[ovs-discuss] Question about full nat implementation with ovs

Andrés Pozo Muñoz andres.pozom at gmail.com
Fri Jan 8 18:59:13 UTC 2021


Hi all,

I am facing some difficulties with NAT in ovs and may be someone could
provide a hint to move things forward.

I'd like to perform full-NAT(SNAT+DNAT) for some tcp flows with ovs.

I've been able to make work SNAT and DNAT separately, but when I tried to
use both src and dst options in ct action (ct(nat(src=...,dst=...)) it
seems not supported.Googling around I only found this thread (
https://mail.openvswitch.org/pipermail/ovs-discuss/2016-December/043229.html)
but there's no clear answer about the feasibility of doing such flows with
ovs. I was not able to find any code snippet in github either.

Some questions:
   * Is it possible to implement such full nat flows with ovs?
   * What would be the 'recommended'(best) way to do so (if possible)?
        * is it possible to include 2 nat() options in a single ct action
 (ct(nat(),nat()))?
        * Perform independent NAT operations is different tables (and
different zones)? Would ct be able to track both NATs for the 'same packet'?
        * any other alternative?
    * Would ovn be the 'natural'(easiest) way to perform such operations?

Any hint someone could provide would be very appreciated!

Thank you very much in advance!

Kind regards,
Andrés
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.openvswitch.org/pipermail/ovs-discuss/attachments/20210108/87ca4a3e/attachment.html>


More information about the discuss mailing list