TCP connection reset

[mcvzon51]

I'm trying to connect docker containers by using the p4 switch bmv2 model. Two containers on the same host (connected to the same switch) can establish a TCP connection but two containers on different hosts can't. After the server receives the syn packet, the server replies with a syn,ack packet that has the reset bit set. Before sending a packet to a new host NAT will be applied the action responsible for this looks like:

action nat(port, mac_src, mac_dst, host_ip, dst_ip) {
        modify_field(ether_hdr.src, mac_src);
	modify_field(ether_hdr.dst, mac_dst);
	modify_field(ipv4_hdr.src, host_ip);
        modify_field(ipv4_hdr.dst, dst_ip);
        modify_field(standard_metadata.egress_spec, port);
}

The TCP checksum is computed like this:

field_list tcp_checksum_list {
        ipv4_hdr.src;
        ipv4_hdr.dst;
        8'0;
        ipv4_hdr.proto;
        meta.tcpLength;
        tcp_hdr.src;
        tcp_hdr.dst;
        tcp_hdr.seq;
        tcp_hdr.ack;
        tcp_hdr.offset;
        tcp_hdr.resrv;
        tcp_hdr.flags;
        tcp_hdr.window;
        tcp_hdr.urgent;
        payload;
}

field_list_calculation tcp_checksum {
    input {
        tcp_checksum_list;
    }
    algorithm : csum16;
    output_width : 16;
}

calculated_field tcp_hdr.checksum {
    update tcp_checksum if(valid(tcp_hdr));
}

It's possible to ping the container on the other host.