  5) tried to add flow through ofctl for NAT configuration (followed the
link http://openvswitch.org/pipermail/dev/2015-November/061997.html), it is
successfully added i can see the flows in flow table.
          *root at osboxes:/home/osboxes# ovs-ofctl dump-flows br0*
*          NXST_FLOW reply (xid=0x4):*
*               cookie=0x0, duration=675.193s, table=0, n_packets=0,
n_bytes=0, idle_age=675, ct_state=-trk,ip,in_port=2                *
*               actions=ct(table=0,zone=1,nat)*
*               cookie=0x0, duration=445.647s, table=0, n_packets=0,
n_bytes=0, idle_age=445, ip,in_port=1 *
*
 actions=ct(commit,zone=1,nat(src=192.168.56.102-192.168.56.110)),output:2*
*           root at osboxes:/home/osboxes#*

 My question is : 1) The flows i have added though ofctl for NATing the
same should reflected in iptables?

Thanks and Regards
  Sheroo Pratap


On Wed, May 4, 2016 at 12:45 PM, Justin Pettit <jpettit at ovn.org> wrote:

> You don't need to post the same messages to discuss and dev.  Please just
> choose one forum, since most of us are in both.
>
> Here's the answer I gave in ovs-discuss:
>
> -=-=-=-=-=-=-=-=-=-
> Yes, connection tracking is part of 2.5.  However, the release states:
> "This feature makes it possible to implement stateful firewalls and will be
> the basis for future stateful features such as NAT and load-balancing."
> Notice that it's referring to future features, which means they're not in
> that release.  The NAT code was accepted by the upstream Linux kernel and
> is currently being backported to earlier kernels, so I expect that they'll
> be in the next OVS release.
> -=-=-=-=-=-=-=-=-=-
>
> --Justin
>
>
> > On May 3, 2016, at 10:38 PM, Sheroo Pratap <
> sheroopratapresearch at gmail.com> wrote:
> >
> > Hi Jarno,
> >
> >   I found below link for NAT support in OVS 2.5.0 release, looks like NAT
> > is supported in latest release.
> >
> >    http://openvswitch.org/pipermail/announce/2016-February/000081.html
> >
> >   if you see in below link it is mentioned here that ct is supported in
> > OVS 2.5.0 release
> >
> >   http://openvswitch.org/releases/NEWS-2.5.0
> >
> > Thanks and Regards
> >  Sheroo Pratap
> >
> >
> >> On Tue, May 3, 2016 at 10:23 PM, Jarno Rajahalme <jarno at ovn.org> wrote:
> >>
> >>> OVS with conntrack NAT support has not been released yet. To try it out
> >>> you need to use OVS git master and the release candidate of the
> upstream
> >>> linux kernel (4.6). When you have those installed, you can find
> examples in
> >>> ovs/tests/system-traffic.at.
> >>>
> >>> Regards,
> >>>
> >>>  Jarno
> >>>
> >>>> On May 3, 2016, at 2:13 AM, Sheroo Pratap <
> >>> sheroopratapresearch at gmail.com> wrote:
> >>>>
> >>>> Hi All,
> >>>>
> >>>>  I trying to do NAT configuration in OVS 2.5.0. I am not getting any
> >>>> proper documentation for OVS NAT configuration.
> >>>>
> >>>> Can anyone help me, any example will be very help full.
> >>>>
> >>>> Thanks in advance.
> >>>>
> >>>>
> >>>> Thanks and Regards
> >>>> Sheroo Pratap
> >>>> _______________________________________________
> >>>> dev mailing list
> >>>> dev at openvswitch.org
> >>>> http://openvswitch.org/mailman/listinfo/dev
> >>>
> >>>
> >>
> > _______________________________________________
> > dev mailing list
> > dev at openvswitch.org
> > http://openvswitch.org/mailman/listinfo/dev
>
>



More information about the dev mailing list