Ok, as I was asked about the case of 3 nested routers (i.e. a network on a private subnet behind 3 total routers, 2 nested on their own private networks), I've tested that as well. Same results - shows a clear regression from ML2/OVS to OVN.
Again, I used devstack, this was the latest commit in the neutron tree as these deployments were already running from last try:
Ok, as I was asked about the case of 3 nested routers (i.e. a network on a private subnet behind 3 total routers, 2 nested on their own private networks), I've tested that as well. Same results - shows a clear regression from ML2/OVS to OVN.
Again, I used devstack, this was the latest commit in the neutron tree as these deployments were already running from last try:
$ git log -1 2cff2abb8f3e590 2d359a6642
commit a8fe0cb369da731
Merge: 2d74a93d68 d55c591ecd
Author: Zuul <email address hidden>
Date: Wed Feb 14 15:59:24 2024 +0000
Merge "[OVN] A LRP in an external tunnelled network has no chassis"
# Create nested network
$ openstack network create private- network- nested default- subnetpool- v4 --network private- network- nested private- subnet- nested subnet- nested private- subnet, ip-address= 10.0.0. 62 private-port 10.0.0. 64/26,gateway= 10.0.0. 62 router1 0.0.0.0/ 0,gateway= 10.0.0. 1 router-nested
$ openstack subnet create --subnet-pool shared-
$ openstack router create router-nested
$ openstack router add subnet router-nested private-
$ openstack port create --network private --fixed-ip subnet=
$ openstack router add port router-nested private-port
$ openstack router add route --route destination=
$ openstack router add route --route destination=
# Create nested network, 3-layers deep
$ openstack network create private- network- nested- 3 default- subnetpool- v4 --network private- network- nested- 3 private- subnet- nested- 3 subnet- nested- 3 network- nested --fixed-ip subnet= private- subnet- nested, ip-address= 10.0.0. 126 private-port-2 0.0.0.0/ 0,gateway= 10.0.0. 65 router-nested-3 10.0.0. 128/26, gateway= 10.0.0. 62 router1 10.0.0. 128/26, gateway= 10.0.0. 126 router-nested
$ openstack subnet create --subnet-pool shared-
$ openstack router create router-nested-3
$ openstack router add subnet router-nested-3 private-
$ openstack port create --network private-
$ openstack router add port router-nested-3 private-port-2
$ openstack router add route --route destination=
$ openstack router add route --route destination=
$ openstack router add route --route destination=
# Launch an instance on doubly-nested network
$ openstack server create --flavor 1 --image cirros- 0.6.2-x86_ 64-disk --key-name devstackkeypair --network private- network- nested- 3 test_server1
# Open console of test_server1
# ping 8.8.8.8 (fail)
# Does not work with OVN
$ sudo ovn-nbctl lr-nat-list neutron- 034efa05- 5717-4e77- b131-b79920ec2a 24
TYPE EXTERNAL_IP EXTERNAL_PORT LOGICAL_IP EXTERNAL_MAC LOGICAL_PORT
snat 172.24.4.122 10.0.0.0/26
# Does work with OVN with the proposed patch
# ping 8.8.8.8 (success)
$ sudo ovn-nbctl lr-nat-list neutron- 034efa05- 5717-4e77- b131-b79920ec2a 24
TYPE EXTERNAL_IP EXTERNAL_PORT LOGICAL_IP EXTERNAL_MAC LOGICAL_PORT
snat 172.24.4.122 10.0.0.0/26
snat 172.24.4.122 10.0.0.128/26
snat 172.24.4.122 10.0.0.64/26
# Does work with ML2/OVS, running same exact commands as above.
# ping 8.8.8.8 (success)