Just to provide more info to my last comment. The external_gateway_info field contains an element called 'enable_snat', which OVN uses to add SNAT rules for attached subnets. For example (sorry for wrap):
So OVN assumes it should not provide SNAT for any subnets.
So over-riding the list of returned subnet cidrs downstream of a router does make the code add more lr-nat-list entries, but there could be more surgery required to make it work properly.
Just to provide more info to my last comment. The external_ gateway_ info field contains an element called 'enable_snat', which OVN uses to add SNAT rules for attached subnets. For example (sorry for wrap):
| external_ gateway_ info | {"network_id": "dbfb3168- 85d5-4577- b221-5168f29760 f7", "external_ fixed_ips" : [{"subnet_id": "c6594685- dfec-4497- 8b22-b78f066cb5 e4", "ip_address": "172.24.4.187"}, {"subnet_id": "67f8c7c8- 7215-4ffb- aa98-f34ca8780e fc", |
| | "ip_address": "2001:db8::1"}], "enable_snat": true}
On a "nested" router, this field is empty:
| external_ gateway_ info | null |
So OVN assumes it should not provide SNAT for any subnets.
So over-riding the list of returned subnet cidrs downstream of a router does make the code add more lr-nat-list entries, but there could be more surgery required to make it work properly.