Handling reverse NAT in logical L3 routing
First Claim
1. A non-transitory machine readable medium storing a program which when executed by at least one processing unit configures a plurality of managed forwarding elements (MFEs) to implement a logical topology that comprises a logical L3 router and at least one logical L2 switch that logically couples to a plurality of machines, the program comprising sets of instructions for:
- for a first MFE that implements the logical topology and couples directly to a particular one of the plurality of machines, generating a first set of data records for configuring the first MFE to install a first set of flow entries that (i) implement the logical L2 switch and logical L3 router, (ii) perform source network address translation (NAT) processing on a first packet received from the particular machine and addressed to a particular destination, (iii) send, to a second MFE, the first packet with information indicating that the NAT processing has been performed on the first packet, and (iv) perform reverse source NAT processing on a second packet sent by the particular destination in response to the first packet;
for a second MFE that implements the logical topology, generating a second set of data records for configuring the second MFE to install a second set of flow entries that (i) implement the logical L2 switch and logical L3 router for a subset of packets for which the second MFE is the initial MFE to process the packets and (ii) send the second packet, received from the particular destination in response to the first packet and for which the second MFE is the initial MFE to process the packet, to the first MFE without performing processing for the logical L3 router and the logical L2 switch on the second packet based on the information indicating that NAT processing was performed on the first packet.
1 Assignment
0 Petitions
Accused Products
Abstract
A non-transitory machine readable medium storing a program that configures first and second managed forwarding elements to perform logical L2 switching and L3 routing is described. The program generates a first set of flow entries for configuring the first managed forwarding element to (1) perform a network address translation (NAT) processing on a first packet and (2) send, to a second managed switching element. The first packet and information indicate that the NAT processing has been performed on the first packet. The program generates a second set of flow entries for configuring the second managed forwarding element to (1) skip performing a logical L3 processing on a second packet to be sent to the first managed forwarding element in response to receiving the first packet and (2) send the second packet to the first managed switching element.
234 Citations
21 Claims
-
1. A non-transitory machine readable medium storing a program which when executed by at least one processing unit configures a plurality of managed forwarding elements (MFEs) to implement a logical topology that comprises a logical L3 router and at least one logical L2 switch that logically couples to a plurality of machines, the program comprising sets of instructions for:
-
for a first MFE that implements the logical topology and couples directly to a particular one of the plurality of machines, generating a first set of data records for configuring the first MFE to install a first set of flow entries that (i) implement the logical L2 switch and logical L3 router, (ii) perform source network address translation (NAT) processing on a first packet received from the particular machine and addressed to a particular destination, (iii) send, to a second MFE, the first packet with information indicating that the NAT processing has been performed on the first packet, and (iv) perform reverse source NAT processing on a second packet sent by the particular destination in response to the first packet; for a second MFE that implements the logical topology, generating a second set of data records for configuring the second MFE to install a second set of flow entries that (i) implement the logical L2 switch and logical L3 router for a subset of packets for which the second MFE is the initial MFE to process the packets and (ii) send the second packet, received from the particular destination in response to the first packet and for which the second MFE is the initial MFE to process the packet, to the first MFE without performing processing for the logical L3 router and the logical L2 switch on the second packet based on the information indicating that NAT processing was performed on the first packet. - View Dependent Claims (2, 3, 4, 5, 6, 7)
-
-
8. For a network controller for managing a plurality of managed forwarding elements (MFEs) that implement a logical topology that comprises a logical L3 router and at least one logical L2 switch that logically couples to a plurality of machines, a method comprising:
-
configuring a first MFE that couples directly to a particular one of the plurality of machines to (i) implement the logical L2 switch and logical L3 router, (ii) perform source network address translation (NAT) processing on a first packet received from the particular machine and addressed to a particular destination, (iii) send, to a second MFE, the first packet with information indicating that the NAT processing has been performed on the first packet, and (iv) perform reverse source NAT processing on a second packet sent by the particular destination in response to the first packet, wherein the second MFE is configured to (i) implement the logical L2 switch and logical L3 router for a subset of packets for which the second MFE is the initial MFE to process the packet and (ii) send the second packet, received from the particular destination in response to the first packet and for which the second MFE is the initial MFE to process the packet, to the first MFE without performing processing for the logical L3 router and the logical L2 switch on the second packet based on the information that NAT processing was performed on the first packet. - View Dependent Claims (9, 10, 11, 12, 13)
-
-
14. For a first managed forwarding element (MFE), a method for processing packets for a logical topology that includes a logical L3 router and at least one logical L2 switch, the method comprising:
-
from a second MFE, receiving a first packet with information indicating that source network address translation (NAT) processing was performed on the first packet by the second MFE as part of a set of logical processing operations to process the packet through the logical L2 switch and logical L3 router, the first packet having a first address as a source address and a second address as a destination address; based on the information indicating that source NAT was performed on the first packet, sending a second packet, received at the first MFE with the second address as a source address and the first address as a destination address, to the second MFE without performing processing for the logical L3 router and the logical L2 switch on the second packet, wherein the first MFE is the initial MFE that processes the second packet; and performing processing for the logical L3 router and logical L2 switch on a third packet received at the first MFE with a third address as a destination address, prior to sending the third packet to a third MFE, wherein the first MFE is the initial MFE that processes the third packet. - View Dependent Claims (15, 16, 17, 18, 19, 20, 21)
-
Specification