[ovs-discuss] Problems with DNAT and host static routes
Numan Siddique
numans at ovn.org
Wed May 6 18:12:21 UTC 2020
On Wed, May 6, 2020 at 12:00 AM Brendan Doyle <brendan.doyle at oracle.com>
wrote:
>
>
> On 05/05/2020 18:45, Numan Siddique wrote:
>
>
>
> On Sun, May 3, 2020 at 9:17 PM Brendan Doyle <brendan.doyle at oracle.com>
> wrote:
>
>> Hi,
>>
>> I have a couple of questions/issues with DNAT and static host routes...
>>
>> 1) Can I dnat the destination address of a pkt that is being sent
>> out of the Logical network through a gateway.
>> From a VM in the Logical Network I want to send a pkt to
>> the Logical Network IP 192.16.1.106. But I want that IP
>> to be dnat'd to an external underlay IP of 253.255.0.33
>>
>> 2) It seems that local link routes are processed before
>> host routes. So if a VM in the Logical subnet 192.16.1.0/24
>> sends a pkt with dst IP 192.16.1.106 to the logical router
>> in that subnet, the Logical router wants to send it back out
>> on that subnet, even though the router has a specific host route
>> to forward that pkt to a gateway.
>>
>> See toward the end of the email for North Bound DB config.
>> The routes and NATs I have defined are:
>>
>> #ovn-nbctl lr-route-list lr_vcn3
>> IPv4 Routes
>> 192.16.1.106 253.255.0.1 dst-ip lr_vcn3_gw-ls_external_vcn3
>> 0.0.0.0/0 253.255.0.1 dst-ip lr_vcn3_gw-ls_external_vcn3
>>
>> # ovn-nbctl lr-nat-list lr_vcn3
>> TYPE EXTERNAL_IP EXTERNAL_PORT LOGICAL_IP EXTERNAL_MAC LOGICAL_PORT
>> dnat 253.255.0.33 192.16.1.106
>> snat 253.255.2.2 192.16.1.6
>>
>> I'm pinging 192.16.1.106 from host 192.16.1.6. To work around the issue
>> I am having with proxy ARP, I put a static ARP entry on 192.16.1.6 to
>> direct the pkt to the subnet logical router lr_vcn3
>
>
>> I had hoped that
>> a) The pkt would first be NAT'd by lr_vcn3 to 253.255.0.33, then
>> b) be sent to the gateway by the default route rule:
>> 0.0.0.0/0 253.255.0.1 dst-ip lr_vcn3_gw-ls_external_vcn3
>>
>> If it is NAT'd first I would not need the static route:
>> 192.16.1.106 253.255.0.1 dst-ip lr_vcn3_gw-ls_external_vcn3
>>
>> But it is not NAT'd, so then I had hoped that the static route
>> would send it to the gateway, where it would be NAT'd but it
>> does not, it seems that local link routes are processed first
>> so lr_vcn3 sends an ARP on 192.16.1.0/24 to try resolve a MAC for
>> 192.16.1.106.
>>
>> When we look at the flows generated for this small config, we can see
>> why. The question, is there a way around this, by manually inserting
>> flows into the south bound database?
>>
>
> I don't think so, you can do this. ovn-northd computes the logical flows
> and writes to the sb db.
>
> If you think the static routes should be processed before the local routes
> (via the networks
> defined in the lrps), probably you can propose a patch for this ?
>
> I'm personally fine with it, if this is a valid requirement and it is
> expressed properly in the Northbound db.
> May be an indication for ovn-northd that these static routes should be
> added at a high priority.
>
>
> I'm not at all familiar with the OVN source code, but I am trying to hack
> something together
> in a very surgical way. I have put in a simple hack to make host static
> routes have a higher
> priority than link local. I can now see my ping get out onto the underlay.
>
> Now I'm looking at doing DNAT for packets being sent out, and un DNAT for
> them on the
> way back. That looks a whole lot more involved.
>
Maybe you can add policies to the logical router to address your use case.
Take a look at
- ovn-nbctl --help | grep lr-policy and
- https://www.ovn.org/support/dist-docs/ovn-nb.5.html and grep
for Logical_Router_Policy
Thanks
Numan
>
> Thanks
> Numan
>
>
>
>>
>> Datapath: "lr_vcn3" (db21ed8c-16a5-4afb-aa51-5bbaae5bda29) Pipeline:
>> ingress
>> table=0 (lr_in_admission ), priority=50 , match=(eth.dst ==
>> 40:44:00:00:00:60 && inport == "lr_vcn3-vcn3_subnet1"), action=(next;)
>>
>> So we go to table 1
>>
>> table=1 (lr_in_lookup_neighbor), priority=0 , match=(1),
>> action=(reg9[3] = 1; next;)
>>
>> So we go to table 2
>>
>> table=2 (lr_in_learn_neighbor), priority=100 , match=(reg9[3] == 1
>> || reg9[2] == 1), action=(next;)
>> table=3 (lr_in_ip_input ), priority=0 , match=(1),
>> action=(next;)
>> table=4 (lr_in_defrag ), priority=0 , match=(1),
>> action=(next;)
>> table=5 (lr_in_unsnat ), priority=0 , match=(1),
>> action=(next;)
>> table=6 (lr_in_dnat ), priority=0 , match=(1),
>> action=(next;)
>> table=7 (lr_in_nd_ra_options), priority=0 , match=(1),
>> action=(next;)
>> table=8 (lr_in_nd_ra_response), priority=0 , match=(1),
>> action=(next;)
>>
>> Skip to table 9
>>
>> table=9 (lr_in_ip_routing ), priority=449 , match=(ip4.dst ==
>> 192.16.1.0/24), action=(ip.ttl--; reg8[0..15] = 0; reg0 = ip4.dst; reg1
>> = 192.16.1.1; eth.src = 40:44:00:00:00:60; outport =
>> "lr_vcn3-vcn3_subnet1"; flags.loopback = 1; next;)
>> table=9 (lr_in_ip_routing ), priority=65 , match=(ip4.dst ==
>> 192.16.1.106/32), action=(ip.ttl--; reg8[0..15] = 0; reg0 = 253.255.0.1;
>> reg1 = 253.255.31.3; eth.src = 40:44:00:00:10:10; outport =
>> "lr_vcn3_gw-ls_external_vcn3"; flags.loopback = 1; next;)
>>
>> Ah, I wanted that static host route to be done first!
>> And it would send us to:
>>
>> Datapath: "lr_vcn3" (db21ed8c-16a5-4afb-aa51-5bbaae5bda29) Pipeline:
>> egress
>> table=0 (lr_out_undnat ), priority=100 , match=(ip && ip4.src
>> == 192.16.1.106 && outport == "lr_vcn3_gw-ls_external_vcn3" &&
>> is_chassis_resident("cr-lr_vcn3_gw-ls_external_vcn3")), action=(ct_dnat;)
>>
>> Where we dnat, but to what?
>>
>>
>>
>> # My North Bound DB:
>> switch 6631a7a5-018f-496c-b8d3-af17d5e997ae (ls_external_vcn3)
>> port ln-ls_external_vcn3
>> type: localnet
>> addresses: ["unknown"]
>> port ls_external_vcn3-lr_vcn3_gw
>> type: router
>> router-port: lr_vcn3_gw-ls_external_vcn3
>> switch 2f8cce6f-b41c-4a90-8785-9f56d808ac14 (ls_vcn3)
>> port 284195d2-9280-4334-900e-571ecd00327a
>> addresses: ["52:54:00:02:55:96 192.16.1.6"]
>> port 269089c4-9464-41ec-9f63-6b3804b34b07
>> addresses: ["52:54:00:30:38:35 192.16.1.5"]
>> port vcn3_subnet1-lr_vcn3
>> type: router
>> addresses: ["40:44:00:00:00:60"]
>> router-port: lr_vcn3-vcn3_subnet1
>> router 36c64fdf-4842-4543-95bc-9bfe731af4d3 (lr_vcn3)
>> port lr_vcn3-vcn3_subnet1
>> mac: "40:44:00:00:00:60"
>> networks: ["192.16.1.1/24"]
>> port lr_vcn3_gw-ls_external_vcn3
>> mac: "40:44:00:00:10:10"
>> networks: ["253.255.31.3/16"]
>> gateway chassis: [ca-rain06 ca-rain05 ca-rain17]
>> nat 5e179df6-15c7-403e-99a7-1e453cbc0493
>> external ip: "253.255.2.2"
>> logical ip: "192.16.1.6"
>> type: "snat"
>> nat e4dab2ac-7be0-4127-818e-d24b71c14f4b
>> external ip: "253.255.0.33"
>> logical ip: "192.16.1.106"
>> type: "dnat"
>>
>> ovn-trace
>> ----------
>> ovn-trace --detailed ls_vcn3 'inport ==
>> "284195d2-9280-4334-900e-571ecd00327a" && eth.dst == 40:44:00:00:00:60
>> && eth.src == 52:54:00:02:55:96 && ip4.src == 192.16.1.6 && ip4.dst ==
>> 192.16.1.106 && ip.ttl == 64'
>>
>>
>> ip,reg14=0x1,vlan_tci=0x0000,dl_src=52:54:00:02:55:96,dl_dst=40:44:00:00:00:60,nw_src=192.16.1.6,nw_dst=192.16.1.106,nw_proto=0,nw_tos=0,nw_ecn=0,nw_ttl=64
>>
>> ingress(dp="ls_vcn3", inport="284195")
>> --------------------------------------
>> 0. ls_in_port_sec_l2 (ovn-northd.c:4554): inport == "284195", priority
>> 50, uuid 51a977d4
>> next;
>> 19. ls_in_l2_lkup (ovn-northd.c:6795): eth.dst == 40:44:00:00:00:60,
>> priority 50, uuid a113d3fa
>> outport = "vcn3_subnet1-lr_vcn3";
>> output;
>>
>> egress(dp="ls_vcn3", inport="284195", outport="vcn3_subnet1-lr_vcn3")
>> ---------------------------------------------------------------------
>> 9. ls_out_port_sec_l2 (ovn-northd.c:4620): outport ==
>> "vcn3_subnet1-lr_vcn3", priority 50, uuid 3d8d93d9
>> output;
>> /* output to "vcn3_subnet1-lr_vcn3", type "patch" */
>>
>> ingress(dp="lr_vcn3", inport="lr_vcn3-vcn3_subnet1")
>> ----------------------------------------------------
>> 0. lr_in_admission (ovn-northd.c:7899): eth.dst == 40:44:00:00:00:60
>> && inport == "lr_vcn3-vcn3_subnet1", priority 50, uuid e2e7a16c
>> next;
>> 1. lr_in_lookup_neighbor (ovn-northd.c:7948): 1, priority 0, uuid
>> 233e1ed7
>> reg9[3] = 1;
>> next;
>> 2. lr_in_learn_neighbor (ovn-northd.c:7954): reg9[3] == 1 || reg9[2]
>> == 1, priority 100, uuid 313658ec
>> next;
>> 9. lr_in_ip_routing (ovn-northd.c:7523): ip4.dst == 192.16.1.0/24,
>> priority 449, uuid e11228da <--- Aragh seems to ignore the specific
>> static route and thinks this is local link!
>> ip.ttl--;
>> reg8[0..15] = 0;
>> reg0 = ip4.dst;
>> reg1 = 192.16.1.1;
>> eth.src = 40:44:00:00:00:60;
>> outport = "lr_vcn3-vcn3_subnet1";
>> flags.loopback = 1;
>> next;
>> 10. lr_in_ip_routing_ecmp (ovn-northd.c:9510): reg8[0..15] == 0,
>> priority 150, uuid c72b3565
>> next;
>> 12. lr_in_arp_resolve (ovn-northd.c:9990): ip4, priority 0, uuid 0a2fe63c
>> get_arp(outport, reg0);
>> /* No MAC binding. */
>> next;
>> 16. lr_in_arp_request (ovn-northd.c:10183): eth.dst == 00:00:00:00:00:00
>> && ip4, priority 100, uuid 07acd5d1
>> arp { eth.dst = ff:ff:ff:ff:ff:ff; arp.spa = reg1; arp.tpa = reg0;
>> arp.op = 1; output; };
>>
>> arp
>> ---
>> eth.dst = ff:ff:ff:ff:ff:ff;
>> arp.spa = reg1;
>> arp.tpa = reg0;
>> arp.op = 1;
>> output;
>>
>> egress(dp="lr_vcn3", inport="lr_vcn3-vcn3_subnet1",
>> outport="lr_vcn3-vcn3_subnet1")
>>
>> -----------------------------------------------------------------------------------
>> 3. lr_out_delivery (ovn-northd.c:10236): outport ==
>> "lr_vcn3-vcn3_subnet1", priority 100, uuid febd649c
>> output;
>> /* output to "lr_vcn3-vcn3_subnet1", type "patch" */
>>
>> ingress(dp="ls_vcn3", inport="vcn3_subnet1-lr_vcn3")
>> ----------------------------------------------------
>> 0. ls_in_port_sec_l2 (ovn-northd.c:4554): inport ==
>> "vcn3_subnet1-lr_vcn3", priority 50, uuid 02461868
>> next;
>> 19. ls_in_l2_lkup (ovn-northd.c:5912): eth.src == { 40:44:00:00:00:60}
>> && (arp.op == 1 || nd_ns), priority 80, uuid 415dbc44
>> outport = "_MC_flood";
>> output;
>>
>> multicast(dp="ls_vcn3", mcgroup="_MC_flood")
>> --------------------------------------------
>>
>> egress(dp="ls_vcn3", inport="vcn3_subnet1-lr_vcn3", outport="269089")
>> ---------------------------------------------------------------------
>> 9. ls_out_port_sec_l2 (ovn-northd.c:4643): eth.mcast, priority
>> 100, uuid 3ece5edd
>> output;
>> /* output to "269089", type "" */
>>
>> egress(dp="ls_vcn3", inport="vcn3_subnet1-lr_vcn3", outport="284195")
>> ---------------------------------------------------------------------
>> 9. ls_out_port_sec_l2 (ovn-northd.c:4643): eth.mcast, priority
>> 100, uuid 3ece5edd
>> output;
>> /* output to "284195", type "" */
>>
>> egress(dp="ls_vcn3", inport="vcn3_subnet1-lr_vcn3",
>> outport="vcn3_subnet1-lr_vcn3")
>>
>> -----------------------------------------------------------------------------------
>> /* omitting output because inport == outport && !flags.loopback */
>> [root at ca-rain01 ~]#
>>
>> South Bound flows:
>> --------------------
>> Datapath: "ls_external_vcn3" (3581a7f7-467c-4476-8774-855a88fa198f)
>> Pipeline: ingress
>> table=0 (ls_in_port_sec_l2 ), priority=100 , match=(eth.src[40]),
>> action=(drop;)
>> table=0 (ls_in_port_sec_l2 ), priority=100 , match=(vlan.present),
>> action=(drop;)
>> table=0 (ls_in_port_sec_l2 ), priority=50 , match=(inport ==
>> "ln-ls_external_vcn3"), action=(next;)
>> table=0 (ls_in_port_sec_l2 ), priority=50 , match=(inport ==
>> "ls_external_vcn3-lr_vcn3_gw"), action=(next;)
>> table=1 (ls_in_port_sec_ip ), priority=0 , match=(1),
>> action=(next;)
>> table=2 (ls_in_port_sec_nd ), priority=0 , match=(1),
>> action=(next;)
>> table=3 (ls_in_pre_acl ), priority=110 , match=(eth.dst ==
>> 9e:c3:df:e2:c8:d7), action=(next;)
>> table=3 (ls_in_pre_acl ), priority=0 , match=(1),
>> action=(next;)
>> table=4 (ls_in_pre_lb ), priority=110 , match=(eth.dst ==
>> 9e:c3:df:e2:c8:d7), action=(next;)
>> table=4 (ls_in_pre_lb ), priority=110 , match=(nd || nd_rs ||
>> nd_ra || icmp4.type == 3 ||icmp6.type == 1 || (tcp && tcp.flags == 20)),
>> action=(next;)
>> table=4 (ls_in_pre_lb ), priority=0 , match=(1),
>> action=(next;)
>> table=5 (ls_in_pre_stateful ), priority=100 , match=(reg0[0] == 1),
>> action=(ct_next;)
>> table=5 (ls_in_pre_stateful ), priority=0 , match=(1),
>> action=(next;)
>> table=6 (ls_in_acl ), priority=34000, match=(eth.dst ==
>> 9e:c3:df:e2:c8:d7), action=(next;)
>> table=6 (ls_in_acl ), priority=0 , match=(1),
>> action=(next;)
>> table=7 (ls_in_qos_mark ), priority=0 , match=(1),
>> action=(next;)
>> table=8 (ls_in_qos_meter ), priority=0 , match=(1),
>> action=(next;)
>> table=9 (ls_in_lb ), priority=0 , match=(1),
>> action=(next;)
>> table=10(ls_in_stateful ), priority=100 , match=(reg0[1] == 1),
>> action=(ct_commit(ct_label=0/1); next;)
>> table=10(ls_in_stateful ), priority=100 , match=(reg0[2] == 1),
>> action=(ct_lb;)
>> table=10(ls_in_stateful ), priority=0 , match=(1),
>> action=(next;)
>> table=11(ls_in_pre_hairpin ), priority=0 , match=(1),
>> action=(next;)
>> table=12(ls_in_hairpin ), priority=1 , match=(reg0[6] == 1),
>> action=(eth.dst <-> eth.src;outport = inport;flags.loopback = 1;output;)
>> table=12(ls_in_hairpin ), priority=0 , match=(1),
>> action=(next;)
>> table=13(ls_in_arp_rsp ), priority=100 , match=(arp.tpa ==
>> 253.255.31.3 && arp.op == 1 && inport == "ls_external_vcn3-lr_vcn3_gw"),
>> action=(next;)
>> table=13(ls_in_arp_rsp ), priority=100 , match=(inport ==
>> "ln-ls_external_vcn3"), action=(next;)
>> table=13(ls_in_arp_rsp ), priority=100 , match=(nd_ns &&
>> ip6.dst == {fe80::4244:ff:fe00:1010, ff02::1:ff00:1010} && nd.target ==
>> fe80::4244:ff:fe00:1010 && inport == "ls_external_vcn3-lr_vcn3_gw"),
>> action=(next;)
>> table=13(ls_in_arp_rsp ), priority=50 , match=(arp.tpa ==
>> 253.255.31.3 && arp.op == 1), action=(eth.dst = eth.src; eth.src =
>> 40:44:00:00:10:10; arp.op = 2; /* ARP reply */ arp.tha = arp.sha;
>> arp.sha = 40:44:00:00:10:10; arp.tpa = arp.spa; arp.spa = 253.255.31.3;
>> outport = inport; flags.loopback = 1; output;)
>> table=13(ls_in_arp_rsp ), priority=50 , match=(nd_ns &&
>> ip6.dst == {fe80::4244:ff:fe00:1010, ff02::1:ff00:1010} && nd.target ==
>> fe80::4244:ff:fe00:1010), action=(nd_na_router { eth.src =
>> 40:44:00:00:10:10; ip6.src = fe80::4244:ff:fe00:1010; nd.target =
>> fe80::4244:ff:fe00:1010; nd.tll = 40:44:00:00:10:10; outport = inport;
>> flags.loopback = 1; output; };)
>> table=13(ls_in_arp_rsp ), priority=0 , match=(1),
>> action=(next;)
>> table=14(ls_in_dhcp_options ), priority=0 , match=(1),
>> action=(next;)
>> table=15(ls_in_dhcp_response), priority=0 , match=(1),
>> action=(next;)
>> table=16(ls_in_dns_lookup ), priority=0 , match=(1),
>> action=(next;)
>> table=17(ls_in_dns_response ), priority=0 , match=(1),
>> action=(next;)
>> table=18(ls_in_external_port), priority=0 , match=(1),
>> action=(next;)
>> table=19(ls_in_l2_lkup ), priority=110 , match=(eth.dst ==
>> 9e:c3:df:e2:c8:d7), action=(handle_svc_check(inport);)
>> table=19(ls_in_l2_lkup ), priority=80 , match=(eth.src == {
>> 40:44:00:00:10:10} && (arp.op == 1 || nd_ns)), action=(outport =
>> "_MC_flood"; output;)
>> table=19(ls_in_l2_lkup ), priority=75 , match=(flags[1] == 0
>> && arp.op == 1 && arp.tpa == { 253.255.31.3, 253.255.0.33}),
>> action=(clone { outport = "ln-ls_external_vcn3"; output; }; outport =
>> "ls_external_vcn3-lr_vcn3_gw"; output;)
>> table=19(ls_in_l2_lkup ), priority=75 , match=(flags[1] == 0
>> && nd_ns && nd.target == { fe80::4244:ff:fe00:1010}), action=(clone {
>> outport = "ln-ls_external_vcn3"; output; }; outport =
>> "ls_external_vcn3-lr_vcn3_gw"; output;)
>> table=19(ls_in_l2_lkup ), priority=70 , match=(eth.mcast),
>> action=(outport = "_MC_flood"; output;)
>> table=19(ls_in_l2_lkup ), priority=50 , match=(eth.dst ==
>> 40:44:00:00:10:10 &&
>> is_chassis_resident("cr-lr_vcn3_gw-ls_external_vcn3")), action=(outport
>> = "ls_external_vcn3-lr_vcn3_gw"; output;)
>> table=19(ls_in_l2_lkup ), priority=0 , match=(1),
>> action=(outport = "_MC_unknown"; output;)
>> Datapath: "ls_external_vcn3" (3581a7f7-467c-4476-8774-855a88fa198f)
>> Pipeline: egress
>> table=0 (ls_out_pre_lb ), priority=110 , match=(eth.src ==
>> 9e:c3:df:e2:c8:d7), action=(next;)
>> table=0 (ls_out_pre_lb ), priority=110 , match=(nd || nd_rs ||
>> nd_ra || icmp4.type == 3 ||icmp6.type == 1 || (tcp && tcp.flags == 20)),
>> action=(next;)
>> table=0 (ls_out_pre_lb ), priority=0 , match=(1),
>> action=(next;)
>> table=1 (ls_out_pre_acl ), priority=110 , match=(eth.src ==
>> 9e:c3:df:e2:c8:d7), action=(next;)
>> table=1 (ls_out_pre_acl ), priority=0 , match=(1),
>> action=(next;)
>> table=2 (ls_out_pre_stateful), priority=100 , match=(reg0[0] == 1),
>> action=(ct_next;)
>> table=2 (ls_out_pre_stateful), priority=0 , match=(1),
>> action=(next;)
>> table=3 (ls_out_lb ), priority=0 , match=(1),
>> action=(next;)
>> table=4 (ls_out_acl ), priority=34000, match=(eth.src ==
>> 9e:c3:df:e2:c8:d7), action=(next;)
>> table=4 (ls_out_acl ), priority=0 , match=(1),
>> action=(next;)
>> table=5 (ls_out_qos_mark ), priority=0 , match=(1),
>> action=(next;)
>> table=6 (ls_out_qos_meter ), priority=0 , match=(1),
>> action=(next;)
>> table=7 (ls_out_stateful ), priority=100 , match=(reg0[1] == 1),
>> action=(ct_commit(ct_label=0/1); next;)
>> table=7 (ls_out_stateful ), priority=100 , match=(reg0[2] == 1),
>> action=(ct_lb;)
>> table=7 (ls_out_stateful ), priority=0 , match=(1),
>> action=(next;)
>> table=8 (ls_out_port_sec_ip ), priority=0 , match=(1),
>> action=(next;)
>> table=9 (ls_out_port_sec_l2 ), priority=100 , match=(eth.mcast),
>> action=(output;)
>> table=9 (ls_out_port_sec_l2 ), priority=50 , match=(outport ==
>> "ln-ls_external_vcn3"), action=(output;)
>> table=9 (ls_out_port_sec_l2 ), priority=50 , match=(outport ==
>> "ls_external_vcn3-lr_vcn3_gw"), action=(output;)
>> Datapath: "ls_vcn3" (6e61b3f2-6481-497f-819e-b39c98c50be6) Pipeline:
>> ingress
>> table=0 (ls_in_port_sec_l2 ), priority=100 , match=(eth.src[40]),
>> action=(drop;)
>> table=0 (ls_in_port_sec_l2 ), priority=100 , match=(vlan.present),
>> action=(drop;)
>> table=0 (ls_in_port_sec_l2 ), priority=50 , match=(inport ==
>> "269089c4-9464-41ec-9f63-6b3804b34b07"), action=(next;)
>> table=0 (ls_in_port_sec_l2 ), priority=50 , match=(inport ==
>> "284195d2-9280-4334-900e-571ecd00327a"), action=(next;)
>> table=0 (ls_in_port_sec_l2 ), priority=50 , match=(inport ==
>> "vcn3_subnet1-lr_vcn3"), action=(next;)
>> table=1 (ls_in_port_sec_ip ), priority=0 , match=(1),
>> action=(next;)
>> table=2 (ls_in_port_sec_nd ), priority=0 , match=(1),
>> action=(next;)
>> table=3 (ls_in_pre_acl ), priority=110 , match=(eth.dst ==
>> 9e:c3:df:e2:c8:d7), action=(next;)
>> table=3 (ls_in_pre_acl ), priority=0 , match=(1),
>> action=(next;)
>> table=4 (ls_in_pre_lb ), priority=110 , match=(eth.dst ==
>> 9e:c3:df:e2:c8:d7), action=(next;)
>> table=4 (ls_in_pre_lb ), priority=110 , match=(nd || nd_rs ||
>> nd_ra || icmp4.type == 3 ||icmp6.type == 1 || (tcp && tcp.flags == 20)),
>> action=(next;)
>> table=4 (ls_in_pre_lb ), priority=0 , match=(1),
>> action=(next;)
>> table=5 (ls_in_pre_stateful ), priority=100 , match=(reg0[0] == 1),
>> action=(ct_next;)
>> table=5 (ls_in_pre_stateful ), priority=0 , match=(1),
>> action=(next;)
>> table=6 (ls_in_acl ), priority=34000, match=(eth.dst ==
>> 9e:c3:df:e2:c8:d7), action=(next;)
>> table=6 (ls_in_acl ), priority=0 , match=(1),
>> action=(next;)
>> table=7 (ls_in_qos_mark ), priority=0 , match=(1),
>> action=(next;)
>> table=8 (ls_in_qos_meter ), priority=0 , match=(1),
>> action=(next;)
>> table=9 (ls_in_lb ), priority=0 , match=(1),
>> action=(next;)
>> table=10(ls_in_stateful ), priority=100 , match=(reg0[1] == 1),
>> action=(ct_commit(ct_label=0/1); next;)
>> table=10(ls_in_stateful ), priority=100 , match=(reg0[2] == 1),
>> action=(ct_lb;)
>> table=10(ls_in_stateful ), priority=0 , match=(1),
>> action=(next;)
>> table=11(ls_in_pre_hairpin ), priority=0 , match=(1),
>> action=(next;)
>> table=12(ls_in_hairpin ), priority=1 , match=(reg0[6] == 1),
>> action=(eth.dst <-> eth.src;outport = inport;flags.loopback = 1;output;)
>> table=12(ls_in_hairpin ), priority=0 , match=(1),
>> action=(next;)
>> table=13(ls_in_arp_rsp ), priority=100 , match=(arp.tpa ==
>> 192.16.1.5 && arp.op == 1 && inport ==
>> "269089c4-9464-41ec-9f63-6b3804b34b07"), action=(next;)
>> table=13(ls_in_arp_rsp ), priority=100 , match=(arp.tpa ==
>> 192.16.1.6 && arp.op == 1 && inport ==
>> "284195d2-9280-4334-900e-571ecd00327a"), action=(next;)
>> table=13(ls_in_arp_rsp ), priority=50 , match=(arp.tpa ==
>> 192.16.1.5 && arp.op == 1), action=(eth.dst = eth.src; eth.src =
>> 52:54:00:30:38:35; arp.op = 2; /* ARP reply */ arp.tha = arp.sha;
>> arp.sha = 52:54:00:30:38:35; arp.tpa = arp.spa; arp.spa = 192.16.1.5;
>> outport = inport; flags.loopback = 1; output;)
>> table=13(ls_in_arp_rsp ), priority=50 , match=(arp.tpa ==
>> 192.16.1.6 && arp.op == 1), action=(eth.dst = eth.src; eth.src =
>> 52:54:00:02:55:96; arp.op = 2; /* ARP reply */ arp.tha = arp.sha;
>> arp.sha = 52:54:00:02:55:96; arp.tpa = arp.spa; arp.spa = 192.16.1.6;
>> outport = inport; flags.loopback = 1; output;)
>> table=13(ls_in_arp_rsp ), priority=0 , match=(1),
>> action=(next;)
>> table=14(ls_in_dhcp_options ), priority=0 , match=(1),
>> action=(next;)
>> table=15(ls_in_dhcp_response), priority=0 , match=(1),
>> action=(next;)
>> table=16(ls_in_dns_lookup ), priority=0 , match=(1),
>> action=(next;)
>> table=17(ls_in_dns_response ), priority=0 , match=(1),
>> action=(next;)
>> table=18(ls_in_external_port), priority=0 , match=(1),
>> action=(next;)
>> table=19(ls_in_l2_lkup ), priority=110 , match=(eth.dst ==
>> 9e:c3:df:e2:c8:d7), action=(handle_svc_check(inport);)
>> table=19(ls_in_l2_lkup ), priority=80 , match=(eth.src == {
>> 40:44:00:00:00:60} && (arp.op == 1 || nd_ns)), action=(outport =
>> "_MC_flood"; output;)
>> table=19(ls_in_l2_lkup ), priority=75 , match=(flags[1] == 0
>> && arp.op == 1 && arp.tpa == { 253.255.0.33, 192.16.1.1}),
>> action=(outport = "vcn3_subnet1-lr_vcn3"; output;)
>> table=19(ls_in_l2_lkup ), priority=75 , match=(flags[1] == 0
>> && nd_ns && nd.target == { fe80::4244:ff:fe00:60}), action=(outport =
>> "vcn3_subnet1-lr_vcn3"; output;)
>> table=19(ls_in_l2_lkup ), priority=70 , match=(eth.mcast),
>> action=(outport = "_MC_flood"; output;)
>> table=19(ls_in_l2_lkup ), priority=50 , match=(eth.dst ==
>> 40:44:00:00:00:60), action=(outport = "vcn3_subnet1-lr_vcn3"; output;)
>> table=19(ls_in_l2_lkup ), priority=50 , match=(eth.dst ==
>> 52:54:00:02:55:96), action=(outport =
>> "284195d2-9280-4334-900e-571ecd00327a"; output;)
>> table=19(ls_in_l2_lkup ), priority=50 , match=(eth.dst ==
>> 52:54:00:30:38:35), action=(outport =
>> "269089c4-9464-41ec-9f63-6b3804b34b07"; output;)
>> Datapath: "ls_vcn3" (6e61b3f2-6481-497f-819e-b39c98c50be6) Pipeline:
>> egress
>> table=0 (ls_out_pre_lb ), priority=110 , match=(eth.src ==
>> 9e:c3:df:e2:c8:d7), action=(next;)
>> table=0 (ls_out_pre_lb ), priority=110 , match=(nd || nd_rs ||
>> nd_ra || icmp4.type == 3 ||icmp6.type == 1 || (tcp && tcp.flags == 20)),
>> action=(next;)
>> table=0 (ls_out_pre_lb ), priority=0 , match=(1),
>> action=(next;)
>> table=1 (ls_out_pre_acl ), priority=110 , match=(eth.src ==
>> 9e:c3:df:e2:c8:d7), action=(next;)
>> table=1 (ls_out_pre_acl ), priority=0 , match=(1),
>> action=(next;)
>> table=2 (ls_out_pre_stateful), priority=100 , match=(reg0[0] == 1),
>> action=(ct_next;)
>> table=2 (ls_out_pre_stateful), priority=0 , match=(1),
>> action=(next;)
>> table=3 (ls_out_lb ), priority=0 , match=(1),
>> action=(next;)
>> table=4 (ls_out_acl ), priority=34000, match=(eth.src ==
>> 9e:c3:df:e2:c8:d7), action=(next;)
>> table=4 (ls_out_acl ), priority=0 , match=(1),
>> action=(next;)
>> table=5 (ls_out_qos_mark ), priority=0 , match=(1),
>> action=(next;)
>> table=6 (ls_out_qos_meter ), priority=0 , match=(1),
>> action=(next;)
>> table=7 (ls_out_stateful ), priority=100 , match=(reg0[1] == 1),
>> action=(ct_commit(ct_label=0/1); next;)
>> table=7 (ls_out_stateful ), priority=100 , match=(reg0[2] == 1),
>> action=(ct_lb;)
>> table=7 (ls_out_stateful ), priority=0 , match=(1),
>> action=(next;)
>> table=8 (ls_out_port_sec_ip ), priority=0 , match=(1),
>> action=(next;)
>> table=9 (ls_out_port_sec_l2 ), priority=100 , match=(eth.mcast),
>> action=(output;)
>> table=9 (ls_out_port_sec_l2 ), priority=50 , match=(outport ==
>> "269089c4-9464-41ec-9f63-6b3804b34b07"), action=(output;)
>> table=9 (ls_out_port_sec_l2 ), priority=50 , match=(outport ==
>> "284195d2-9280-4334-900e-571ecd00327a"), action=(output;)
>> table=9 (ls_out_port_sec_l2 ), priority=50 , match=(outport ==
>> "vcn3_subnet1-lr_vcn3"), action=(output;)
>> Datapath: "lr_vcn3" (db21ed8c-16a5-4afb-aa51-5bbaae5bda29) Pipeline:
>> ingress
>> table=0 (lr_in_admission ), priority=100 , match=(vlan.present ||
>> eth.src[40]), action=(drop;)
>> table=0 (lr_in_admission ), priority=50 , match=(eth.dst ==
>> 40:44:00:00:00:60 && inport == "lr_vcn3-vcn3_subnet1"), action=(next;)
>> table=0 (lr_in_admission ), priority=50 , match=(eth.dst ==
>> 40:44:00:00:10:10 && inport == "lr_vcn3_gw-ls_external_vcn3" &&
>> is_chassis_resident("cr-lr_vcn3_gw-ls_external_vcn3")), action=(next;)
>> table=0 (lr_in_admission ), priority=50 , match=(eth.mcast &&
>> inport == "lr_vcn3-vcn3_subnet1"), action=(next;)
>> table=0 (lr_in_admission ), priority=50 , match=(eth.mcast &&
>> inport == "lr_vcn3_gw-ls_external_vcn3"), action=(next;)
>> table=1 (lr_in_lookup_neighbor), priority=100 , match=(arp.op == 2),
>> action=(reg9[2] = lookup_arp(inport, arp.spa, arp.sha); next;)
>> table=1 (lr_in_lookup_neighbor), priority=100 , match=(inport ==
>> "lr_vcn3-vcn3_subnet1" && arp.spa == 192.16.1.0/24 && arp.op == 1),
>> action=(reg9[2] = lookup_arp(inport, arp.spa, arp.sha); next;)
>> table=1 (lr_in_lookup_neighbor), priority=100 , match=(inport ==
>> "lr_vcn3_gw-ls_external_vcn3" && arp.spa == 253.255.0.0/16 && arp.op ==
>> 1 && is_chassis_resident("cr-lr_vcn3_gw-ls_external_vcn3")),
>> action=(reg9[2] = lookup_arp(inport, arp.spa, arp.sha); next;)
>> table=1 (lr_in_lookup_neighbor), priority=100 , match=(nd_na),
>> action=(reg9[2] = lookup_nd(inport, nd.target, nd.tll); next;)
>> table=1 (lr_in_lookup_neighbor), priority=100 , match=(nd_ns),
>> action=(reg9[2] = lookup_nd(inport, ip6.src, nd.sll); next;)
>> table=1 (lr_in_lookup_neighbor), priority=0 , match=(1),
>> action=(reg9[3] = 1; next;)
>> table=2 (lr_in_learn_neighbor), priority=100 , match=(reg9[3] == 1
>> || reg9[2] == 1), action=(next;)
>> table=2 (lr_in_learn_neighbor), priority=90 , match=(arp),
>> action=(put_arp(inport, arp.spa, arp.sha); next;)
>> table=2 (lr_in_learn_neighbor), priority=90 , match=(nd_na),
>> action=(put_nd(inport, nd.target, nd.tll); next;)
>> table=2 (lr_in_learn_neighbor), priority=90 , match=(nd_ns),
>> action=(put_nd(inport, ip6.src, nd.sll); next;)
>> table=3 (lr_in_ip_input ), priority=120 , match=(inport ==
>> "lr_vcn3_gw-ls_external_vcn3" && ip4.src == 253.255.2.2), action=(next;)
>> table=3 (lr_in_ip_input ), priority=100 , match=(ip4.src ==
>> {192.16.1.1, 192.16.1.255} && reg9[0] == 0), action=(drop;)
>> table=3 (lr_in_ip_input ), priority=100 , match=(ip4.src ==
>> {253.255.31.3, 253.255.255.255} && reg9[0] == 0), action=(drop;)
>> table=3 (lr_in_ip_input ), priority=100 , match=(ip4.src_mcast
>> ||ip4.src == 255.255.255.255 || ip4.src == 127.0.0.0/8 || ip4.dst ==
>> 127.0.0.0/8 || ip4.src == 0.0.0.0/8 || ip4.dst == 0.0.0.0/8),
>> action=(drop;)
>> table=3 (lr_in_ip_input ), priority=100 , match=(ip6.dst ==
>> fe80::4244:ff:fe00:1010 && udp.src == 547 && udp.dst == 546),
>> action=(reg0 = 0; handle_dhcpv6_reply;)
>> table=3 (lr_in_ip_input ), priority=100 , match=(ip6.dst ==
>> fe80::4244:ff:fe00:60 && udp.src == 547 && udp.dst == 546), action=(reg0
>> = 0; handle_dhcpv6_reply;)
>> table=3 (lr_in_ip_input ), priority=90 , match=(inport ==
>> "lr_vcn3-vcn3_subnet1" && arp.spa == 192.16.1.0/24 && arp.tpa ==
>> 192.16.1.1 && arp.op == 1), action=(eth.dst = eth.src; eth.src =
>> 40:44:00:00:00:60; arp.op = 2; /* ARP reply */ arp.tha = arp.sha;
>> arp.sha = 40:44:00:00:00:60; arp.tpa = arp.spa; arp.spa = 192.16.1.1;
>> outport = "lr_vcn3-vcn3_subnet1"; flags.loopback = 1; output;)
>> table=3 (lr_in_ip_input ), priority=90 , match=(inport ==
>> "lr_vcn3-vcn3_subnet1" && arp.tpa == 253.255.0.33 && arp.op == 1),
>> action=(eth.dst = eth.src; arp.op = 2; /* ARP reply */ arp.tha =
>> arp.sha; eth.src = 40:44:00:00:00:60; arp.sha = 40:44:00:00:00:60;
>> arp.tpa = arp.spa; arp.spa = 253.255.0.33; outport =
>> "lr_vcn3-vcn3_subnet1"; flags.loopback = 1; output;)
>> table=3 (lr_in_ip_input ), priority=90 , match=(inport ==
>> "lr_vcn3-vcn3_subnet1" && nd_ns && ip6.dst == {fe80::4244:ff:fe00:60,
>> ff02::1:ff00:60} && nd.target == fe80::4244:ff:fe00:60),
>> action=(nd_na_router { eth.src = 40:44:00:00:00:60; ip6.src =
>> fe80::4244:ff:fe00:60; nd.target = fe80::4244:ff:fe00:60; nd.tll =
>> 40:44:00:00:00:60; outport = inport; flags.loopback = 1; output; };)
>> table=3 (lr_in_ip_input ), priority=90 , match=(inport ==
>> "lr_vcn3_gw-ls_external_vcn3" && arp.spa == 253.255.0.0/16 && arp.tpa ==
>> 253.255.31.3 && arp.op == 1 &&
>> is_chassis_resident("cr-lr_vcn3_gw-ls_external_vcn3")), action=(eth.dst
>> = eth.src; eth.src = 40:44:00:00:10:10; arp.op = 2; /* ARP reply */
>> arp.tha = arp.sha; arp.sha = 40:44:00:00:10:10; arp.tpa = arp.spa;
>> arp.spa = 253.255.31.3; outport = "lr_vcn3_gw-ls_external_vcn3";
>> flags.loopback = 1; output;)
>> table=3 (lr_in_ip_input ), priority=90 , match=(inport ==
>> "lr_vcn3_gw-ls_external_vcn3" && arp.tpa == 253.255.0.33 && arp.op == 1
>> && is_chassis_resident("cr-lr_vcn3_gw-ls_external_vcn3")),
>> action=(eth.dst = eth.src; arp.op = 2; /* ARP reply */ arp.tha =
>> arp.sha; eth.src = 40:44:00:00:10:10; arp.sha = 40:44:00:00:10:10;
>> arp.tpa = arp.spa; arp.spa = 253.255.0.33; outport =
>> "lr_vcn3_gw-ls_external_vcn3"; flags.loopback = 1; output;)
>> table=3 (lr_in_ip_input ), priority=90 , match=(inport ==
>> "lr_vcn3_gw-ls_external_vcn3" && nd_ns && ip6.dst ==
>> {fe80::4244:ff:fe00:1010, ff02::1:ff00:1010} && nd.target ==
>> fe80::4244:ff:fe00:1010 &&
>> is_chassis_resident("cr-lr_vcn3_gw-ls_external_vcn3")),
>> action=(nd_na_router { eth.src = 40:44:00:00:10:10; ip6.src =
>> fe80::4244:ff:fe00:1010; nd.target = fe80::4244:ff:fe00:1010; nd.tll =
>> 40:44:00:00:10:10; outport = inport; flags.loopback = 1; output; };)
>> table=3 (lr_in_ip_input ), priority=90 , match=(ip4.dst ==
>> 192.16.1.1 && icmp4.type == 8 && icmp4.code == 0), action=(ip4.dst <->
>> ip4.src; ip.ttl = 255; icmp4.type = 0; flags.loopback = 1; next; )
>> table=3 (lr_in_ip_input ), priority=90 , match=(ip4.dst ==
>> 253.255.31.3 && icmp4.type == 8 && icmp4.code == 0), action=(ip4.dst <->
>> ip4.src; ip.ttl = 255; icmp4.type = 0; flags.loopback = 1; next; )
>> table=3 (lr_in_ip_input ), priority=90 , match=(ip6.dst ==
>> fe80::4244:ff:fe00:1010 && icmp6.type == 128 && icmp6.code == 0),
>> action=(ip6.dst <-> ip6.src; ip.ttl = 255; icmp6.type = 129;
>> flags.loopback = 1; next; )
>> table=3 (lr_in_ip_input ), priority=90 , match=(ip6.dst ==
>> fe80::4244:ff:fe00:60 && icmp6.type == 128 && icmp6.code == 0),
>> action=(ip6.dst <-> ip6.src; ip.ttl = 255; icmp6.type = 129;
>> flags.loopback = 1; next; )
>> table=3 (lr_in_ip_input ), priority=85 , match=(arp || nd),
>> action=(drop;)
>> table=3 (lr_in_ip_input ), priority=84 , match=(nd_rs ||
>> nd_ra), action=(next;)
>> table=3 (lr_in_ip_input ), priority=83 ,
>> match=(ip6.mcast_rsvd), action=(drop;)
>> table=3 (lr_in_ip_input ), priority=82 , match=(ip4.mcast ||
>> ip6.mcast), action=(drop;)
>> table=3 (lr_in_ip_input ), priority=60 , match=(ip4.dst ==
>> {192.16.1.1} || ip6.dst == {fe80::4244:ff:fe00:60}), action=(drop;)
>> table=3 (lr_in_ip_input ), priority=60 , match=(ip4.dst ==
>> {253.255.31.3} || ip6.dst == {fe80::4244:ff:fe00:1010}), action=(drop;)
>> table=3 (lr_in_ip_input ), priority=50 , match=(eth.bcast),
>> action=(drop;)
>> table=3 (lr_in_ip_input ), priority=40 , match=(inport ==
>> "lr_vcn3-vcn3_subnet1" && ip4 && ip.ttl == {0, 1} && !ip.later_frag),
>> action=(icmp4 {eth.dst <-> eth.src; icmp4.type = 11; /* Time exceeded */
>> icmp4.code = 0; /* TTL exceeded in transit */ ip4.dst = ip4.src; ip4.src
>> = 192.16.1.1; ip.ttl = 255; next; };)
>> table=3 (lr_in_ip_input ), priority=40 , match=(inport ==
>> "lr_vcn3_gw-ls_external_vcn3" && ip4 && ip.ttl == {0, 1} &&
>> !ip.later_frag), action=(icmp4 {eth.dst <-> eth.src; icmp4.type = 11; /*
>> Time exceeded */ icmp4.code = 0; /* TTL exceeded in transit */ ip4.dst =
>> ip4.src; ip4.src = 253.255.31.3; ip.ttl = 255; next; };)
>> table=3 (lr_in_ip_input ), priority=30 , match=(ip4 && ip.ttl
>> == {0, 1}), action=(drop;)
>> table=3 (lr_in_ip_input ), priority=0 , match=(1),
>> action=(next;)
>> table=4 (lr_in_defrag ), priority=0 , match=(1),
>> action=(next;)
>> table=5 (lr_in_unsnat ), priority=100 , match=(ip && ip4.dst
>> == 253.255.2.2 && inport == "lr_vcn3_gw-ls_external_vcn3" &&
>> is_chassis_resident("cr-lr_vcn3_gw-ls_external_vcn3")), action=(ct_snat;)
>> table=5 (lr_in_unsnat ), priority=0 , match=(1),
>> action=(next;)
>> table=6 (lr_in_dnat ), priority=100 , match=(ip && ip4.dst
>> == 253.255.0.33 && inport == "lr_vcn3_gw-ls_external_vcn3" &&
>> is_chassis_resident("cr-lr_vcn3_gw-ls_external_vcn3")),
>> action=(ct_dnat(192.16.1.106);)
>> table=6 (lr_in_dnat ), priority=0 , match=(1),
>> action=(next;)
>> table=7 (lr_in_nd_ra_options), priority=0 , match=(1),
>> action=(next;)
>> table=8 (lr_in_nd_ra_response), priority=0 , match=(1),
>> action=(next;)
>> table=9 (lr_in_ip_routing ), priority=550 , match=(nd_rs ||
>> nd_ra), action=(drop;)
>> table=9 (lr_in_ip_routing ), priority=529 , match=(inport ==
>> "lr_vcn3-vcn3_subnet1" && ip6.dst == fe80::/64), action=(ip.ttl--;
>> reg8[0..15] = 0; xxreg0 = ip6.dst; xxreg1 = fe80::4244:ff:fe00:60;
>> eth.src = 40:44:00:00:00:60; outport = "lr_vcn3-vcn3_subnet1";
>> flags.loopback = 1; next;)
>> table=9 (lr_in_ip_routing ), priority=449 , match=(ip4.dst ==
>> 192.16.1.0/24), action=(ip.ttl--; reg8[0..15] = 0; reg0 = ip4.dst; reg1
>> = 192.16.1.1; eth.src = 40:44:00:00:00:60; outport =
>> "lr_vcn3-vcn3_subnet1"; flags.loopback = 1; next;)
>> table=9 (lr_in_ip_routing ), priority=129 , match=(inport ==
>> "lr_vcn3_gw-ls_external_vcn3" && ip6.dst == fe80::/64),
>> action=(ip.ttl--; reg8[0..15] = 0; xxreg0 = ip6.dst; xxreg1 =
>> fe80::4244:ff:fe00:1010; eth.src = 40:44:00:00:10:10; outport =
>> "lr_vcn3_gw-ls_external_vcn3"; flags.loopback = 1; next;)
>> table=9 (lr_in_ip_routing ), priority=65 , match=(ip4.dst ==
>> 192.16.1.106/32), action=(ip.ttl--; reg8[0..15] = 0; reg0 = 253.255.0.1;
>> reg1 = 253.255.31.3; eth.src = 40:44:00:00:10:10; outport =
>> "lr_vcn3_gw-ls_external_vcn3"; flags.loopback = 1; next;)
>> table=9 (lr_in_ip_routing ), priority=33 , match=(ip4.dst ==
>> 253.255.0.0/16), action=(ip.ttl--; reg8[0..15] = 0; reg0 = ip4.dst; reg1
>> = 253.255.31.3; eth.src = 40:44:00:00:10:10; outport =
>> "lr_vcn3_gw-ls_external_vcn3"; flags.loopback = 1; next;)
>> table=9 (lr_in_ip_routing ), priority=1 , match=(ip4.dst ==
>> 0.0.0.0/0), action=(ip.ttl--; reg8[0..15] = 0; reg0 = 253.255.0.1; reg1
>> = 253.255.31.3; eth.src = 40:44:00:00:10:10; outport =
>> "lr_vcn3_gw-ls_external_vcn3"; flags.loopback = 1; next;)
>> table=10(lr_in_ip_routing_ecmp), priority=150 , match=(reg8[0..15]
>> == 0), action=(next;)
>> table=11(lr_in_policy ), priority=0 , match=(1),
>> action=(next;)
>> table=12(lr_in_arp_resolve ), priority=500 , match=(ip4.mcast ||
>> ip6.mcast), action=(next;)
>> table=12(lr_in_arp_resolve ), priority=100 , match=(outport ==
>> "lr_vcn3-vcn3_subnet1" && reg0 == 192.16.1.5), action=(eth.dst =
>> 52:54:00:30:38:35; next;)
>> table=12(lr_in_arp_resolve ), priority=100 , match=(outport ==
>> "lr_vcn3-vcn3_subnet1" && reg0 == 192.16.1.6), action=(eth.dst =
>> 52:54:00:02:55:96; next;)
>> table=12(lr_in_arp_resolve ), priority=100 , match=(outport ==
>> "lr_vcn3_gw-ls_external_vcn3" && reg0 == 253.255.0.33), action=(eth.dst
>> = 40:44:00:00:10:10; next;)
>> table=12(lr_in_arp_resolve ), priority=100 , match=(outport ==
>> "lr_vcn3_gw-ls_external_vcn3" && reg0 == 253.255.2.2), action=(eth.dst =
>> 40:44:00:00:10:10; next;)
>> table=12(lr_in_arp_resolve ), priority=0 , match=(ip4),
>> action=(get_arp(outport, reg0); next;)
>> table=12(lr_in_arp_resolve ), priority=0 , match=(ip6),
>> action=(get_nd(outport, xxreg0); next;)
>> table=13(lr_in_chk_pkt_len ), priority=0 , match=(1),
>> action=(next;)
>> table=14(lr_in_larger_pkts ), priority=0 , match=(1),
>> action=(next;)
>> table=15(lr_in_gw_redirect ), priority=150 , match=(outport ==
>> "lr_vcn3_gw-ls_external_vcn3" && eth.dst == 00:00:00:00:00:00),
>> action=(outport = "cr-lr_vcn3_gw-ls_external_vcn3"; next;)
>> table=15(lr_in_gw_redirect ), priority=50 , match=(outport ==
>> "lr_vcn3_gw-ls_external_vcn3"), action=(outport =
>> "cr-lr_vcn3_gw-ls_external_vcn3"; next;)
>> table=15(lr_in_gw_redirect ), priority=0 , match=(1),
>> action=(next;)
>> table=16(lr_in_arp_request ), priority=100 , match=(eth.dst ==
>> 00:00:00:00:00:00 && ip4), action=(arp { eth.dst = ff:ff:ff:ff:ff:ff;
>> arp.spa = reg1; arp.tpa = reg0; arp.op = 1; output; };)
>> table=16(lr_in_arp_request ), priority=100 , match=(eth.dst ==
>> 00:00:00:00:00:00 && ip6), action=(nd_ns { nd.target = xxreg0; output; };)
>> table=16(lr_in_arp_request ), priority=0 , match=(1),
>> action=(output;)
>> Datapath: "lr_vcn3" (db21ed8c-16a5-4afb-aa51-5bbaae5bda29) Pipeline:
>> egress
>> table=0 (lr_out_undnat ), priority=100 , match=(ip && ip4.src
>> == 192.16.1.106 && outport == "lr_vcn3_gw-ls_external_vcn3" &&
>> is_chassis_resident("cr-lr_vcn3_gw-ls_external_vcn3")), action=(ct_dnat;)
>> table=0 (lr_out_undnat ), priority=0 , match=(1),
>> action=(next;)
>> table=1 (lr_out_snat ), priority=161 , match=(ip && ip4.src
>> == 192.16.1.6 && outport == "lr_vcn3_gw-ls_external_vcn3" &&
>> is_chassis_resident("cr-lr_vcn3_gw-ls_external_vcn3")),
>> action=(ct_snat(253.255.2.2);)
>> table=1 (lr_out_snat ), priority=120 , match=(nd_ns),
>> action=(next;)
>> table=1 (lr_out_snat ), priority=0 , match=(1),
>> action=(next;)
>> table=2 (lr_out_egr_loop ), priority=100 , match=(ip4.dst ==
>> 253.255.0.33 && outport == "lr_vcn3_gw-ls_external_vcn3" &&
>> is_chassis_resident("cr-lr_vcn3_gw-ls_external_vcn3")), action=(clone {
>> ct_clear; inport = outport; outport = ""; flags = 0; flags.loopback = 1;
>> reg0 = 0; reg1 = 0; reg2 = 0; reg3 = 0; reg4 = 0; reg5 = 0; reg6 = 0;
>> reg7 = 0; reg8 = 0; reg9 = 0; reg9[0] = 1; next(pipeline=ingress,
>> table=0); };)
>> table=2 (lr_out_egr_loop ), priority=100 , match=(ip4.dst ==
>> 253.255.2.2 && outport == "lr_vcn3_gw-ls_external_vcn3" &&
>> is_chassis_resident("cr-lr_vcn3_gw-ls_external_vcn3")), action=(clone {
>> ct_clear; inport = outport; outport = ""; flags = 0; flags.loopback = 1;
>> reg0 = 0; reg1 = 0; reg2 = 0; reg3 = 0; reg4 = 0; reg5 = 0; reg6 = 0;
>> reg7 = 0; reg8 = 0; reg9 = 0; reg9[0] = 1; next(pipeline=ingress,
>> table=0); };)
>> table=2 (lr_out_egr_loop ), priority=0 , match=(1),
>> action=(next;)
>> table=3 (lr_out_delivery ), priority=100 , match=(outport ==
>> "lr_vcn3-vcn3_subnet1"), action=(output;)
>> table=3 (lr_out_delivery ), priority=100 , match=(outport ==
>> "lr_vcn3_gw-ls_external_vcn3"), action=(output;)
>>
>> _______________________________________________
>> discuss mailing list
>> discuss at openvswitch.org
>> https://mail.openvswitch.org/mailman/listinfo/ovs-discuss
>>
>
> _______________________________________________
> discuss mailing list
> discuss at openvswitch.org
> https://mail.openvswitch.org/mailman/listinfo/ovs-discuss
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.openvswitch.org/pipermail/ovs-discuss/attachments/20200506/4892fd2b/attachment-0001.html>
More information about the discuss
mailing list