Add option to disable vrf leak to default
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
ovn-bgp-agent |
New
|
Undecided
|
Unassigned |
Bug Description
By default ovn_bgp_driver leaks the VRF to the default routing table. In the event that there is a separate transit network configured, this can cause asymmetric routing to occur, because incoming packets will be received, but outgoing packets will be sent off on a different interface.
Example:
- eth0: management, default route
- eth1: external interface, connected to br-ex
- a transit network was configured on vlan 10, which is trunked to eth1
- VM floating IPs and tenant networks need to be isolated from management and advertised out the transit network
This could be configurable through the conf and implemented in the jinja template to prevent this from occurring in the event that the networks need true isolation. It also allows the transit network to be the default route out, and prevents the need to setup policy based routing, which doesn't appear to work correctly in the frr implementation.
I'm not sure I completely understand this. That would require to learn routes on the computes right? or have some default routes to the CIDRs that you want use on eth1?
How do you make the transit network to be the default route out? the vrf leaking is about sending the routes on the nic/peer that was configured on the frr template, not about creating default routes in the local host,
I'm not sure if what you are looking for is the EVPN support that is being added here instead? https:/ /review. opendev. org/c/openstack /ovn-bgp- agent/+ /906505