| 2024-02-01 11:51:55 |
Giuseppe Petralia |
bug |
|
|
added bug |
| 2024-02-01 11:52:49 |
Giuseppe Petralia |
bug |
|
|
added subscriber Edward Hope-Morley |
| 2024-02-01 11:53:38 |
Giuseppe Petralia |
description |
I am trying to achieve the following scenario:
I have a VM attached to a router w/o external gateway (called project-router) but with a default route which send all the traffic to another router (transit router) which has an external gateway with snat enabled and it is connected to a transit network 192.168.100.0/24
My VM is on 172.16.100.0/24, traffic hits the project-router thanks to the default route gets redirected to the transit-router correctly, here it gets into the external gateway but w/o being snat.
This is because in ovn since in ovn I see that in SNAT on that router is only enabled for logical ip in 192.168.100.0/24 which is the subnet directly connected to the router
# ovn-nbctl lr-nat-list neutron-6d1e6bb7-3949-43d1-8dac-dc55155b9ad8
TYPE EXTERNAL_IP EXTERNAL_PORT LOGICAL_IP EXTERNAL_MAC LOGICAL_PORT
snat 147.22.16.207 192.168.100.0/24
But I would like that this router snat all the traffic that hits it, even when coming from a subnet not directly connected to it.
I can achieve this by setting in ovn the snat for 0.0.0.0/0
# ovn-nbctl lr-nat-add neutron-6d1e6bb7-3949-43d1-8dac-dc55155b9ad8 snat 147.22.16.207 0.0.0.0/0
# ovn-nbctl lr-nat-list neutron-6d1e6bb7-3949-43d1-8dac-dc55155b9ad8
TYPE EXTERNAL_IP EXTERNAL_PORT LOGICAL_IP EXTERNAL_MAC LOGICAL_PORT
snat 147.22.16.207 0.0.0.0/0
snat 147.22.16.207 192.168.100.0/24
But this workaround can be wiped if I run the neutron-ovn-db-sync-util on any of the neutron-api unit.
Is there a way to achieve this via OpenStack? If not does it make sense to have this as a new feature? |
I am trying to achieve the following scenario:
I have a VM attached to a router w/o external gateway (called project-router) but with a default route which send all the traffic to another router (transit router) which has an external gateway with snat enabled and it is connected to a transit network 192.168.100.0/24
My VM is on 172.16.100.0/24, traffic hits the project-router thanks to the default route gets redirected to the transit-router correctly, here it gets into the external gateway but w/o being snat.
This is because in ovn I see that SNAT on this router is only enabled for logical ip in 192.168.100.0/24 which is the subnet directly connected to the router
# ovn-nbctl lr-nat-list neutron-6d1e6bb7-3949-43d1-8dac-dc55155b9ad8
TYPE EXTERNAL_IP EXTERNAL_PORT LOGICAL_IP EXTERNAL_MAC LOGICAL_PORT
snat 147.22.16.207 192.168.100.0/24
But I would like that this router snat all the traffic that hits it, even when coming from a subnet not directly connected to it.
I can achieve this by setting in ovn the snat for 0.0.0.0/0
# ovn-nbctl lr-nat-add neutron-6d1e6bb7-3949-43d1-8dac-dc55155b9ad8 snat 147.22.16.207 0.0.0.0/0
# ovn-nbctl lr-nat-list neutron-6d1e6bb7-3949-43d1-8dac-dc55155b9ad8
TYPE EXTERNAL_IP EXTERNAL_PORT LOGICAL_IP EXTERNAL_MAC LOGICAL_PORT
snat 147.22.16.207 0.0.0.0/0
snat 147.22.16.207 192.168.100.0/24
But this workaround can be wiped if I run the neutron-ovn-db-sync-util on any of the neutron-api unit.
Is there a way to achieve this via OpenStack? If not does it make sense to have this as a new feature? |
|
| 2024-02-01 11:54:34 |
Giuseppe Petralia |
summary |
[OVN] SNAT only happens for subnets directly connected to the router |
[OVN] SNAT only happens for subnets directly connected to a router |
|
| 2024-02-01 11:54:53 |
Giuseppe Petralia |
bug task added |
|
neutron |
|
| 2024-02-01 15:24:28 |
Brian Haley |
tags |
|
ovn |
|
| 2024-02-01 16:04:12 |
Brian Haley |
neutron: status |
New |
Confirmed |
|
| 2024-02-01 16:04:22 |
Brian Haley |
neutron: importance |
Undecided |
High |
|
| 2024-02-01 16:05:08 |
Brian Haley |
bug |
|
|
added subscriber Brian Haley |
| 2024-02-01 17:16:47 |
Brian Haley |
neutron: assignee |
|
Brian Haley (brian-haley) |
|
| 2024-02-01 23:00:17 |
OpenStack Infra |
neutron: status |
Confirmed |
In Progress |
|
| 2024-02-03 14:41:21 |
alisafari |
bug |
|
|
added subscriber alisafari |
| 2024-02-03 17:52:57 |
David Torrey |
bug |
|
|
added subscriber David Torrey |
| 2024-02-05 03:22:49 |
Liu Xie |
bug watch added |
|
https://github.com/ovn-org/ovn/issues/116 |
|
| 2024-02-06 11:22:50 |
Sven Kieske |
bug |
|
|
added subscriber Sven Kieske |
| 2024-02-07 14:08:48 |
Bartosz Bezak |
bug |
|
|
added subscriber Bartosz Bezak |
| 2024-02-07 14:09:05 |
Michal Nasiadka |
bug |
|
|
added subscriber Michal Nasiadka |
| 2024-02-14 19:51:57 |
Brian Haley |
attachment added |
|
Horizon picture of setup when complete https://bugs.launchpad.net/ubuntu/+source/neutron/+bug/2051935/+attachment/5746320/+files/ovn-pic.jpg |
|
| 2024-02-22 02:58:57 |
Liu Xie |
bug |
|
|
added subscriber Liu Xie |
