[ovs-dev] [PATCH v6 0/2 ovn] External IP based NAT

Ankur Sharma svc.mail.git at nutanix.com
Mon Sep 7 20:56:43 UTC 2020


From: Ankur Sharma <ankur.sharma at nutanix.com>

Another term for this feature is destination based NAT,
especially in the context of SNAT.

Current NAT implementation is OVN endpoint ip based.
For example,

# ovn-nbctl lr-nat-list router
TYPE             EXTERNAL_IP        LOGICAL_IP
snat             10.15.24.135       50.0.0.0/24

# ovn-nbctl lr-route-list router
IPv4 Routes
                0.0.0.0/0                10.15.24.1 dst-ip

Above configuration implies that anytime packet from
50.0.0.0/24 leaves logical router space (through default route),
then it will be NATed.

Similarly, if we remove the NAT rule, then packet from
50.0.0.0/24 leaves logical router space, without any NAT.

i.e as of now in OVN, NAT/NON-NAT based communication from an endpoint
with external ips is mutually exclusive. This feature allows
external ips to be specified in NAT rule so that we can decide
which external ips we want to apply a rule on. That ways a given
source ip can talk to external ips with NAT and without NAT as well.

One of the key usecases for this feature if a logical router has
to talk to endpoints outside the logical router space (i.e NS traffic),
but we dont have to do NAT for all the external endpoints.
i.e logical router is peered to (some) external subnets, and non
overlapping ips between logical router and external subnet
space are ensured.

Ankur Sharma (2):
  External IP based NAT: Add Columns and CLI
  External IP based NAT: NORTHD changes to use allowed/exempted external
    ip

 northd/ovn-northd.8.xml |  67 +++++++++++++++
 northd/ovn-northd.c     | 102 +++++++++++++++++++++++
 ovn-nb.ovsschema        |  14 +++-
 ovn-nb.xml              |  48 +++++++++++
 tests/ovn-nbctl.at      |  44 +++++++++-
 tests/ovn-northd.at     | 210 ++++++++++++++++++++++++++++++++++++++++++++++++
 utilities/ovn-nbctl.c   | 116 +++++++++++++++++++++++++-
 7 files changed, 597 insertions(+), 4 deletions(-)

-- 
1.8.3.1



More information about the dev mailing list