[ovs-discuss] OVN knob to control floating IP NAT action
Hexin Wang
hexin.wang at nutanix.com
Mon Apr 24 21:57:38 UTC 2017
Hi Guru,
Thanks. You probably referred to the unit test "ovn -- DNAT and SNAT on distributed router - E/W" in tests/system-ovn.at? Is there anyway for me to configure route based dnat_and_snat from ovn-nbctl? Specifically can I qualify the following command with some prefix routes?
ovn-nbctl lr-nat-add R1 dnat_and_snat <public_ip> <private_ip> <lsp> <mac>
Or maybe there is another way to achieve the same functionality?
Regards,
Hexin
From: Guru Shetty
Date: Monday, April 24, 2017 at 12:44 PM
To: Hexin Wang
Cc: "ovs-discuss at openvswitch.org<mailto:ovs-discuss at openvswitch.org>"
Subject: Re: [ovs-discuss] OVN knob to control floating IP NAT action
On 24 April 2017 at 11:39, Hexin Wang <hexin.wang at nutanix.com<mailto:hexin.wang at nutanix.com>> wrote:
Hi Guru,
Let me try with the following use cases.
1. No floating IP is used for east-west routing traffic.
E.g. VM1 <-> VM2: Private IPs are used. No NAT applied.
2. Floating IP is used for south-north default route to internet traffic.
E.g. VM originated internet traffic: SNAT is applied to change source IP to floating IP. UNSNAT is applied to change destination IP back to private IP.
Yes. There are examples in tests/system-traffic.at<http://system-traffic.at>
Thanks.
Hexin
From: Guru Shetty
Date: Monday, April 24, 2017 at 11:34 AM
To: Hexin Wang
Cc: "ovs-discuss at openvswitch.org<mailto:ovs-discuss at openvswitch.org>"
Subject: Re: [ovs-discuss] OVN knob to control floating IP NAT action
On 24 April 2017 at 11:31, Hexin Wang <hexin.wang at nutanix.com<mailto:hexin.wang at nutanix.com>> wrote:
Hi,
Is there any knob in OVN to control when floating IP will be applied in the distributed NAT? Specifically:
1. If the destination IP is part of some private layer3 domain, the usual private IP is used to to reach the destination in the private layer3 domain.
2. If the destination IP is not part of the private layer3 domain but part of the public layer3 domain, the public IP (I.e. Floating IP) is used to replace the private IP address of the source packet.
I don't understand what you mean above. Please re-phrase with the direction of the packet.
Does OVN support this behavior today?
Thanks.
Hexin
_______________________________________________
discuss mailing list
discuss at openvswitch.org<mailto:discuss at openvswitch.org>
https://mail.openvswitch.org/mailman/listinfo/ovs-discuss
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.openvswitch.org/pipermail/ovs-discuss/attachments/20170424/737b90d8/attachment-0001.html>
More information about the discuss
mailing list