Uploaded image for project: 'vpp'
  1. vpp
  2. VPP-1678

Endpoint-dependent NAT issue after upgrade from 19.01 to 19.04

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Duplicate
    • Icon: Low Low
    • None
    • None
    • nat
    • None

      After upgrading VPP version in Contiv-VPP from 19.01 to 19.04, endpoint-dependent NAT stopped working correctly.

      E.g. for DNS service with the following static mapping config:

       

      udp external 10.96.0.10:53 self-twice-nat out2in-only
  local 10.1.1.2:53 vrf 1 probability 1
  local 10.1.1.3:53 vrf 1 probability 1
tcp external 10.96.0.10:53 self-twice-nat out2in-only
  local 10.1.1.2:53 vrf 1 probability 1
  local 10.1.1.3:53 vrf 1 probability 1

      The client with IP 10.1.4.6 is accessing the virtual IP 10.96.0.10, proto UDP, port 53.

       

      It seems that the DNS responses coming back to the client are NATed incorrectly, this is the tcpdump output on the client TAP interface:

      08:53:28.853969 IP 10.1.4.6.54245 > 10.96.0.10.domain: 2+ PTR? 10.0.96.10.in-addr.arpa. (41)
08:53:28.854544 IP 10.1.4.6.41126 > 10.0.2.3.domain: 47448+ PTR? 10.0.96.10.in-addr.arpa. (41)
08:53:28.859022 IP 10.96.0.10.domain > 10.1.4.6.54245: 2* 1/0/0 PTR kube-dns.kube-system.svc.cluster.local. (116)
08:53:28.859294 IP 10.1.4.6.55322 > 10.96.0.10.domain: 3+ AAAA? kubernetes. (28)
08:53:33.860493 IP 10.1.4.6.41126 > 10.0.2.3.domain: 47448+ PTR? 10.0.96.10.in-addr.arpa. (41)
08:53:33.865290 IP 10.1.4.6.36756 > 10.96.0.10.domain: 4+ AAAA? kubernetes. (28)
08:53:38.863597 IP 10.1.4.6.49494 > 10.0.2.3.domain: 43885+ PTR? 6.4.1.10.in-addr.arpa. (39)
08:53:48.871257 IP 10.1.4.6.47850 > 10.0.2.3.domain: 12722+ PTR? 3.2.0.10.in-addr.arpa. (39)
08:53:58.886012 IP 10.96.0.10.domain > 10.1.4.6.38415: 5 ServFail- 0/0/0 (28)
08:53:58.886042 IP 10.1.4.6 > 10.96.0.10: ICMP 10.1.4.6 udp port 38415 unreachable, length 64
08:53:58.893587 IP 10.1.4.6.55185 > 10.96.0.10.domain: 9+ A? kubernetes. (28)
08:54:03.894879 IP 10.96.0.10.domain > 10.1.4.6.49636: 6 ServFail- 0/0/0 (28)
08:54:03.894968 IP 10.1.4.6 > 10.96.0.10: ICMP 10.1.4.6 udp port 49636 unreachable, length 64
08:54:03.895667 IP 10.1.4.6.40665 > 10.96.0.10.domain: 10+ A? kubernetes. (28)
08:54:08.893681 IP 10.96.0.10.domain > 10.1.4.6.33754: 7 ServFail- 0/0/0 (28)
08:54:08.893712 IP 10.1.4.6 > 10.96.0.10: ICMP 10.1.4.6 udp port 33754 unreachable, length 64
08:54:13.894674 IP 10.96.0.10.domain > 10.1.4.6.55899: 8 ServFail- 0/0/0 (28)
08:54:13.894708 IP 10.1.4.6 > 10.96.0.10: ICMP 10.1.4.6 udp port 55899 unreachable, length 64
08:54:18.911416 IP 10.96.0.10.domain > 10.1.4.6.55185: 9 ServFail- 0/0/0 (28)
08:54:18.911462 IP 10.1.4.6 > 10.96.0.10: ICMP 10.1.4.6 udp port 55185 unreachable, length 64
08:54:23.902811 IP 10.96.0.10.domain > 10.1.4.6.40665: 10 ServFail- 0/0/0 (28)
08:54:23.902860 IP 10.1.4.6 > 10.96.0.10: ICMP 10.1.4.6 udp port 40665 unreachable, length 64

      Packet trace and more info in the attachments.

        1. nat-sessions.txt
          10 kB
        2. nat-setup.txt
          12 kB
        3. tcpdump.txt
          2 kB
        4. vpp-trace.txt
          57 kB

            fivarga89 Filip Varga
            raszabo Rastislav Szabo
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

              Created:
              Updated:
              Resolved: