[ovs-git] [ovn-org/ovn] f9cab1: Allow explicit setting of the SNAT zone on a gatew...

Mark Michelson noreply at github.com
Tue Nov 17 19:15:14 UTC 2020


  Branch: refs/heads/master
  Home:   https://github.com/ovn-org/ovn
  Commit: f9cab11d5fabe2ae321a3b4bad5972b61df958c0
      https://github.com/ovn-org/ovn/commit/f9cab11d5fabe2ae321a3b4bad5972b61df958c0
  Author: Mark Michelson <mmichels at redhat.com>
  Date:   2020-11-17 (Tue, 17 Nov 2020)

  Changed paths:
    M controller/ovn-controller.c
    M controller/physical.c
    M lib/ovn-util.c
    M lib/ovn-util.h
    M northd/ovn-northd.c
    M ovn-nb.xml
    M tests/ovn.at

  Log Message:
  -----------
  Allow explicit setting of the SNAT zone on a gateway router.

In certain situations, OVN may coexist with other applications on a
host. Traffic from OVN and the other applications may then go out a
shared gateway. If OVN traffic and the other application traffic use
different conntrack zones for SNAT, then it is possible for the shared
gateway to assign conflicting source IP:port combinations. By sharing
the same conntrack zone, there will be no conflicting assignments.

In this commit, we introduce options:snat-ct-zone for northbound logical
routers. By setting this option, users can explicitly set the conntrack
zone for the logical router so that it will match the zone used by
non-OVN traffic on the host.

The biggest side effects of this patch are:
1) southbound datapath changes now result in recalculating CT zones in
   ovn-controller. This can result in recomputing physical flows in more
   situations than previously.
2) The table 65 flow to transition between datapaths is no longer
   associated with a port binding. This is because the flow refers to
   the peer datapath's CT zones, which can now be updated due to changes
   on that datapath. The flow therefore may need to be updated either
   due to the port binding being changed or the peer datapath being
   changed.

Reported-at: https://bugzilla.redhat.com/show_bug.cgi?id=1892311
Signed-off-by: Mark Michelson <mmichels at redhat.com>
Acked-by: Numan Siddique <numans at ovn.org>




More information about the git mailing list