[ovs-dev] [PATCH ovn] Improve documentation of gateways.

Han Zhou hzhou at ovn.org
Sat Mar 14 00:17:51 UTC 2020


On Fri, Mar 13, 2020 at 3:32 PM Ben Pfaff <blp at ovn.org> wrote:
>
> On Tue, Mar 10, 2020 at 10:55:35PM -0700, Han Zhou wrote:
> > Hi Ben, sorry for the late reply. I know it is merged, but I still want
to
> > share a few comments below. Maybe we can discuss and work on a follow-up
> > patch if needed.
>
> Yes, let's continue to improve the documentation.  Thanks for the
> comments.
>
> > On Thu, Mar 5, 2020 at 11:37 AM Ben Pfaff <blp at ovn.org> wrote:
> > > +  <p>
> > > +    A <code>localnet</code> logical switch port bridges a logical
switch
> > to a
> > > +    physical VLAN.  A logical switch with a <code>localnet</code> LSP
> > should
> > > +    have only one other LSP. Some kinds of gateways (see
> > <code>Gateways</code>
> >
> > The "only one other" part is not true. It is normal for a logical switch
> > with a localnet LSP to have more than 2 LSPs.
>
> Thanks for the correction.
>
> > The common case is that a logical switch connecting multiple gateway
> > routers or distributed gateway ports to an external physical
> > network. In this scenario there can be N router type LSPs. Another
> > case, maybe less common, is the case mentioned below that a logical
> > network abstracting a physical network for features such as port
> > security and ACLs. In that case there can N VIF LSPs as well.
>
> Thanks.  I'll send a patch to fix this.
>
> > > +  <p>
> > > +    LSP types <code>vtep</code> and <code>l2gateway</code> are used
for
> > > +    gateways.  See <code>Gateways</code>, below, for more
information.
> > > +  </p>
> >
> > There is one more type "external" added by Numan, which may need to be
> > mentioned here as well?
>
> I didn't do the research yet to understand "external" properly, so I
> didn't want to say anything about it yet.  Help welcome!
>
> > > +  <p>
> > > +    DNAT and SNAT rules may be associated with a gateway router,
which
> > > +    provides a central location that can handle one-to-many SNAT
(aka IP
> > > +    masquerading).
> >
> > This description is correct, but it may seem to reader that gateway
router
> > is the only way to enalbe DNAT and SNAT. In fact, distributed gateway
ports
> > are capable of doing that as well.
>
> Thanks, I sent a patch for this as well.
>
> > > +  </p>
> > > +
> > > +  <h3>Distributed Gateway Ports</h3>
> > > +
> > > +  <p>
> > > +    A <dfn>distributed gateway port</dfn> is a logical router port
that
> > is
> > > +    specially configured to designate one distinguished chassis for
> > centralized
> > > +    processing.  A distributed gateway port should connect to a
logical
> > switch
> > > +    with a <code>localnet</code> port.  Packets to and from the
> > distributed
> >
> > In both gateway router section and here it mentioned "localnet" port,
but
> > they don't have to be connected to a logical switch with localnet port.
> > They can connect to regular logical switches, too. In the OVN
> > interconnection deployment, distributed gateway ports connect to a
transit
> > logical switch that connects to remote OVN AZ. The transit logical
switch
> > is a regular logical switch, which tunnels packets between gateway nodes
> > across AZs.
>
> Thanks.  I sent a patch for this as well.
>
> > > +  <p>
> > > +    <code>ovn-northd</code> creates two southbound
> > <code>Port_Binding</code>
> > > +    records to represent a distributed gateway port, instead of the
> > usual one.
> > > +    One of these is a <code>patch</code> port binding named for the
LRP,
> > which
> > > +    is used for as much traffic as it can.  The other one is a port
> > binding
> > > +    with type <code>chassisredirect</code>, named
> > > +    <code>cr-<var>port</var></code>.  The
<code>chassisredirect</code>
> > port
> > > +    binding has one specialized job: when a packet is output to it,
the
> > flow
> > > +    table causes it to be tunneled to the distinguished chassis, at
> > which point
> > > +    it is automatically output to the <code>patch</code> port
binding.
> > Thus,
> >
> > It doesn't have to be a patch port, for the reason I mentioned above.
>
> ovn_port_update_sbrec() suggests that LRPs can only create three types
> of port bindings: "chassisredirect" for derived ports, "l3gateway" for
> l3gateway ports, and "patch" for everything else.  What other kind is
> possible here?
>
My bad. Forget about this comment.

> > > +      <p>
> > > +        If any of these are set, this logical router port represents
a
> > > +        distributed gateway port that connects this router to a
> > > +        logical switch with a localnet port.  There may be at most
one
> > > +        such logical router port on each logical router.
> >
> > This is correct. But I am not sure why should we have this limitation.
Do
> > you know any reason? If no specific reason, I am think of removing this
> > limit in the future.
>
> I barely understand these features.  I don't think I'm qualified to give
> advice yet.
>
> I think I replied to all of your comments but, please, if I missed
> anything, let me know.  I want the documentation to be helpful and
> correct.

Thanks Ben for addressing all the comments.


More information about the dev mailing list