[ovs-dev] can OVS conntrack support IP list like this: actions=ct(commit, table=0, zone=1, nat(dst=220.0.0.3, 220.0.0.7, 220.0.0.123))?

[=?gb2312?B?WWkgWWFuZyAo0e6gRCkt1Ma3/s7xvK/NxQ==?=]

Hi, folks

 

We need to do SNAT for many internal IPs by just using several public IPs,
we also need to do DNAT by some other public IPs for exposing webservice,
openflow rules look like the below:

 

table=0,ip,nw_src=172.17.0.0/16,…,actions=ct(commit,table=0,zone=1,nat(src=
220.0.0.3,220.0.0.7,220.0.0.123))

table=0,ip,nw_src=172.18.0.67,…,actions=ct(commit,table=0,zone=1,nat(src=22
0.0.0.3,220.0.0.7,220.0.0.123))

table=0,ip,tcp,nw_dst=220.0.0.11,tp_dst=80,…,actions=ct(commit,table=0,zone
=2,nat(dst=172.16.0.100:80))

table=0,ip,tcp,nw_dst=220.0.0.11,
tp_dst=443,…,actions=ct(commit,table=0,zone=2,nat(dst=172.16.0.100:443))

 

 

>From ct document, it seems it can’t support IP list for nat, anybody knows
how we can handle such cases in some kind feasible way?

 

In addition, is it ok if multiple openflow rules use the same NAT IP:PORT
combination? I’m not sure if it will result in some conflicts for SNAT,
because all of them need to do dynamic source port mapping, per my test, it
seems this isn’t a problem.

 

Thank you all in advance and appreciate your help sincerely.