> -----Original Message----- > From: Wenying Dong <[email protected]> > Sent: Monday, February 17, 2020 10:08 AM > To: [email protected] > Cc: Jinjun Gao <[email protected]>; Anand Kumar > <[email protected]>; Alin Serdean > <[email protected]>; Rui Cao <[email protected]>; Vicky Liu > <[email protected]> > Subject: OpenvSwitch SNAT doesn't work for "ping" on Windows > > Hi, > > > > We are running OVS on Windows to provide networking for containers. We > expect OVS could do SNAT for the traffic which is sent from containers to an > external address. But during the test, we found that the SNAT corresponding > OpenFlow entries don't work if we "ping" external address, and the container > could not get reply packets. > > > > Using OVS conntrack commands, we found that there were datapath flows for > the ICMP packets, and the key of the connection was a tuple of (sIP, dIP, ICMP > type, ICMP code, and identifier). We have also dump the packets with > wireshark, > and found that the "ping" packets from both containers and the hypervisor host > were using a fixed identifier "256", which might cause OVS to forward the > reply > packets by mistake. > > > > Could you help fix this issue? > > > > Thanks, > > Wenying
Hi Wenying, Is this isolated for ICMP? One of the issues that I found during testing was that the native Windows `ping` utility does not change the ICMP ID/SEQ. For reference: https://en.wikipedia.org/wiki/Ping_(networking_utility)#Echo_request Can you try using a different ping utility? Alin. _______________________________________________ discuss mailing list [email protected] https://mail.openvswitch.org/mailman/listinfo/ovs-discuss
