[ovs-discuss] OpenVswitch and iptables DNAT : problems

Benoit ML ben42ml at gmail.com
Wed Apr 13 14:16:42 UTC 2011


Hello,

I've got a problème with openVswitch and iptables/DNAT

On an hypervisor with openvswitch, I have two VM.  One of this VM is a linux
firewall and the other a web server.
The network topology is simble :
                 == LAN ==
                         |
                         |
                         |  LAN IP : 10.x.x.x
                 [VM Firewall]
                         |  Pv IP : 192.168.7.1
                         |
                         |
                         | Pv IP : 192.168.7.10
              [VM WebServer]

So I've done simple rules on the firewall to DNAT the port 80 to the
webserver.
When I try to connect to the LAN IP on port 80, the connection is really
slow, about some octet/s.
 With tcpdump, i saw that lot's of Retransmission of tcp packets (missing
ack). Some packets are in state "Tcp segment of a reassembled pdu".

I've check the IP configuration, routing configuration on the Vm, and vlan
configuration on openvswitch. Didn't see any missconfiguration ...

Have you experiment DNAT with openVswitch ? any drawback ? any idea ?

Sofware version :
openvswitch : 1.0.3
rhel6/KVM

I will work to have 1.1 up and ready but i've no time to do it for now ...

Thank you in advance.

Regards,
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://openvswitch.org/pipermail/ovs-discuss/attachments/20110413/41d15a76/attachment.html>


More information about the discuss mailing list