[ovs-dev] [PATCH ovn] Improve documentation of gateways.

Ben Pfaff blp at ovn.org
Fri Mar 13 22:32:44 UTC 2020

On Tue, Mar 10, 2020 at 10:55:35PM -0700, Han Zhou wrote:
> Hi Ben, sorry for the late reply. I know it is merged, but I still want to
> share a few comments below. Maybe we can discuss and work on a follow-up
> patch if needed.

Yes, let's continue to improve the documentation.  Thanks for the

> On Thu, Mar 5, 2020 at 11:37 AM Ben Pfaff <blp at ovn.org> wrote:
> > +  <p>
> > +    A <code>localnet</code> logical switch port bridges a logical switch
> to a
> > +    physical VLAN.  A logical switch with a <code>localnet</code> LSP
> should
> > +    have only one other LSP. Some kinds of gateways (see
> <code>Gateways</code>
> The "only one other" part is not true. It is normal for a logical switch
> with a localnet LSP to have more than 2 LSPs. 

Thanks for the correction.

> The common case is that a logical switch connecting multiple gateway
> routers or distributed gateway ports to an external physical
> network. In this scenario there can be N router type LSPs. Another
> case, maybe less common, is the case mentioned below that a logical
> network abstracting a physical network for features such as port
> security and ACLs. In that case there can N VIF LSPs as well.

Thanks.  I'll send a patch to fix this.

> > +  <p>
> > +    LSP types <code>vtep</code> and <code>l2gateway</code> are used for
> > +    gateways.  See <code>Gateways</code>, below, for more information.
> > +  </p>
> There is one more type "external" added by Numan, which may need to be
> mentioned here as well?

I didn't do the research yet to understand "external" properly, so I
didn't want to say anything about it yet.  Help welcome!

> > +  <p>
> > +    DNAT and SNAT rules may be associated with a gateway router, which
> > +    provides a central location that can handle one-to-many SNAT (aka IP
> > +    masquerading).
> This description is correct, but it may seem to reader that gateway router
> is the only way to enalbe DNAT and SNAT. In fact, distributed gateway ports
> are capable of doing that as well.

Thanks, I sent a patch for this as well.

> > +  </p>
> > +
> > +  <h3>Distributed Gateway Ports</h3>
> > +
> > +  <p>
> > +    A <dfn>distributed gateway port</dfn> is a logical router port that
> is
> > +    specially configured to designate one distinguished chassis for
> centralized
> > +    processing.  A distributed gateway port should connect to a logical
> switch
> > +    with a <code>localnet</code> port.  Packets to and from the
> distributed
> In both gateway router section and here it mentioned "localnet" port, but
> they don't have to be connected to a logical switch with localnet port.
> They can connect to regular logical switches, too. In the OVN
> interconnection deployment, distributed gateway ports connect to a transit
> logical switch that connects to remote OVN AZ. The transit logical switch
> is a regular logical switch, which tunnels packets between gateway nodes
> across AZs.

Thanks.  I sent a patch for this as well.

> > +  <p>
> > +    <code>ovn-northd</code> creates two southbound
> <code>Port_Binding</code>
> > +    records to represent a distributed gateway port, instead of the
> usual one.
> > +    One of these is a <code>patch</code> port binding named for the LRP,
> which
> > +    is used for as much traffic as it can.  The other one is a port
> binding
> > +    with type <code>chassisredirect</code>, named
> > +    <code>cr-<var>port</var></code>.  The <code>chassisredirect</code>
> port
> > +    binding has one specialized job: when a packet is output to it, the
> flow
> > +    table causes it to be tunneled to the distinguished chassis, at
> which point
> > +    it is automatically output to the <code>patch</code> port binding.
> Thus,
> It doesn't have to be a patch port, for the reason I mentioned above.

ovn_port_update_sbrec() suggests that LRPs can only create three types
of port bindings: "chassisredirect" for derived ports, "l3gateway" for
l3gateway ports, and "patch" for everything else.  What other kind is
possible here?

> > +      <p>
> > +        If any of these are set, this logical router port represents a
> > +        distributed gateway port that connects this router to a
> > +        logical switch with a localnet port.  There may be at most one
> > +        such logical router port on each logical router.
> This is correct. But I am not sure why should we have this limitation. Do
> you know any reason? If no specific reason, I am think of removing this
> limit in the future.

I barely understand these features.  I don't think I'm qualified to give
advice yet.

I think I replied to all of your comments but, please, if I missed
anything, let me know.  I want the documentation to be helpful and

More information about the dev mailing list