[ovs-discuss] [ovs-dev] can OVS conntrack support IP list like this: actions=ct(commit, table=0, zone=1, nat(dst=220.0.0.3, 220.0.0.7, 220.0.0.123))?
Darrell Ball
dlu998 at gmail.com
Wed Nov 6 01:52:00 UTC 2019
- Previous message: [ovs-discuss] [ovs-dev] can OVS conntrack support IP list like this: actions=ct(commit, table=0, zone=1, nat(dst=220.0.0.3, 220.0.0.7, 220.0.0.123))?
- Next message: [ovs-discuss] 答复: [ovs-dev] can OVS conntrack support IP list like this: actions=ct(commit, table=0, zone=1, nat(dst=220.0.0.3, 220.0.0.7, 220.0.0.123))?
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
On Tue, Nov 5, 2019 at 5:37 PM Darrell Ball <dlu998 at gmail.com> wrote:
>
>
> On Tue, Nov 5, 2019 at 4:32 PM Yi Yang (杨燚)-云服务集团 <yangyi01 at inspur.com>
> wrote:
>
>> Hi, folks
>>
>>
>>
>> We need to do SNAT for many internal IPs by just using several public IPs,
>> we also need to do DNAT by some other public IPs for exposing webservice,
>> openflow rules look like the below:
>>
>>
>>
>> table=0,ip,nw_src=172.17.0.0/16,
>> …,actions=ct(commit,table=0,zone=1,nat(src=
>> 220.0.0.3,220.0.0.7,220.0.0.123))
>>
>>
>> table=0,ip,nw_src=172.18.0.67,…,actions=ct(commit,table=0,zone=1,nat(src=22
>> 0.0.0.3,220.0.0.7,220.0.0.123))
>>
>>
> for snat, you can map some subset of private IPs to a given public IP and
> so on
>
>
>
>>
>> table=0,ip,tcp,nw_dst=220.0.0.11,tp_dst=80,…,actions=ct(commit,table=0,zone
>> =2,nat(dst=172.16.0.100:80))
>>
>> table=0,ip,tcp,nw_dst=220.0.0.11,
>> tp_dst=443,…,actions=ct(commit,table=0,zone=2,nat(dst=172.16.0.100:443))
>>
>
> you are mapping 'to' private IPs, so you have control over the range
>
>
>>
>>
>>
>>
>> From ct document, it seems it can’t support IP list for nat, anybody knows
>> how we can handle such cases in some kind feasible way?
>>
>>
>>
>> In addition, is it ok if multiple openflow rules use the same NAT IP:PORT
>> combination? I’m not sure if it will result in some conflicts for SNAT,
>> because all of them need to do dynamic source port mapping, per my test,
>> it
>> seems this isn’t a problem.
>>
>
> IIUC, as long as tuples are unique, it should be fine
>
probably, you should give an example of what you mean by above
I am not sure you are meaning to say that you want to specify an L4 port in
your
snat action rule or not; you will want to use ephemeral ports by not
specifying a
specific port in most cases
>
>
>>
>>
>>
>> Thank you all in advance and appreciate your help sincerely.
>>
>> _______________________________________________
>> dev mailing list
>> dev at openvswitch.org
>> https://mail.openvswitch.org/mailman/listinfo/ovs-dev
>>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.openvswitch.org/pipermail/ovs-discuss/attachments/20191105/f6a53284/attachment-0001.html>
- Previous message: [ovs-discuss] [ovs-dev] can OVS conntrack support IP list like this: actions=ct(commit, table=0, zone=1, nat(dst=220.0.0.3, 220.0.0.7, 220.0.0.123))?
- Next message: [ovs-discuss] 答复: [ovs-dev] can OVS conntrack support IP list like this: actions=ct(commit, table=0, zone=1, nat(dst=220.0.0.3, 220.0.0.7, 220.0.0.123))?
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
More information about the discuss
mailing list