[ovs-discuss] [ovn] Opestack integration NAT issue

Michael Kashin mmkashin at gmail.com
Sat Nov 26 16:18:21 UTC 2016


I have an openstack lab which I've integrated with OVN. I'm using master
versions of OVN ML2 plugin and neutron. I've created a tenant network and
external provider network and interconnected them with a router. As far as
I can see the gateway got provisioned on one of my compute nodes and NAT
table of ovn-nbctl correctly populated. However neither SNAT or DNAT
actually work. Whenever I ping 8.8.8.8 from my VM I can see packets coming
out of external bridge un-nat'ed. I can reach the VM only if a point a
static route via the router's external interface.
I have tried troubleshooting it with ovn-trace but I get the following
error:
ngress(dp="neutron-3ad2632f-3849-4811-9046-b2668f19bba8",
inport="d6ab12e2-122d-4220-972c-db20706464d1")
---------------------------------------------------------------------------------------------------------
 0. ls_in_port_sec_l2 (ovn-northd.c:2827): inport ==
"d6ab12e2-122d-4220-972c-db20706464d1" && eth.src == {fa:16:3e:95:25:ac},
priority 50
    next(1);
 1. ls_in_port_sec_ip (ovn-northd.c:1974): inport ==
"d6ab12e2-122d-4220-972c-db20706464d1" && eth.src == fa:16:3e:95:25:ac &&
ip4.src == {10.0.0.11}, priority 90
    next(2);
 3. ls_in_pre_acl (ovn-northd.c:2245): ip, priority 100
    reg0[0] = 1;
    next(4);
 5. ls_in_pre_stateful (ovn-northd.c:2363): reg0[0] == 1, priority 100
    ct_next;
    *** ct_* actions not implemented


I've got the following packages installed on my nodes:
openvswitch-2.6.90-1.el7.centos.x86_64
openvswitch-ovn-common-2.6.90-1.el7.centos.x86_64
openvswitch-ovn-central-2.6.90-1.el7.centos.x86_64
openvswitch-kmod-2.6.90-1.el7.centos.x86_64
openvswitch-ovn-host-2.6.90-1.el7.centos.x86_64
python-networking-ovn-2.0.0-0.20161125115259.89a04ac.el7.centos.noarch

Any suggestions where I can look next?

Cheers,
Michael
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.openvswitch.org/pipermail/ovs-discuss/attachments/20161126/7d16abe5/attachment.html>


More information about the discuss mailing list