[ovs-discuss] Debugging ct dnat openflow action

Hui Xiang xianghuir at gmail.com
Mon Nov 13 06:43:40 UTC 2017


Does ovs linux dapath NAT work with linux kernel 4.4.70 version?

I have seen below comments in the NEWS saying [1]
"
- Linux:
* OVS Linux datapath now implements Conntrack NAT action with all
supported Linux kernels.
"
However, the NAT support for ovs linux datath showed in [2] and [3](below)
means they are merged since kernel 4.6
"
FeatureLinux upstreamLinux OVS treeUserspaceHyper-V
NAT 4.6 YES Yes NO
"

My understanding is that the NAT is only working with a minimal version of
kernel 4.6? Thanks much for any help.

[1] https://github.com/openvswitch/ovs/blob/master/NEWS
[2] https://www.mail-archive.com/netdev@vger.kernel.org/msg101556.html
[3] http://docs.openvswitch.org/en/latest/faq/releases/


Hui.


On Fri, Nov 10, 2017 at 6:41 PM, Hui Xiang <xianghuir at gmail.com> wrote:

> Hi Folks,
>
>
> I am now debugging OVN NAT with openstack, networking-ovn. now I am
> blocked at the dnat action step, if anyone can give a help or hint would be
> really appreciated.
>
> VM instance has fixedip 20.0.0.2 and floatingip 172.16.0.131
>
> Below are the lflow-trace, openflow-trace and related openflow table.
>
> From lflow-trace, the ip4.dst=172.16.0.131 is expected turn to 20.0.0.2 by
> ct_dnat, and then when go to next table, the nw_dst will be 20.0.0.0/24,
> but actually from the openflow-trace after ct_dnat(20.0.0.2), the nw_dst is
> still 172.16.0.0/24 in the next routing table, does there's something
> wrong or I miss anything in the ct dnat? it is using the ovs 2.8.1 kernel
> conntrack, where should I looked? Thanks much.
>
>
> # lflow trace
> ct_snat /* assuming no un-snat entry, so no change */
> -----------------------------------------------------
>  4. lr_in_dnat (ovn-northd.c:5007): ip && ip4.dst == 172.16.0.131 &&
> inport == "lrp-640d04" && is_chassis_resident("cr-lrp-640d04"), priority
> 100, uuid 5d67b33f
>     ct_dnat(20.0.0.2);
>
> ct_dnat(ip4.dst=20.0.0.2)
> -------------------------
>  5. lr_in_ip_routing (ovn-northd.c:4140): ip4.dst == 20.0.0.0/24,
> priority 49, uuid e869d362
>     ip.ttl--;
>     reg0 = ip4.dst;
>     reg1 = 20.0.0.1;
>     eth.src = fa:16:3e:b5:99:71;
>     outport = "lrp-82f211";
>     flags.loopback = 1;
>     next;
>
> # corresponding openflow trace
> 12. ip,reg14=0x1,metadata=0x3,nw_dst=172.16.0.131, priority 100, cookie
> 0x5d67b33f
>     ct(commit,table=13,zone=NXM_NX_REG11[0..15],nat(dst=20.0.0.2))
>     nat(dst=20.0.0.2)
>      -> A clone of the packet is forked to recirculate. The forked
> pipeline will be resumed at table 13.
>
> Final flow: unchanged
> Megaflow: recirc_id=0x19,eth,ip,in_port=0,nw_dst=172.16.0.131,nw_frag=no
> Datapath actions: ct(commit,zone=7,nat(dst=20.0.0.2)),recirc(0x1a)
>
> ============================================================
> ===================
> recirc(0x1a) - resume conntrack with default ct_state=trk|new (use
> --ct-next to customize)
> ============================================================
> ===================
>
> Flow: recirc_id=0x1a,ct_state=new|trk,eth,icmp,reg11=0x7,reg12=
> 0x3,reg14=0x1,metadata=0x3,vlan_tci=0x0000,dl_src=00:00:
> 00:00:00:00,dl_dst=fa:16:3e:2e:ea:e9,nw_src=172.16.0.2,nw_
> dst=172.16.0.131,nw_tos=0,nw_ecn=0,nw_ttl=32,icmp_type=0,icmp_code=0
>
> bridge("br-ex")
> ---------------
>     thaw
>         Resuming from table 13
> 13. ip,metadata=0x3,nw_dst=172.16.0.0/16, priority 33, cookie 0x9e4db527
>     dec_ttl()
>     move:NXM_OF_IP_DST[]->NXM_NX_XXREG0[96..127]
>      -> NXM_NX_XXREG0[96..127] is now 0xac100083
>     load:0xac100082->NXM_NX_XXREG0[64..95]
>     set_field:fa:16:3e:2e:ea:e9->eth_src
>     set_field:0x1->reg15
>     load:0x1->NXM_NX_REG10[0]
>     resubmit(,14)
>
>
> # openflow table
>  cookie=0x5d67b33f, duration=4600.548s, table=12, n_packets=3,
> n_bytes=294, priority=100,ip,reg14=0x1,metadata=0x3,nw_dst=172.16.0.131
> actions=ct(commit,table=13,zone=NXM_NX_REG11[0..15],nat(dst=20.0.0.2))
>  cookie=0xe869d362, duration=4600.551s, table=13, n_packets=3,
> n_bytes=294, priority=49,ip,metadata=0x3,nw_dst=20.0.0.0/24
> actions=dec_ttl(),move:NXM_OF_IP_DST[]->NXM_NX_XXREG0[96..127],load:
> 0x14000001->NXM_NX_XXREG0[64..95],set_field:fa:16:3e:b5:99:
> 71->eth_src,set_field:0x3->reg15,load:0x1->NXM_NX_REG10[0],resubmit(,14)
>  cookie=0x9e4db527, duration=4600.547s, table=13, n_packets=0, n_bytes=0,
> priority=33,ip,metadata=0x3,nw_dst=172.16.0.0/16
> actions=dec_ttl(),move:NXM_OF_IP_DST[]->NXM_NX_XXREG0[96..127],load:
> 0xac100082->NXM_NX_XXREG0[64..95],set_field:fa:16:3e:2e:ea:
> e9->eth_src,set_field:0x1->reg15,load:0x1->NXM_NX_REG10[0],resubmit(,14)
>
>
> Hui.
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.openvswitch.org/pipermail/ovs-discuss/attachments/20171113/02a62abe/attachment-0001.html>


More information about the discuss mailing list