[ovs-dev] OVS with NAT Configuration

Sheroo Pratap sheroopratapresearch at gmail.com
Tue May 10 08:59:08 UTC 2016 

Thanks Joe,

I tried to add flows for NAT using below commands

ovs-ofctl add-flow br0
"in_port=1,ip,action=ct(commit,nat(src=192.168.56.103-192.168.56.115)),2"
ovs-ofctl add-flow br0 "in_port=2,ct_state=-trk,ip,action=ct(table=0,nat)"
ovs-ofctl add-flow br0 "in_port=2,ct_state=+trk,ip,action=1"

It is added successfully
root at osboxes:/home/osboxes/ovs# ovs-ofctl dump-flows br0
NXST_FLOW reply (xid=0x4):
 cookie=0x0, duration=3222.738s, table=0, n_packets=5735, n_bytes=521513,
idle_age=0, actions=NORMAL
 cookie=0x0, duration=335.272s, table=0, n_packets=0, n_bytes=0,
idle_age=335, ip,in_port=1
actions=ct(commit,zone=1,nat(src=192.168.56.103-192.168.56.115)),output:2
 cookie=0x0, duration=889.087s, table=0, n_packets=0, n_bytes=0,
idle_age=889, ct_state=-trk,ip,in_port=2 actions=ct(table=0,zone=1,nat)
 cookie=0x0, duration=875.198s, table=0, n_packets=0, n_bytes=0,
idle_age=875, ct_state=+trk,ct_zone=1,ip,in_port=2 actions=output:1
root at osboxes:/home/osboxes/ovs#

when trying to send packed from port 1 to 2, NATing is not performed.

Could you please let me know, where i am going wrong?
How can i configure NAT in ovs, and how can i test the configurations?
Is there any sample example for that, it will be quite helpful.

Thanks for you help.

Thanks and Regards
 Sheroo Pratap



On Fri, May 6, 2016 at 10:31 PM, Joe Stringer <joe at ovn.org> wrote:

> On 6 May 2016 at 05:22, Sheroo Pratap <sheroopratapresearch at gmail.com>
> wrote:
> > Thanks Justin for quick response and clarifications.
> >
> >  As suggested by Joe, i checked out OVS master and tried to build OVS in
> > upstream kernel it successfully installed and working fine (Thanks again
> > all).
> >
> >  below are the steps i have followed.
> >  1) upgraded kernel to 4.6 (recommended on
> >
> https://github.com/openvswitch/ovs/blob/master/FAQ.md#q-are-all-features-available-with-all-datapaths
> )
> >  2) Installed all the dependencies.
> >  3) checked-out master OVS code base from
> https://github.com/openvswitch/ovs
> >  4) build and installed OVS without any error.
> >        root at osboxes:/home/osboxes/ovs# ovs-vswitchd --version
> >        ovs-vswitchd (Open vSwitch) 2.5.90
> >        Compiled May  6 2016 10:27:16
> >        root at osboxes:/home/osboxes/ovs#
> >
> >   5) tried to add flow through ofctl for NAT configuration (followed the
> > link http://openvswitch.org/pipermail/dev/2015-November/061997.html),
> it is
> > successfully added i can see the flows in flow table.
> >           root at osboxes:/home/osboxes# ovs-ofctl dump-flows br0
> >           NXST_FLOW reply (xid=0x4):
> >                cookie=0x0, duration=675.193s, table=0, n_packets=0,
> > n_bytes=0, idle_age=675, ct_state=-trk,ip,in_port=2
> >                actions=ct(table=0,zone=1,nat)
> >                cookie=0x0, duration=445.647s, table=0, n_packets=0,
> > n_bytes=0, idle_age=445, ip,in_port=1
> >
> > actions=ct(commit,zone=1,nat(src=192.168.56.102-192.168.56.110)),output:2
> >            root at osboxes:/home/osboxes#
> >
> >  My question is : 1) The flows i have added though ofctl for NATing the
> same
> > should reflected in iptables?
>
> Hi Sheroo,
>
> No, there is no mapping or co-ordination between OVS and IPTables. The
> rule lookup and execution is entirely separate; they only share the
> core connection tracking and NAT functionality, which is dissociated
> from policy.
>

More information about the dev mailing list