The Network Address Translation (NAT) process maps IP addresses from one address domain (or realm) to another to provide transparent routing to end hosts. Typically, NAT allows organizations to map public external addresses to private or unregistered addresses. Platforms with ASIC Trident2, Trident2Plus and Tomahawk support this function in OVS mode only. A flow with NAT actions (changing IP address or L4 port) can be hardware switched. Flows can be associated with the following actions: mod_nw_dst, mod_nw_src, mod_tp_dst and mod_tp_src.
Listed below is the minimal information needed to process the packet on hardware only (direct flow):
...
5) dl_dst(match field or action), dl_vlan(match field or action), tp_dst(with or wthout in match field),mod_nw_dst6) dl_dst(match field or action), dl_vlan(match field or action), nw_dst(match field),mod_tp_dstmatch field),mod_nw_dst
6) dl_dst(match field or action), dl_vlan(match field or action), nw_dst(match field),mod_tp_dst
Supported Platform
| Vendor | Platform |
|---|---|
| Delta | AG5648 v1-R, AG7648, AG9032v1 |
| Accton | AS5712-54X, AS5812-54T, AS5812-54X, AS5835-54T, AS5835-54X, AS6712-32X, AS6812-32X, AS7312-54X, AS7326-56X, AS7712-32X, AS7726-32X, AS7816-64X |
| Dell | N3248X-ON, N3248PXE-ON, S4048-ON, S4128T-ON, S4128F-ON, S4148T-ON, S4148F-ON, S5212F-ON, S5224F-ON, S5248F-ON, S5232F-ON, S5296F-ON, Z9100-ON, Z9264F-ON |
| FS | N8560-32C, N8560-64C |
Example
Example 1: SNAT
Step 1: Create a new bridge named br0.
...
Step 3: If user is outside network and wants to visit inside network, destination IP needs to be modified:
| Code Block |
|---|
admin@PicOS-OVS$ovs-ofctl add-flow br0 in_port=1,tcp,dl_vlan=1999,dl_dst=22:22:22:22:22:22,actions=set_field:192.168.5.5-\>nw_dst,set_field:800-\>tp_dst,output:2 |
...
If match field or actions cannot satisfy condition of direct flow, this flow will be packet-driven-flow, and it cannot be added to hardware table directly.
Establish br0 and add ports in br0 like above configration. And add flow as follows:
...
2. If set_dl_src is included in actions, the packets will be stamped with set_dl_src (as before). If set_dl_src is not included in actions, the packets will be stamped with the original dl_src. That is to say, keep the original source mac address.
...
| Code Block |
|---|
Eg1: ovs-ofctl add-flow br0 in_port=1,ip,tcp,dl_vlan=2,dl_src=00:11:22:33:44:55,dl_dst=00:01:02:03:04:05,actions=set_field:0x456-\>tp_src,set_field:192.168.5.5-\>nw_src,output:2 send packets result: MAC: ------ MAC Header ------ MAC: Destination Address : 00 01 02 03 04 05 MAC: Source Address : 00 11 22 33 44 55 Eg2: ovs-ofctl add-flow br0 in_port=1,ip,tcp,dl_vlan=2,dl_dst=00:01:02:03:04:05,actions=set_field:0x456-\>tp_src,set_field:192.168.5.5-\>nw_src,output:2 send packets result: MAC: ------ MAC Header ------ MAC: Destination Address : 00 01 02 03 04 05 MAC: Source Address : 00 11 22 33 44 55 Eg3: ovs-ofctl add-flow br0 in_port=1,ip,tcp,dl_vlan=2,dl_src=00:11:22:33:44:55,dl_dst=00:01:02:03:04:05,actions=set_field:0x456-\>tp_src,set_field:192.168.5.5-\>nw_src,set_field:22:22:22:22:22:22-\>dl_src,output:2 send packets result: MAC: ------ MAC Header ------ MAC: Destination Address : 00 01 02 03 04 05 MAC: Source Address : 22 22 22 22 22 22 Eg4: ovs-ofctl add-flow br0 in_port=1,ip,tcp,dl_vlan=2,dl_dst=00:01:02:03:04:05,actions=set_field:0x456-\>tp_src,set_field:192.168.5.5-\>nw_src,set_field:22:22:22:22:22:22-\>dl_src,output:2 send packets result: MAC: ------ MAC Header ------ MAC: Destination Address : 00 01 02 03 04 05 MAC: Source Address : 22 22 22 22 22 22 |
...