Hi Alin, Yes, we find this issue when testing with Windows native 'ping'. So you mean the bug is introduced by Windows `ping` utility but not by Windows system design. Could you help suggest some third party `ping` utilities we could use on Windows?
Thanks, Wenying -----Original Message----- From: Alin Serdean <[email protected]> Sent: 2020年2月25日 0:04 To: Wenying Dong <[email protected]>; [email protected] Cc: Jinjun Gao <[email protected]>; Anand Kumar <[email protected]>; Rui Cao <[email protected]>; Vicky Liu <[email protected]> Subject: RE: OpenvSwitch SNAT doesn't work for "ping" on Windows > -----Original Message----- > From: Wenying Dong <[email protected]> > Sent: Monday, February 17, 2020 10:08 AM > To: [email protected] > Cc: Jinjun Gao <[email protected]>; Anand Kumar > <[email protected]>; Alin Serdean > <[email protected]>; Rui Cao <[email protected]>; Vicky > Liu <[email protected]> > Subject: OpenvSwitch SNAT doesn't work for "ping" on Windows > > Hi, > > > > We are running OVS on Windows to provide networking for containers. We > expect OVS could do SNAT for the traffic which is sent from containers > to an external address. But during the test, we found that the SNAT > corresponding OpenFlow entries don't work if we "ping" external > address, and the container could not get reply packets. > > > > Using OVS conntrack commands, we found that there were datapath flows > for the ICMP packets, and the key of the connection was a tuple of > (sIP, dIP, ICMP type, ICMP code, and identifier). We have also dump > the packets with wireshark, and found that the "ping" packets from > both containers and the hypervisor host were using a fixed identifier > "256", which might cause OVS to forward the reply packets by mistake. > > > > Could you help fix this issue? > > > > Thanks, > > Wenying Hi Wenying, Is this isolated for ICMP? One of the issues that I found during testing was that the native Windows `ping` utility does not change the ICMP ID/SEQ. For reference: https://nam04.safelinks.protection.outlook.com/?url=https%3A%2F%2Fen.wikipedia.org%2Fwiki%2FPing_(networking_utility)%23Echo_request&data=02%7C01%7Cwenyingd%40vmware.com%7Ceb4502417d2543c9afe808d7b943228e%7Cb39138ca3cee4b4aa4d6cd83d9dd62f0%7C0%7C0%7C637181570309694384&sdata=HceXT2V1zkDzE97F0F81iPixe2jNJiNOfhSTxWlYy90%3D&reserved=0 Can you try using a different ping utility? Alin. _______________________________________________ discuss mailing list [email protected] https://mail.openvswitch.org/mailman/listinfo/ovs-discuss
