[ovs-discuss] OpenVswitch and iptables DNAT : problems

Benoit ML ben42ml at gmail.com
Wed Apr 13 14:16:42 UTC 2011


I've got a problème with openVswitch and iptables/DNAT

On an hypervisor with openvswitch, I have two VM.  One of this VM is a linux
firewall and the other a web server.
The network topology is simble :
                 == LAN ==
                         |  LAN IP : 10.x.x.x
                 [VM Firewall]
                         |  Pv IP :
                         | Pv IP :
              [VM WebServer]

So I've done simple rules on the firewall to DNAT the port 80 to the
When I try to connect to the LAN IP on port 80, the connection is really
slow, about some octet/s.
 With tcpdump, i saw that lot's of Retransmission of tcp packets (missing
ack). Some packets are in state "Tcp segment of a reassembled pdu".

I've check the IP configuration, routing configuration on the Vm, and vlan
configuration on openvswitch. Didn't see any missconfiguration ...

Have you experiment DNAT with openVswitch ? any drawback ? any idea ?

Sofware version :
openvswitch : 1.0.3

I will work to have 1.1 up and ready but i've no time to do it for now ...

Thank you in advance.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://openvswitch.org/pipermail/ovs-discuss/attachments/20110413/41d15a76/attachment.html>

More information about the discuss mailing list