[ovs-dev] [PATCH v6 0/2 ovn] External IP based NAT
svc.mail.git at nutanix.com
Mon Sep 7 20:56:43 UTC 2020
From: Ankur Sharma <ankur.sharma at nutanix.com>
Another term for this feature is destination based NAT,
especially in the context of SNAT.
Current NAT implementation is OVN endpoint ip based.
# ovn-nbctl lr-nat-list router
TYPE EXTERNAL_IP LOGICAL_IP
snat 10.15.24.135 184.108.40.206/24
# ovn-nbctl lr-route-list router
0.0.0.0/0 10.15.24.1 dst-ip
Above configuration implies that anytime packet from
220.127.116.11/24 leaves logical router space (through default route),
then it will be NATed.
Similarly, if we remove the NAT rule, then packet from
18.104.22.168/24 leaves logical router space, without any NAT.
i.e as of now in OVN, NAT/NON-NAT based communication from an endpoint
with external ips is mutually exclusive. This feature allows
external ips to be specified in NAT rule so that we can decide
which external ips we want to apply a rule on. That ways a given
source ip can talk to external ips with NAT and without NAT as well.
One of the key usecases for this feature if a logical router has
to talk to endpoints outside the logical router space (i.e NS traffic),
but we dont have to do NAT for all the external endpoints.
i.e logical router is peered to (some) external subnets, and non
overlapping ips between logical router and external subnet
space are ensured.
Ankur Sharma (2):
External IP based NAT: Add Columns and CLI
External IP based NAT: NORTHD changes to use allowed/exempted external
northd/ovn-northd.8.xml | 67 +++++++++++++++
northd/ovn-northd.c | 102 +++++++++++++++++++++++
ovn-nb.ovsschema | 14 +++-
ovn-nb.xml | 48 +++++++++++
tests/ovn-nbctl.at | 44 +++++++++-
tests/ovn-northd.at | 210 ++++++++++++++++++++++++++++++++++++++++++++++++
utilities/ovn-nbctl.c | 116 +++++++++++++++++++++++++-
7 files changed, 597 insertions(+), 4 deletions(-)
More information about the dev