polycube icon indicating copy to clipboard operation
polycube copied to clipboard
verified publisher icon polycube-network

[BUG] NAT won't work as expected

Open lucafrancescato opened this issue 4 years ago • 0 comments

Describe the bug

When pinging from network A to network B, where NAT is enabled on a router between the two networks, the first request packet's source address (i.e. from A to B) doesn't get translated. Moreover:

  • first case, the first response packet's destination address (i.e. from B to A) doesn't get translated;
  • second case, all the response packet's destination addresses (again, from B to A) don't get translated.

More details follow below.

General set up

sudo ip netns add ns1
sudo ip link add veth1root type veth peer name veth1ns
sudo ip link set veth1ns netns ns1
sudo ip netns exec ns1 ip link set dev veth1ns up
sudo ip link set dev veth1root up
sudo ip netns exec ns1 ip addr add 10.0.0.1/24 dev veth1ns
sudo ip netns exec ns1 ip route add default via 10.0.0.254 dev veth1ns

sudo ip netns add ns3
sudo ip link add veth3root type veth peer name veth3ns
sudo ip link set veth3ns netns ns3
sudo ip netns exec ns3 ip link set dev veth3ns up
sudo ip link set dev veth3root up
sudo ip netns exec ns3 ip addr add 10.20.30.1/24 dev veth3ns
sudo ip netns exec ns3 ip route add default via 10.20.30.254 dev veth3ns

polycubectl router add r1
polycubectl r1 ports add to_veth1 ip=10.0.0.254/24
polycubectl connect r1:to_veth1 veth1root

polycubectl r1 ports add to_veth3 ip=10.20.30.254/24
polycubectl connect r1:to_veth3 veth3root

polycubectl nat add nat1
polycubectl attach nat1 r1:to_veth3
polycubectl nat1 rule masquerade enable

First case

To reproduce

Once everything is set up with the above commands, the steps to reproduce the error are:

  1. Open a traffic capture on interface veth3root.
  2. Execute sudo ip netns exec ns1 ping 10.20.30.1.
  3. Observe the error on the capture, for which I report an image. IMAGE 2021-03-11 11:32:13

Expected behavior

The first ICMP echo request's source address should be 10.20.30.254. The first ICMP echo reply's destination address should be 10.20.30.254.

Second case

In addition, install the LaTe tool:

git clone --recursive https://github.com/francescoraves483/LaMP_LaTe.git
cd LaMP_LaTe
make

To reproduce

Once everything is set up with the above commands, the steps to reproduce the error are:

  1. Open a traffic capture on interface veth3root.
  2. Execute sudo ip netns exec ns3 ./LaTe -s -u -d -e.
  3. On another terminal, execute sudo ip netns exec ns1 ./LaTe -c 10.20.30.40 -u -B -e -n 3.
  4. Observe the error on the capture, for which I report an image. IMAGE 2021-03-11 11:44:16
  5. Further executions of step 3 lead to a correct address translation, as per the following image. IMAGE 2021-03-11 11:57:48

Expected behavior

The first UDP request's source address should be 10.20.30.254. All the UDP reply' destination addresses should be 10.20.30.254.

Please tell us about your environment:

  1. OS details: Ubuntu 19.10
  2. Kernel details: 5.3.0-51-generic
  3. Polycube Version: polycubectl: version: v0.9.0-rc+ [git: (branch/commit): master/2e4f4e20] polycubed: version: v0.9.0-rc+ [git: (branch/commit): master/2e4f4e20]

Additional context

In both cases, the behavior can be replicated by just executing polycubectl r1 arp-table del and then executing again the list of steps as described above.

lucafrancescato avatar Mar 11 '21 11:03 lucafrancescato