Uploaded image for project: 'vpp'
  1. vpp
  2. VPP-1283

NAT does not work in VPP 18.04 in some scenarios

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Duplicate
    • Icon: Highest Highest
    • 18.04
    • 18.04
    • S-NAT
    • None

      ssh from a VM behind SNAT to an outside/external host fails in 18.04. It used to work in 18.01 and earlier.

       

      The tcpdump on the outside/external host shows that the TCP connection establishment itself succeeds but then subsequent segments elicit an ICMP unreachable error msg from VPP side even though the segment sizes are well within the MTU on either side.

       

      07:18:48.952331 IP 10.195.131.79.1826 > 10.195.69.200.22: Flags [S], seq 166103352, win 29200, options [mss 1460,sackOK,TS val 4448259 ecr 0,nop,wscale 6], length 0

      07:18:48.952390 IP 10.195.69.200.22 > 10.195.131.79.1826: Flags [S.], seq 3294302182, ack 166103353, win 26960, options [mss 1360,sackOK,TS val 3514861845 ecr 4448259,nop,wscale 7], length 0

      07:18:48.952581 IP 10.195.131.79.1826 > 10.195.69.200.22: Flags [.], ack 1, win 457, options [nop,nop,TS val 4448259 ecr 3514861845], length 0

      07:18:48.952920 IP 10.195.131.79.1826 > 10.195.69.200.22: Flags [P.], seq 1:635, ack 1, win 457, options [nop,nop,TS val 4448260 ecr 3514861845], length 634

      07:18:48.952937 IP 10.195.69.200.22 > 10.195.131.79.1826: Flags [.], ack 635, win 221, options [nop,nop,TS val 3514861845 ecr 4448260], length 0

      07:18:48.957469 IP 10.195.69.200.22 > 10.195.131.79.1826: Flags [P.], seq 1:42, ack 635, win 221, options [nop,nop,TS val 3514861846 ecr 4448260], length 41

      07:18:48.957599 IP 10.195.131.79.1826 > 10.195.69.200.22: Flags [.], ack 42, win 457, options [nop,nop,TS val 4448261 ecr 3514861846], length 0

      07:18:48.957991 IP 10.195.69.200.22 > 10.195.131.79.1826: Flags [P.], seq 42:1690, ack 635, win 221, options [nop,nop,TS val 3514861846 ecr 4448261], length 1648

      07:18:48.958151 IP 10.195.131.79 > 10.195.69.200: ICMP 10.0.0.12 unreachable - need to frag, length 584

      07:18:48.958621 IP 10.195.131.79.1826 > 10.195.69.200.22: Flags [.], ack 42, win 473, options [nop,nop,TS val 4448261 ecr 3514861846,nop,nop,sack 1 \{1390:1690}], length 0

      07:18:48.962141 IP 10.195.69.200.22 > 10.195.131.79.1826: Flags [.], seq 42:1390, ack 635, win 221, options [nop,nop,TS val 3514861848 ecr 4448261], length 1348

      07:18:48.962288 IP 10.195.131.79 > 10.195.69.200: ICMP 10.0.0.12 unreachable - need to frag, length 584

      07:18:49.166141 IP 10.195.69.200.22 > 10.195.131.79.1826: Flags [.], seq 42:1390, ack 635, win 221, options [nop,nop,TS val 3514861899 ecr 4448261], length 1348

      07:18:49.166278 IP 10.195.131.79 > 10.195.69.200: ICMP 10.0.0.12 unreachable - need to frag, length 584

      07:18:49.574147 IP 10.195.69.200.22 > 10.195.131.79.1826: Flags [.], seq 42:1390, ack 635, win 221, options [nop,nop,TS val 3514862001 ecr 4448261], length 1348

      07:18:49.574307 IP 10.195.131.79 > 10.195.69.200: ICMP 10.0.0.12 unreachable - need to frag, length 584

      07:18:50.390146 IP 10.195.69.200.22 > 10.195.131.79.1826: Flags [.], seq 42:1390, ack 635, win 221, options [nop,nop,TS val 3514862205 ecr 4448261], length 1348

      07:18:50.390306 IP 10.195.131.79 > 10.195.69.200: ICMP 10.0.0.12 unreachable - need to frag, length 584

      07:18:52.026093 IP 10.195.69.200.22 > 10.195.131.79.1826: Flags [.], seq 42:1390, ack 635, win 221, options [nop,nop,TS val 3514862614 ecr 4448261], length 1348

      07:18:52.026295 IP 10.195.131.79 > 10.195.69.200: ICMP 10.0.0.12 unreachable - need to frag, length 584

            otroan Ole Trøan
            ot Onong Tayeng
            Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

              Created:
              Updated:
              Resolved: