It seems when dull-nat can be supported, the performance can be improved with reduced upcalls.
I have also asked a question about SNAT flag but currently got reply, hope guys implement NAT feature can help us:) 2016-12-09 19:33 GMT+08:00 Zang MingJie <zealot0...@gmail.com>: > Hi: > > I'm trying to do full-NAT with ovs 2.6, I want to translate packets > from global network into private network. > > (global-ip:port -> 100.2.5.8:2489) <=> (10.0.1.20:X -> 10.0.1.5:9468) > > To achieve it, I have set up three ct(nat) actions, first bare nat to > lookup conntrack table, then one for dnat and one for snat: > > table=0,tcp,in_port=5 actions=ct(table=10,zone=1,nat) > table=10,ct_state=+new,ct_zone=1,tcp,nw_dst=100.2.5.8,tp_dst=2489 > actions=ct(commit,table=15,zone=1,nat(dst=10.0.1.5:9468)) > table=15,ct_zone=1 actions=ct(commit,table=20,zone=1,nat(src=10.0.1.20)) > table=20,output:2 > > But only the first packet is successful translated, all following > packets are not translated by snat, only dnat applied: > > IP 10.0.1.20.42510 > 10.0.1.5.9468: Flags [S], seq 133205195, ... > IP 169.254.174.222.42510 > 10.0.1.5.9468: Flags [S], seq 133205195, ... > IP 169.254.174.222.42510 > 10.0.1.5.9468: Flags [S], seq 133205195, ... > IP 169.254.174.222.42510 > 10.0.1.5.9468: Flags [S], seq 133205195, ... > > And, there come two conntrack entries: > > tcp, > orig=(src=169.254.174.222,dst=100.2.5.8,sport=42510,dport=2489), > reply=(src=10.0.1.5,dst=169.254.174.222,sport=9468,dport=42510), > zone=1,protoinfo=(state=SYN_SENT) > > tcp, > orig=(src=169.254.174.222,dst=10.0.1.5,sport=42510,dport=9468), > reply=(src=10.0.1.5,dst=10.0.1.20,sport=9468,dport=42510), > zone=1,protoinfo=(state=SYN_SENT) > > From my experience of iptables and conntrack, there should be only one > conntrack entry like this: > > tcp, > orig=(src=169.254.174.222,dst=100.2.5.8,sport=42510,dport=2489), > reply=(src=10.0.1.5,dst=10.0.1.20,sport=9468,dport=42510), > zone=1,protoinfo=(state=SYN_SENT) > > Using current ovs, is there any way to achieve full-NAT ? > _______________________________________________ > discuss mailing list > disc...@openvswitch.org > https://mail.openvswitch.org/mailman/listinfo/ovs-discuss >
_______________________________________________ discuss mailing list disc...@openvswitch.org https://mail.openvswitch.org/mailman/listinfo/ovs-discuss
