[ovs-git] [ovn-org/ovn] 20bc58: External IP based NAT: Add Columns and CLI

Ankur Sharma noreply at github.com
Tue Sep 8 09:13:18 UTC 2020 

  Branch: refs/heads/master
  Home:   https://github.com/ovn-org/ovn
  Commit: 20bc58a67f390f5a617d82c99b02a5c8c184612e
      https://github.com/ovn-org/ovn/commit/20bc58a67f390f5a617d82c99b02a5c8c184612e
  Author: Ankur Sharma <ankur.sharma at nutanix.com>
  Date:   2020-09-08 (Tue, 08 Sep 2020)

  Changed paths:
    M ovn-nb.ovsschema
    M ovn-nb.xml
    M tests/ovn-nbctl.at
    M utilities/ovn-nbctl.c

  Log Message:
  -----------
  External IP based NAT: Add Columns and CLI

This patch adds following columns to NAT table.

a. allowed_ext_ips:
   Represents Address Set of External IPs for which
   a NAT rule is applicable.

b. exempted_ext_ips:
   Represents Address Set of External IPs for which
   a NAT rule is NOT applicable.

Additionally, patch adds nbctl cli to set these column values.
ovn-nbctl [--is-exempted] lr-nat-update-ext-ip

Signed-off-by: Ankur Sharma <ankur.sharma at nutanix.com>
Signed-off-by: Numan Siddique <numans at ovn.org>


  Commit: fc79d690b9e5479ce0190a9808c21fdca76575c8
      https://github.com/ovn-org/ovn/commit/fc79d690b9e5479ce0190a9808c21fdca76575c8
  Author: Ankur Sharma <ankur.sharma at nutanix.com>
  Date:   2020-09-08 (Tue, 08 Sep 2020)

  Changed paths:
    M northd/ovn-northd.8.xml
    M northd/ovn-northd.c
    M tests/ovn-northd.at

  Log Message:
  -----------
  External IP based NAT: NORTHD changes to use allowed/exempted external ip

This patch has northd changes which consumes allowed/exempted external ip
configuration per NAT rule in logical flow.

Allowed external ip range adds an additional match criteria in
snat/dnat logical flow rules.

For example, if an allowed_external_ip address set ("abcd")
is configured for following NAT rule.
TYPE             EXTERNAL_IP        LOGICAL_IP
snat             10.15.24.135       50.0.0.10

Then logical flow will look like following:
..(lr_out_snat)...match=(ip && .... && ip4.dst == $abcd), action=(ct_snat(...);)

Exempted external ip range adds an additional flow at priority+1
to bypass the NAT pipeline if external ip is in extempted external
ip address set.
For example, if the same NAT rule mentioned aboe has an
exempted_external_ip address set ("efgh"), then
logical flow will look like following:

..(lr_out_snat), priority=162...match=(ip && .... && ip4.dst == $efgh), action=(next;)
..(lr_out_snat), priority=161...match=(ip && ....), action=(ct_snat(10.15.24.135);)

Signed-off-by: Ankur Sharma <ankur.sharma at nutanix.com>
Signed-off-by: Numan Siddique <numans at ovn.org>


Compare: https://github.com/ovn-org/ovn/compare/849c5a492a26...fc79d690b9e5

More information about the git mailing list