Loading...

Type: Bug
Resolution: Won't Do
Priority: High
Fix Version/s: None
Affects Version/s: None
Component/s: S-NAT
Labels:
None

Epic Link:
Contiv VPP (Kubernetes)

POD 10.1.1.3 accesses the service IP 10.96.0.1 that should be NATed to 10.20.0.2:

tcp local 10.20.0.2:6443 external 10.96.0.1:443 vrf 0 self-twice-nat out2in-only

DST IP is not NATed at all, instead SRC IP 10.1.1.3 is incorrectly NATed to 192.168.16.1:

Packet 53:
00:09:18:274985: virtio-input
 virtio: hw_if_index 5 next-index 4 vring 0 len 66
 hdr: flags 0x00 gso_type 0x00 hdr_len 0 gso_size 0 csum_start 0 csum_offset 0 num_buffers 1
00:09:18:276014: ethernet-input
 IP4: 00:00:00:00:00:02 -> 02:fe:16:3f:5f:0f
00:09:18:276020: ip4-input
 TCP: 10.1.1.3 -> 10.96.0.1
 tos 0x00, ttl 64, length 52, checksum 0x29f3
 fragment id 0xfb6c, flags DONT_FRAGMENT
 TCP: 59196 -> 443
 seq. 0x9bcc02b6 ack 0x704adb3c
 flags 0x10 ACK, tcp header: 32 bytes
 window 395, checksum 0xc1dd
00:09:18:276024: nat44-ed-classify
 nat44-classify: next nat44-in2out
00:09:18:276028: nat44-ed-in2out
 NAT44_IN2OUT_FAST_PATH: sw_if_index 5, next index 0, session 5
00:09:18:276031: ip4-lookup
 fib 0 dpo-idx 1 flow hash: 0x00000000
 TCP: 192.168.16.1 -> 10.96.0.1
 tos 0x00, ttl 64, length 52, checksum 0x644d
 fragment id 0xfb6c, flags DONT_FRAGMENT
 TCP: 53893 -> 443
 seq. 0x9bcc02b6 ack 0x704adb3c
 flags 0x10 ACK, tcp header: 32 bytes
 window 395, checksum 0x10ef
00:09:18:276035: ip4-rewrite
 tx_sw_if_index 1 dpo-idx 1 : ipv4 via 192.168.16.100 GigabitEthernet0/8/0: mtu:9000 0800273d5300080027a0e82e0800 flow hash: 0x00000000
 00000000: 0800273d5300080027a0e82e080045000034fb6c40003f06654dc0a810010a60
 00000020: 0001d28501bb9bcc02b6704adb3c8010018b10ef00000101080a0002
00:09:18:276037: nat44-ed-in2out-output
 NAT44_IN2OUT_FAST_PATH: sw_if_index 5, next index 0, session 9
00:09:18:276040: GigabitEthernet0/8/0-output
 GigabitEthernet0/8/0
 IP4: 08:00:27:a0:e8:2e -> 08:00:27:3d:53:00
 TCP: 192.168.16.1 -> 10.96.0.1
 tos 0x00, ttl 63, length 52, checksum 0x654d
 fragment id 0xfb6c, flags DONT_FRAGMENT
 TCP: 25801 -> 443
 seq. 0x9bcc02b6 ack 0x704adb3c
 flags 0x10 ACK, tcp header: 32 bytes
 window 395, checksum 0x7eab
00:09:18:276041: GigabitEthernet0/8/0-tx
 GigabitEthernet0/8/0 tx queue 0
 buffer 0x19fb3: current data 0, length 66, free-list 0, clone-count 0, totlen-nifb 0, trace 0x352
 nated l2-hdr-offset 0 l3-hdr-offset 14 
 PKT MBUF: port 65535, nb_segs 1, pkt_len 66
 buf_len 2176, data_len 66, ol_flags 0x0, data_off 128, phys_addr 0x1227ed40
 packet_type 0x0 l2_len 0 l3_len 0 outer_l2_len 0 outer_l3_len 0
 rss 0x0 fdir.hi 0x0 fdir.lo 0x0
 IP4: 08:00:27:a0:e8:2e -> 08:00:27:3d:53:00
 TCP: 192.168.16.1 -> 10.96.0.1
 tos 0x00, ttl 63, length 52, checksum 0x654d
 fragment id 0xfb6c, flags DONT_FRAGMENT
 TCP: 25801 -> 443
 seq. 0x9bcc02b6 ack 0x704adb3c
 flags 0x10 ACK, tcp header: 32 bytes
 window 395, checksum 0x7eab

vpp# sh nat44 static mappings
NAT44 static mappings:
 udp local 192.168.16.1:4789 external 192.168.16.1:4789 vrf 0 
 local 192.168.16.1 external 192.168.16.1 vrf 0 
 tcp local 10.20.0.2:6443 external 10.96.0.1:443 vrf 0 self-twice-nat out2in-only
 tcp local 10.20.0.2:12379 external 192.168.16.1:32379 vrf 0 self-twice-nat out2in-only
 tcp local 10.20.0.2:12379 external 10.20.0.2:32379 vrf 0 self-twice-nat out2in-only
 tcp local 10.20.0.2:12379 external 10.102.233.129:12379 vrf 0 self-twice-nat out2in-only
 udp local 10.1.1.3:53 external 10.96.0.10:53 vrf 1 self-twice-nat out2in-only
 tcp local 10.1.1.3:53 external 10.96.0.10:53 vrf 1 self-twice-nat out2in-only
 tcp local 10.20.0.2:12379 external 10.20.0.10:32379 vrf 0 self-twice-nat out2in-only
 tcp local 10.20.0.2:12379 external 192.168.16.2:32379 vrf 0 self-twice-nat out2in-only
 tcp local 10.1.1.9:31313 external 10.111.126.131:80 vrf 1 self-twice-nat out2in-only
 tcp local 10.1.2.9:31313 external 10.108.250.34:80 vrf 1 self-twice-nat out2in-only
vpp# 
vpp# 
vpp# sh nat44 sessions 
NAT44 sessions:
-------- thread 0 vpp_main --------
 10.1.1.2: 2 dynamic translations, 0 static translations
 172.30.1.2: 3 dynamic translations, 0 static translations
 10.20.0.2: 0 dynamic translations, 4 static translations
 10.1.1.3: 2 dynamic translations, 17 static translations
 192.168.16.1: 29 dynamic translations, 0 static translations
 10.1.1.6: 2 dynamic translations, 0 static translations
 10.1.1.5: 2 dynamic translations, 0 static translations
 10.1.2.4: 2 dynamic translations, 0 static translations
 192.168.16.1: 0 dynamic translations, 28 static translations
 10.1.2.3: 2 dynamic translations, 0 static translations
 10.1.2.6: 2 dynamic translations, 0 static translations
 10.1.1.8: 2 dynamic translations, 0 static translations
 10.1.1.7: 2 dynamic translations, 0 static translations
 10.1.2.5: 2 dynamic translations, 0 static translations
 10.1.2.9: 3 dynamic translations, 0 static translations
 10.1.1.9: 2 dynamic translations, 0 static translations
 10.1.1.10: 2 dynamic translations, 0 static translations
 10.1.2.8: 3 dynamic translations, 0 static translations

- - Sort By Name
  - Sort By Date
  - Ascending
  - Descending
  - Thumbnails
  - List
  - Download All

api-trace-diff-before-after.txt
16 kB
16/Aug/18 1:32 PM
contiv-vpp-bug-report-2018-08-16-05-58.tar.xz
183 kB
16/Aug/18 1:09 PM
log
233 kB
20/Aug/18 11:32 AM
packet-trace.txt
93 kB
16/Aug/18 12:51 PM
packet-trace-working-10-mins-later.txt
20 kB
16/Aug/18 1:05 PM
vpp-api-trace-dump.log
41 kB
16/Aug/18 12:56 PM
vpp-interface.log
5 kB
16/Aug/18 12:56 PM
vpp-interface-address.log
0.4 kB
16/Aug/18 12:56 PM
vpp-ip-fib.log
7 kB
16/Aug/18 12:56 PM
vpp-nat44-addresses.log
0.3 kB
16/Aug/18 12:55 PM
vpp-nat44-hash-tables.log
18 kB
16/Aug/18 12:55 PM
vpp-nat44-interfaces.log
0.1 kB
16/Aug/18 12:55 PM
vpp-nat44-sessions.log
14 kB
16/Aug/18 12:55 PM
vpp-nat44-static-mappings.log
1.0 kB
16/Aug/18 12:55 PM

Details

Description

Attachments

Attachments

Activity

People

Dates