[ovs-discuss] [ovn] dnat_and_snat configuration question
Numan Siddique
numans at ovn.org
Tue Sep 14 18:38:40 UTC 2021
On Thu, Sep 9, 2021 at 11:56 AM Odintsov Vladislav <VlOdintsov at croc.ru> wrote:
>
> Hi,
>
> There are some questions about NAT in OVN from me.
>
> 1. Is there any documentation about how GARP works in OVN with localnet ports?
> I see GARPs sending when new network is configured on the associated router port (ovn-nbctl set logical-router-port <lrp> networks="<ip1> <ip2>")
>
Can you please see ovn-nb man page and grep for "nat-addresses" -
https://www.ovn.org/support/dist-docs/ovn-nb.5.html
> 2. I’m wonder if GARP should be sent when a new dnat_and_snat rule is added to the edge LR.
> We’ve got cases, where in centralised topology administrator can reschedule chassis for 1:1 outgoing traffic. In my understanding it’s just enough to set new gateway chassis to wan logical router port and remove an old one. So, CR lrp is moved to another chassis and should sent GARP to notify upstream switches to update FDB. In my tests this is not executed, but may be I’m configured something wrong.
If you configure nat-addresses=router for the logical switch port of
type router (connecting to the router port), then ovn-controller will
send GARPs for NAT entries.
Obviously the logical switch would be also having a localnet port.
ovn-controller will generate GARPs and send them out
via the patch ports connecting the br-int to the provider bridge.
This is what the man page says
----
Options for router ports:
These options apply when type is router.
options : router-port: optional string
Required. The name of the Logical_Router_Port to which this log‐
ical switch port is connected.
options : nat-addresses: optional string
This is used to send gratuitous ARPs for SNAT and DNAT IP
addresses via the localnet port that is attached to the same
logical switch as this type router port. This option is speci‐
fied on a logical switch port that is connected to a gateway
router, or a logical switch port that is connected to a distrib‐
uted gateway port on a logical router.
This must take one of the following forms:
router Gratuitous ARPs will be sent for all SNAT and DNAT exter‐
nal IP addresses and for all load balancer IP addresses
defined on the options:router-port’s logical router,
using the options:router-port’s MAC address.
This form of options:nat-addresses is valid for logical
switch ports where options:router-port is the name of a
port on a gateway router, or the name of a distributed
gateway port.
Supported only in OVN 2.8 and later. Earlier versions
required NAT addresses to be manually synchronized.
Ethernet address followed by one or more IPv4 addresses
Example: 80:fa:5b:06:72:b7 158.36.44.22 158.36.44.24.
This would result in generation of gratuitous ARPs for IP
addresses 158.36.44.22 and 158.36.44.24 with a MAC
address of 80:fa:5b:06:72:b7.
This form of options:nat-addresses is only valid for log‐
ical switch ports where options:router-port is the name
of a port on a gateway router.
-------
>
> 3. Do I need to configure an IP address to be an LRP network address for each NAT 1:1 entry?
I didn't understand this question completely. Which column of NAT
table are you referring to here ?
"logical_ip" column or "external_ip" column ?
Thanks
Numan
> Currently I have on wan port only one IP /32 and configured 0.0.0.0/0 route via default GW with output_port set to LR’s wan port.
>
> Thanks.
>
> Regards,
> Vladislav Odintsov
>
> _______________________________________________
> discuss mailing list
> discuss at openvswitch.org
> https://mail.openvswitch.org/mailman/listinfo/ovs-discuss
More information about the discuss
mailing list