[ovs-git] [ovn-org/ovn] 20bc58: External IP based NAT: Add Columns and CLI
Ankur Sharma
noreply at github.com
Tue Sep 8 09:13:18 UTC 2020
Branch: refs/heads/master
Home: https://github.com/ovn-org/ovn
Commit: 20bc58a67f390f5a617d82c99b02a5c8c184612e
https://github.com/ovn-org/ovn/commit/20bc58a67f390f5a617d82c99b02a5c8c184612e
Author: Ankur Sharma <ankur.sharma at nutanix.com>
Date: 2020-09-08 (Tue, 08 Sep 2020)
Changed paths:
M ovn-nb.ovsschema
M ovn-nb.xml
M tests/ovn-nbctl.at
M utilities/ovn-nbctl.c
Log Message:
-----------
External IP based NAT: Add Columns and CLI
This patch adds following columns to NAT table.
a. allowed_ext_ips:
Represents Address Set of External IPs for which
a NAT rule is applicable.
b. exempted_ext_ips:
Represents Address Set of External IPs for which
a NAT rule is NOT applicable.
Additionally, patch adds nbctl cli to set these column values.
ovn-nbctl [--is-exempted] lr-nat-update-ext-ip
Signed-off-by: Ankur Sharma <ankur.sharma at nutanix.com>
Signed-off-by: Numan Siddique <numans at ovn.org>
Commit: fc79d690b9e5479ce0190a9808c21fdca76575c8
https://github.com/ovn-org/ovn/commit/fc79d690b9e5479ce0190a9808c21fdca76575c8
Author: Ankur Sharma <ankur.sharma at nutanix.com>
Date: 2020-09-08 (Tue, 08 Sep 2020)
Changed paths:
M northd/ovn-northd.8.xml
M northd/ovn-northd.c
M tests/ovn-northd.at
Log Message:
-----------
External IP based NAT: NORTHD changes to use allowed/exempted external ip
This patch has northd changes which consumes allowed/exempted external ip
configuration per NAT rule in logical flow.
Allowed external ip range adds an additional match criteria in
snat/dnat logical flow rules.
For example, if an allowed_external_ip address set ("abcd")
is configured for following NAT rule.
TYPE EXTERNAL_IP LOGICAL_IP
snat 10.15.24.135 50.0.0.10
Then logical flow will look like following:
..(lr_out_snat)...match=(ip && .... && ip4.dst == $abcd), action=(ct_snat(...);)
Exempted external ip range adds an additional flow at priority+1
to bypass the NAT pipeline if external ip is in extempted external
ip address set.
For example, if the same NAT rule mentioned aboe has an
exempted_external_ip address set ("efgh"), then
logical flow will look like following:
..(lr_out_snat), priority=162...match=(ip && .... && ip4.dst == $efgh), action=(next;)
..(lr_out_snat), priority=161...match=(ip && ....), action=(ct_snat(10.15.24.135);)
Signed-off-by: Ankur Sharma <ankur.sharma at nutanix.com>
Signed-off-by: Numan Siddique <numans at ovn.org>
Compare: https://github.com/ovn-org/ovn/compare/849c5a492a26...fc79d690b9e5
More information about the git
mailing list