[ovs-dev] How OVN do SNAT/DNAT/VPN
Russell Bryant
russell at ovn.org
Tue Jan 19 13:53:13 UTC 2016
On 01/19/2016 08:32 AM, Na Zhu wrote:
> Hi,
>
> Can anyone tell me how OVN will support SNAT/DNAT and VPN in the future?
> In OVN, there is no use of neutron l3 agent, it uses native router for
> east-west traffic, this is distributed and already supported. But for
> SNAT/DNAT/VPN, currently still need l3 agent. What is your schedule about
> no use of l3 agent?
>
> For SNAT, there is centralized router in DVR, will OVN support SNAT similar
> to DVR? What about DNAT?
There hasn't been any design for NAT in OVN written down yet. Progress
is mostly dependent on getting NAT support in OVS completed, and then
we'll revisit the plans for OVN.
> For DNAT, the distributed router do DNAT on compute node, this need each
> compute node connects external network and each compute node consumes one
> public ip, this makes deployment complicated, will OVN support DNAT similar
> to DVR?
We already have OVN localnet ports which are used to implement Neutron
provider networks, where every compute node is connected to an external
network. I expect we'll be able to support DNAT in this same way, yes,
but I also don't expect it to be the only model supported.
> For VPN, done by service function VM?
Yes.
--
Russell Bryant
More information about the dev
mailing list