[ovn] use of address scopes does not automatically disable router snat
Bug #1924776 reported by
James Page
This bug affects 1 person
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
neutron |
New
|
Undecided
|
Unassigned | ||
neutron (Ubuntu) |
New
|
Undecided
|
Unassigned |
Bug Description
OpenStack Ussuri
OVN 20.03.x
Ubuntu 20.04
When multiple networks/subnets are attached to a router which all form part of the same subnet pool and associated address scope SNAT is not automatically disabled to support routing between the subnets attached to the router.
Ensuring the router is created with SNAT disabled resolves this issue but that's an extra non-obvious step for a cloud admin/end user.
summary: |
- [ovn] use of address scopes does not automatically disable snat + [ovn] use of address scopes does not automatically disable router snat |
To post a comment you must log in.
Could you please provide a set of commands leading to this error? Also what behavior you expected and what happened instead?
I'm asking this because there are many moving parts here. If you meant the enable_snat bit in the API, I'm afraid it's impossible to automatically set that, since we can't predict if the user will later attach a subnet from a different address scope.
If you meant the SNAT-ting behavior between an internal subnet and the external gw of the same address scope then this may very well be a valid bug.
However I'm not able to reproduce it yet. This is what I tried (in an all-in-one ovn master devstack):
# set ovs bridge mappings and hostname ids:ovn- bridge- mappings= public: br-ex,physnet0: br-physnet0 ids:hostname= $(hostname)
sudo ovs-vsctl add-br br-physnet0
sudo ovs-vsctl set Open_vSwitch . external_
sudo ovs-vsctl set Open_vSwitch . external_
# give an ip to the bridge in the devstack vm
sudo ip link set up dev br-physnet0
sudo ip address add 10.0.0.2/24 dev br-physnet0
# create an image with serial console enabled, so we can later easily login and ping 20.04-server- cloudimg- amd64-disk- kvm-root- password. img u2004
openstack image create --disk-format qcow2 --public --file ~/ubuntu-
openstack address scope create scope0 prefix- length 22 pool0
openstack subnet pool create --address-scope scope0 --pool-prefix 10.0.0.0/8 --default-
# external net network- type flat --provider- physical- network physnet0
openstack network create net-physnet0 --external --provider-
openstack subnet create subnet-physnet0 --network net-physnet0 --subnet-pool pool0 --subnet-range 10.0.0.0/24 --gateway 10.0.0.1 --no-dhcp
# internal net in the same address scope network- type vlan --provider- physical- network physnet0 --provider-segment 100
openstack network create net0 --provider-
openstack subnet create subnet0 --network net0 --subnet-pool pool0 --subnet-range 10.0.1.0/24 --gateway 10.0.1.1
# router in disable-snat mode
openstack router create router0
openstack router set --external-gateway net-physnet0 --disable-snat router0
openstack router add subnet router0 subnet0
# boot, login over serial console SRV-ATTR: instance_ name )"
openstack server create --flavor ds1G --image u2004 --nic net-id=net0 --wait vm0
sudo virsh console "$( openstack server show vm0 -f value -c OS-EXT-
# ping 10.0.0.2 responds
# change router to enable-snat mode
openstack router set --external-gateway net-physnet0 --enable-snat router0
# ping 10.0.0.2 still responds