[ovs-discuss] [ovn] Opestack integration NAT issue

Michael Kashin mmkashin at gmail.com
Sat Nov 26 22:37:11 UTC 2016


Apologies, made a noob mistake. I was building kmod RPMs on one node, whose
kernel has been updated, and installing it on compute nodes still running
the old kernel. All good now after kernel update on all nodes.

On 26 November 2016 at 16:18, Michael Kashin <mmkashin at gmail.com> wrote:

> I have an openstack lab which I've integrated with OVN. I'm using master
> versions of OVN ML2 plugin and neutron. I've created a tenant network and
> external provider network and interconnected them with a router. As far as
> I can see the gateway got provisioned on one of my compute nodes and NAT
> table of ovn-nbctl correctly populated. However neither SNAT or DNAT
> actually work. Whenever I ping 8.8.8.8 from my VM I can see packets coming
> out of external bridge un-nat'ed. I can reach the VM only if a point a
> static route via the router's external interface.
> I have tried troubleshooting it with ovn-trace but I get the following
> error:
> ngress(dp="neutron-3ad2632f-3849-4811-9046-b2668f19bba8",
> inport="d6ab12e2-122d-4220-972c-db20706464d1")
> ------------------------------------------------------------
> ---------------------------------------------
>  0. ls_in_port_sec_l2 (ovn-northd.c:2827): inport ==
> "d6ab12e2-122d-4220-972c-db20706464d1" && eth.src == {fa:16:3e:95:25:ac},
> priority 50
>     next(1);
>  1. ls_in_port_sec_ip (ovn-northd.c:1974): inport ==
> "d6ab12e2-122d-4220-972c-db20706464d1" && eth.src == fa:16:3e:95:25:ac &&
> ip4.src == {10.0.0.11}, priority 90
>     next(2);
>  3. ls_in_pre_acl (ovn-northd.c:2245): ip, priority 100
>     reg0[0] = 1;
>     next(4);
>  5. ls_in_pre_stateful (ovn-northd.c:2363): reg0[0] == 1, priority 100
>     ct_next;
>     *** ct_* actions not implemented
>
>
> I've got the following packages installed on my nodes:
> openvswitch-2.6.90-1.el7.centos.x86_64
> openvswitch-ovn-common-2.6.90-1.el7.centos.x86_64
> openvswitch-ovn-central-2.6.90-1.el7.centos.x86_64
> openvswitch-kmod-2.6.90-1.el7.centos.x86_64
> openvswitch-ovn-host-2.6.90-1.el7.centos.x86_64
> python-networking-ovn-2.0.0-0.20161125115259.89a04ac.el7.centos.noarch
>
> Any suggestions where I can look next?
>
> Cheers,
> Michael
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.openvswitch.org/pipermail/ovs-discuss/attachments/20161126/555057ea/attachment.html>


More information about the discuss mailing list