| Message ID | 1594254291-90069-1-git-send-email-svc.mail.git@nutanix.com |
|---|---|
| Headers | show |
| Series | External IP based NAT | expand |
On Thu, Jul 9, 2020 at 5:55 AM Ankur Sharma <svc.mail.git@nutanix.com> wrote: > Another term for this feature is destination based NAT, > especially in the context of SNAT. > > Current NAT implementation is OVN endpoint ip based. > For example, > > # ovn-nbctl lr-nat-list router > TYPE EXTERNAL_IP LOGICAL_IP > snat 10.15.24.135 50.0.0.0/24 > > # ovn-nbctl lr-route-list router > IPv4 Routes > 0.0.0.0/0 10.15.24.1 dst-ip > > Above configuration implies that anytime packet from > 50.0.0.0/24 leaves logical router space (through default route), > then it will be NATed. > > Similarly, if we remove the NAT rule, then packet from > 50.0.0.0/24 leaves logical router space, without any NAT. > > i.e as of now in OVN, NAT/NON-NAT based communication from an endpoint > with external ips is mutually exclusive. This feature allows > external ips to be specified in NAT rule so that we can decide > which external ips we want to apply a rule on. That ways a given > source ip can talk to external ips with NAT and without NAT as well. > > One of the key usecases for this feature if a logical router has > to talk to endpoints outside the logical router space (i.e NS traffic), > but we dont have to do NAT for all the external endpoints. > i.e logical router is peered to (some) external subnets, and non > overlapping ips between logical router and external subnet > space are ensured. > > Ankur Sharma (2): > External IP based NAT: Add Columns and CLI > External IP based NAT: NORTHD changes to use applied/exempted external > Hi Ankur, Can you please rebase these patches and submit v4 ? These patches don't apply on top of the master. Thanks Numan > ip > > northd/ovn-northd.c | 61 ++++++++++++++++++++++++ > ovn-nb.ovsschema | 14 +++++- > ovn-nb.xml | 35 ++++++++++++++ > tests/ovn-nbctl.at | 44 ++++++++++++++++- > tests/ovn-northd.at | 127 > ++++++++++++++++++++++++++++++++++++++++++++++++++ > utilities/ovn-nbctl.c | 116 ++++++++++++++++++++++++++++++++++++++++++++- > 6 files changed, 393 insertions(+), 4 deletions(-) > > -- > 1.8.3.1 > > _______________________________________________ > dev mailing list > dev@openvswitch.org > https://mail.openvswitch.org/mailman/listinfo/ovs-dev > >
Hi Numan, Just submitted V4. Appreciate your feedback. Regards, Ankur
Another term for this feature is destination based NAT, especially in the context of SNAT. Current NAT implementation is OVN endpoint ip based. For example, # ovn-nbctl lr-nat-list router TYPE EXTERNAL_IP LOGICAL_IP snat 10.15.24.135 50.0.0.0/24 # ovn-nbctl lr-route-list router IPv4 Routes 0.0.0.0/0 10.15.24.1 dst-ip Above configuration implies that anytime packet from 50.0.0.0/24 leaves logical router space (through default route), then it will be NATed. Similarly, if we remove the NAT rule, then packet from 50.0.0.0/24 leaves logical router space, without any NAT. i.e as of now in OVN, NAT/NON-NAT based communication from an endpoint with external ips is mutually exclusive. This feature allows external ips to be specified in NAT rule so that we can decide which external ips we want to apply a rule on. That ways a given source ip can talk to external ips with NAT and without NAT as well. One of the key usecases for this feature if a logical router has to talk to endpoints outside the logical router space (i.e NS traffic), but we dont have to do NAT for all the external endpoints. i.e logical router is peered to (some) external subnets, and non overlapping ips between logical router and external subnet space are ensured. Ankur Sharma (2): External IP based NAT: Add Columns and CLI External IP based NAT: NORTHD changes to use applied/exempted external ip northd/ovn-northd.c | 61 ++++++++++++++++++++++++ ovn-nb.ovsschema | 14 +++++- ovn-nb.xml | 35 ++++++++++++++ tests/ovn-nbctl.at | 44 ++++++++++++++++- tests/ovn-northd.at | 127 ++++++++++++++++++++++++++++++++++++++++++++++++++ utilities/ovn-nbctl.c | 116 ++++++++++++++++++++++++++++++++++++++++++++- 6 files changed, 393 insertions(+), 4 deletions(-)