-
Bug
-
Resolution: Done
-
Undefined
-
None
-
None
-
None
-
False
-
-
False
-
-
For example the following openflow:
table=45, priority=25,ct_state=-trk,ip,metadata=0x1,nw_src=42.42.42.0/24 actions=ct(commit,table=46,zone=42,nat(src=66.66.66.66:10000-20000,random))
will ensure that all SNAT operations also translate the original packet's source port to a port in the supplied range when using the kernel datapath.
The same rule in the userspace datapath ends up performing a hash on the tuple and always selects the same source port for the SNATed packet.
From the ovs-actions man page:
The optional flags are:
random The selection of the port from the given
range should be done using a fresh random
number. This flag is mutually exclusive
with hash.
hash The selection of the port from the given
range should be done using a datapath
specific hash of the packet’s IP addresses
and the other, non-mapped port number. This
flag is mutually exclusive with random.
persistent
The selection of the IP address from the
given range should be done so that the same
mapping can be provided after the system
restarts.
