Uploaded image for project: 'vpp'
  1. vpp
  2. VPP-1384

SYN-ACK incorrectly natted

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Done
    • Icon: Medium Medium
    • 18.07, 18.10
    • None
    • S-NAT
    • None

       

      Version:

      VPP_REPO_URL=https://github.com/vpp-dev/vpp.git

VPP_BRANCH_NAME=stable-1807-contiv

VPP_COMMIT_ID=41a6f129201af60d4358b5693c39fd3584184ece

       

      In contiv/vpp we encountered incorrectly natted packet. Pod send a request to service. The pod is a backend of the service.

      kubectl exec -n default olcsxo – wget -q -O - -T 30 http://10.20.0.2:32616/ http://10.20.0.10:32616/ http://10.20.0.11:32616/http://10.20.0.12:32616/
      Packet 6:
21:46:13:716349: virtio-input
  virtio: hw_if_index 14 next-index 4 vring 0 len 74
    hdr: flags 0x00 gso_type 0x00 hdr_len 0 gso_size 0 csum_start 0 csum_offset 0 num_buffers 1
21:46:13:716356: ethernet-input
  IP4: 00:00:00:00:00:02 -> 02:fe:54:5d:89:02
21:46:13:716360: ip4-input
  TCP: 10.1.4.181 -> 10.20.0.10
    tos 0x00, ttl 64, length 60, checksum 0x7c64
    fragment id 0xa584, flags DONT_FRAGMENT
  TCP: 46234 -> 32616
    seq. 0x5f7536e5 ack 0x00000000
    flags 0x02 SYN, tcp header: 40 bytes
    window 28200, checksum 0x6005
21:46:13:716364: nat44-ed-out2in
  NAT44_OUT2IN_FAST_PATH: sw_if_index 14, next index 1, session 2292
21:46:13:716370: ip4-lookup
  fib 1 dpo-idx 19 flow hash: 0x00000000
  TCP: 10.1.4.254 -> 10.1.4.181
    tos 0x00, ttl 64, length 60, checksum 0x7783
    fragment id 0xa584, flags DONT_FRAGMENT
  TCP: 12656 -> 31313
    seq. 0x5f7536e5 ack 0x00000000
    flags 0x02 SYN, tcp header: 40 bytes
    window 28200, checksum 0xe365
21:46:13:716374: ip4-rewrite
  tx_sw_if_index 14 dpo-idx 19 : ipv4 via 10.1.4.181 tap1: mtu:1450 00000000000202fe545d89020800 flow hash: 0x00000000
  00000000: 00000000000202fe545d890208004500003ca58440003f0678830a0104fe0a01
  00000020: 04b531707a515f7536e500000000a0026e28e3650000020405820402
21:46:13:716376: tap1-output
  tap1
  IP4: 02:fe:54:5d:89:02 -> 00:00:00:00:00:02
  TCP: 10.1.4.254 -> 10.1.4.181
    tos 0x00, ttl 63, length 60, checksum 0x7883
    fragment id 0xa584, flags DONT_FRAGMENT
  TCP: 12656 -> 31313
    seq. 0x5f7536e5 ack 0x00000000
    flags 0x02 SYN, tcp header: 40 bytes
    window 28200, checksum 0xe365

Packet 7:
21:46:13:716349: virtio-input
  virtio: hw_if_index 14 next-index 4 vring 0 len 74
    hdr: flags 0x00 gso_type 0x00 hdr_len 0 gso_size 0 csum_start 0 csum_offset 0 num_buffers 1
21:46:13:716356: ethernet-input
  IP4: 00:00:00:00:00:02 -> 02:fe:54:5d:89:02
21:46:13:716360: ip4-input
  TCP: 10.1.4.181 -> 10.1.4.254
    tos 0x00, ttl 64, length 60, checksum 0x1d08
    fragment id 0x0000, flags DONT_FRAGMENT
  TCP: 31313 -> 12656
    seq. 0x5093ad37 ack 0x5f7536e6
    flags 0x12 SYN ACK, tcp header: 40 bytes
    window 27960, checksum 0x50a0
21:46:13:716364: nat44-ed-out2in
  NAT44_OUT2IN_FAST_PATH: sw_if_index 14, next index 4, session -1
21:46:13:716372: nat44-ed-out2in-slowpath
  NAT44_OUT2IN_SLOW_PATH: sw_if_index 14, next index 1, session -1
21:46:13:716375: ip4-lookup
  fib 1 dpo-idx 0 flow hash: 0x00000000
  TCP: 10.1.4.181 -> 10.1.4.254
    tos 0x00, ttl 64, length 60, checksum 0x1d08
    fragment id 0x0000, flags DONT_FRAGMENT
  TCP: 31313 -> 12656
    seq. 0x5093ad37 ack 0x5f7536e6
    flags 0x12 SYN ACK, tcp header: 40 bytes
    window 27960, checksum 0x50a0
21:46:13:716378: ip4-drop
    TCP: 10.1.4.181 -> 10.1.4.254
      tos 0x00, ttl 64, length 60, checksum 0x1d08
      fragment id 0x0000, flags DONT_FRAGMENT
    TCP: 31313 -> 12656
      seq. 0x5093ad37 ack 0x5f7536e6
      flags 0x12 SYN ACK, tcp header: 40 bytes
      window 27960, checksum 0x50a0
21:46:13:716395: error-drop
  ethernet-input: no error

       Attached files contains output of the show commands from the VPP running on the where the pod is running.

      In the error log an error was returned by programming static mapping:

      3447691:time="2018-08-09 20:54:37.91134" level=error msg="DNAT static mapping configuration failed: nat44_add_del_static_mapping_reply returned 1" loc="ifplugin/nat_config.go(647)" logger=vpp-nat-conf
3447705:time="2018-08-09 20:54:37.94461" level=error msg="Failed to configure static mapping for DNAT default/olcsxos58mfo: DNAT static mapping configuration failed: nat44_add_del_static_mapping_reply returned 1" loc="ifplugin/nat_config.go(317)" logger=vpp-nat-conf
3447709:time="2018-08-09 20:54:37.94505" level=error msg="DNAT static mapping configuration failed: nat44_add_del_static_mapping_reply returned 1" loc="syncbase/done.go(40)" logger=defaultLogger

        1. k8s-pods.txt
          4 kB
        2. vpp-interface-address.log
          0.5 kB
        3. vpp-interface-address.log
          0.5 kB
        4. vpp-nat44-addresses.log
          0.3 kB
        5. vpp-nat44-deterministic-mappings.log
          0.1 kB
        6. vpp-nat44-deterministic-sessions.log
          0.1 kB
        7. vpp-nat44-deterministic-timeouts.log
          0.1 kB
        8. vpp-nat44-hash-tables.log
          436 kB
        9. vpp-nat44-interfaces.log
          0.1 kB
        10. vpp-nat44-sessions.log
          502 kB

            matfabia Matus Fabian
            lmck Lukas Macko
            Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

              Created:
              Updated:
              Resolved: