[ovs-discuss] Debugging ct dnat openflow action

Hui Xiang xianghuir at gmail.com
Fri Nov 10 10:41:52 UTC 2017 

Hi Folks,


I am now debugging OVN NAT with openstack, networking-ovn. now I am blocked
at the dnat action step, if anyone can give a help or hint would be really
appreciated.

VM instance has fixedip 20.0.0.2 and floatingip 172.16.0.131

Below are the lflow-trace, openflow-trace and related openflow table.

>From lflow-trace, the ip4.dst=172.16.0.131 is expected turn to 20.0.0.2 by
ct_dnat, and then when go to next table, the nw_dst will be 20.0.0.0/24,
but actually from the openflow-trace after ct_dnat(20.0.0.2), the nw_dst is
still 172.16.0.0/24 in the next routing table, does there's something wrong
or I miss anything in the ct dnat? it is using the ovs 2.8.1 kernel
conntrack, where should I looked? Thanks much.


# lflow trace
ct_snat /* assuming no un-snat entry, so no change */
-----------------------------------------------------
 4. lr_in_dnat (ovn-northd.c:5007): ip && ip4.dst == 172.16.0.131 && inport
== "lrp-640d04" && is_chassis_resident("cr-lrp-640d04"), priority 100, uuid
5d67b33f
    ct_dnat(20.0.0.2);

ct_dnat(ip4.dst=20.0.0.2)
-------------------------
 5. lr_in_ip_routing (ovn-northd.c:4140): ip4.dst == 20.0.0.0/24, priority
49, uuid e869d362
    ip.ttl--;
    reg0 = ip4.dst;
    reg1 = 20.0.0.1;
    eth.src = fa:16:3e:b5:99:71;
    outport = "lrp-82f211";
    flags.loopback = 1;
    next;

# corresponding openflow trace
12. ip,reg14=0x1,metadata=0x3,nw_dst=172.16.0.131, priority 100, cookie
0x5d67b33f
    ct(commit,table=13,zone=NXM_NX_REG11[0..15],nat(dst=20.0.0.2))
    nat(dst=20.0.0.2)
     -> A clone of the packet is forked to recirculate. The forked pipeline
will be resumed at table 13.

Final flow: unchanged
Megaflow: recirc_id=0x19,eth,ip,in_port=0,nw_dst=172.16.0.131,nw_frag=no
Datapath actions: ct(commit,zone=7,nat(dst=20.0.0.2)),recirc(0x1a)

===============================================================================
recirc(0x1a) - resume conntrack with default ct_state=trk|new (use
--ct-next to customize)
===============================================================================

Flow:
recirc_id=0x1a,ct_state=new|trk,eth,icmp,reg11=0x7,reg12=0x3,reg14=0x1,metadata=0x3,vlan_tci=0x0000,dl_src=00:00:00:00:00:00,dl_dst=fa:16:3e:2e:ea:e9,nw_src=172.16.0.2,nw_dst=172.16.0.131,nw_tos=0,nw_ecn=0,nw_ttl=32,icmp_type=0,icmp_code=0

bridge("br-ex")
---------------
    thaw
        Resuming from table 13
13. ip,metadata=0x3,nw_dst=172.16.0.0/16, priority 33, cookie 0x9e4db527
    dec_ttl()
    move:NXM_OF_IP_DST[]->NXM_NX_XXREG0[96..127]
     -> NXM_NX_XXREG0[96..127] is now 0xac100083
    load:0xac100082->NXM_NX_XXREG0[64..95]
    set_field:fa:16:3e:2e:ea:e9->eth_src
    set_field:0x1->reg15
    load:0x1->NXM_NX_REG10[0]
    resubmit(,14)


# openflow table
 cookie=0x5d67b33f, duration=4600.548s, table=12, n_packets=3, n_bytes=294,
priority=100,ip,reg14=0x1,metadata=0x3,nw_dst=172.16.0.131
actions=ct(commit,table=13,zone=NXM_NX_REG11[0..15],nat(dst=20.0.0.2))
 cookie=0xe869d362, duration=4600.551s, table=13, n_packets=3, n_bytes=294,
priority=49,ip,metadata=0x3,nw_dst=20.0.0.0/24
actions=dec_ttl(),move:NXM_OF_IP_DST[]->NXM_NX_XXREG0[96..127],load:
0x14000001->NXM_NX_XXREG0[64..95],set_field:fa:16:3e:b5:99:71->eth_src,set_field:0x3->reg15,load:0x1->NXM_NX_REG10[0],resubmit(,14)
 cookie=0x9e4db527, duration=4600.547s, table=13, n_packets=0, n_bytes=0,
priority=33,ip,metadata=0x3,nw_dst=172.16.0.0/16
actions=dec_ttl(),move:NXM_OF_IP_DST[]->NXM_NX_XXREG0[96..127],load:
0xac100082->NXM_NX_XXREG0[64..95],set_field:fa:16:3e:2e:ea:e9->eth_src,set_field:0x1->reg15,load:0x1->NXM_NX_REG10[0],resubmit(,14)


Hui.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.openvswitch.org/pipermail/ovs-discuss/attachments/20171110/45ba6a9a/attachment.html>

More information about the discuss mailing list