[ovs-discuss] OVS as L3 and NAT Router

Sun Paul paulrbk at gmail.com
Mon Sep 11 03:25:08 UTC 2017


Hi All

We are trying to setup a L3 and NAT router on OVS. however, we are failed.


We have two interfaces and we have created bridge correspondingly.

# ovs-ofctl dump-flows ovsbr1
 cookie=0x0, duration=6468.817s, table=0, n_packets=6395,
n_bytes=626710, priority=100,ip,nw_dst=192.168.10.231
actions=mod_nw_dst:10.10.10.232,resubmit(,10)
 cookie=0x0, duration=297404.828s, table=0, n_packets=479598,
n_bytes=41751410, priority=0 actions=NORMAL
 cookie=0x0, duration=6159.049s, table=10, n_packets=6150,
n_bytes=602700, priority=100,ip,nw_src=192.168.10.234
actions=mod_nw_src:10.10.10.231,resubmit(,15)
 cookie=0x0, duration=1227.358s, table=15, n_packets=1226,
n_bytes=120148, priority=100,ip actions=LOCAL

the incoming packet with source 192.168.10.234 is sending to
destination 192.168.10.231 where this IP is owned by ovsbr1.

so, the rule will change the source and destination of this packet
using source 10.10.10.231 and destination 10.10.10.232.

We did a tcpdump on ovsbr1, and we are able to find the correct mapping.

 11:23:02.190554 IP 10.10.10.231 > 10.10.10.232: ICMP echo request, id
28732, seq 2186, length 64
11:23:03.190356 IP 10.10.10.231 > 10.10.10.232: ICMP echo request, id
28732, seq 2187, length 64
11:23:04.190398 IP 10.10.10.231 > 10.10.10.232: ICMP echo request, id
28732, seq 2188, length 64

but then the packet is failed to send out on ovsbr2, where the IP
address 10.10.10.231 is owned by ovsbr2.

any idea?

when we try to run "ovs-appctl ofproto/trace
ovsbr2in_port=1,dl_type=0x0800,nw_src=10.10.10.231,nw_dst=10.10.10.232",
we got " skipping output to input port" error.


# ovs-appctl ofproto/trace ovsbr2
in_port=1,dl_type=0x0800,nw_src=10.10.10.231,nw_dst=10.10.10.232
Flow: ip,in_port=1,vlan_tci=0x0000,dl_src=00:00:00:00:00:00,dl_dst=00:00:00:00:00:00,nw_src=10.10.10.231,nw_dst=10.10.10.232,nw_proto=0,nw_tos=0,nw_ecn=0,nw_ttl=0

bridge("ovsbr2")
---------------
 0. ip, priority 32768
    LOCAL
    output:1
     >> skipping output to input port

Final flow: unchanged
Megaflow: recirc_id=0,eth,ip,in_port=1,nw_frag=no
Datapath actions: 2


More information about the discuss mailing list