[ovs-discuss] [ovn] distributed router port and distributed SNAT

Tony Liu tonyliu0592 at hotmail.com
Thu Sep 24 17:03:53 UTC 2020 

> -----Original Message-----
> From: Numan Siddique <numans at ovn.org>
> Sent: Wednesday, September 23, 2020 11:12 PM
> To: Tony Liu <tonyliu0592 at hotmail.com>
> Cc: ovs-discuss <ovs-discuss at openvswitch.org>
> Subject: Re: [ovs-discuss] [ovn] distributed router port and distributed
> SNAT
> 
> 
> 
> On Thu, Sep 24, 2020 at 10:14 AM Tony Liu <tonyliu0592 at hotmail.com
> <mailto:tonyliu0592 at hotmail.com> > wrote:
> 
> 
> 	Hi,
> 
> 	I read through this long discussion [1].
> 
> 	Here is what I am doing.
> 
> 	    +------------------------------------------+
> 	    |        external logical switch           |
> 	    +-+-------------+--------------------+-----+
> 	      |             |                    |
> 	   +--+--+       +--+--+             +---+----+
> 	   |dgp1 |       |dgp2 |   ...       |dgp1000 |
> 	   +--+--+       +--+--+             +---+----+
> 	      |             |                    |
> 	    +-+-+         +-+-+              +---+---+
> 	    |LR1|         |LR2|              |LR1000 |
> 	    +---+         +---+              +-------+
> 
> 	First of all, I see the same flow explosion in lr_in_arp_resolve
> 	table. I'd like to confirm the patch [2] will also avoid explosion
> 	in my case?
> 
> 
> 
> 
> I think so. Maybe Han or Dumitru can confirm. I suggest that you test it
> out yourself.
> You can stop the neutron server and run a script which sets this option
> on each logical router.
> 
> something like
> 
> for i in $(ovn-nbctl --bare --columns __uuid list logical_router) do
>     ovn-nbctl set logical_router $i
> options:always_learn_from_arp_request=false
> done
> 
> 
> 
> 	In my case, LRs are not bound to any specific compute chassis.
> 	All DGPs are bound on the central set of gateway chassis.
> 	It's central SNAT and FIP.
> 
> 	I am looking for the possibility to do distributed SNAT and FIP to
> 	avoid central gateway nodes. With OpenStack integration,
> 	distributed FIP is supported, but not distributed SNAT. because
> 	there is not chassis specific address can be used as the source
> 	IP for SNAT.
> 
> 
> 
> 
> I  don't think OVN supports distributed SNAT.
> 
> 
> 
> 	Given the idea in [3], DPG can be bound on compute chassis.
> 	I don't need the support to have multiple DPGs on one LR.
> 	Then is that going to work for distributed SNAT?
> 	Any details, like how to allocate chassis specific address
> 	as the source IP for SNAT, and how ARP works for that address?
> 
> 
> 
> I am not sure how easy is it going to support this.

Two pieces here, 1) multiple DPG, 2) DPG binding.
I know #1 is not supported, and I actually don't need it.
Is #2 already supported? If yes, then distributed SNAT can be
supported by that?


Thanks!
Tony
> 
> Thanks
> Numan
> 
> 
> 
> 	[1] https://www.mail-archive.com/ovs-
> discuss at openvswitch.org/msg06948.html
> 	[2] https://www.mail-archive.com/ovs-
> dev at openvswitch.org/msg45681.html
> 	[3] https://www.mail-archive.com/ovs-
> discuss at openvswitch.org/msg06987.html
> 
> 	Thanks!
> 	Tony
> 
> 	_______________________________________________
> 	discuss mailing list
> 	discuss at openvswitch.org <mailto:discuss at openvswitch.org>
> 	https://mail.openvswitch.org/mailman/listinfo/ovs-discuss
> 
>

More information about the discuss mailing list