Message ID | 1596572757-5511-1-git-send-email-svc.mail.git@nutanix.com |
---|---|
Headers | show
Return-Path: <ovs-dev-bounces@openvswitch.org> X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=openvswitch.org (client-ip=140.211.166.138; helo=whitealder.osuosl.org; envelope-from=ovs-dev-bounces@openvswitch.org; receiver=<UNKNOWN>) Authentication-Results: ozlabs.org; dmarc=fail (p=none dis=none) header.from=nutanix.com Authentication-Results: ozlabs.org; dkim=fail reason="signature verification failed" (2048-bit key; unprotected) header.d=nutanix.com header.i=@nutanix.com header.a=rsa-sha256 header.s=proofpoint20171006 header.b=sNfRFC1O; dkim-atps=neutral Received: from whitealder.osuosl.org (smtp1.osuosl.org [140.211.166.138]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 4BLmVs6SX3z9s1x for <incoming@patchwork.ozlabs.org>; Wed, 5 Aug 2020 06:26:29 +1000 (AEST) Received: from localhost (localhost [127.0.0.1]) by whitealder.osuosl.org (Postfix) with ESMTP id 1C4E9859BE; Tue, 4 Aug 2020 20:26:28 +0000 (UTC) X-Virus-Scanned: amavisd-new at osuosl.org Received: from whitealder.osuosl.org ([127.0.0.1]) by localhost (.osuosl.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id zaeEE9mVMzJd; Tue, 4 Aug 2020 20:26:26 +0000 (UTC) Received: from lists.linuxfoundation.org (lf-lists.osuosl.org [140.211.9.56]) by whitealder.osuosl.org (Postfix) with ESMTP id 4CF53856F6; Tue, 4 Aug 2020 20:26:26 +0000 (UTC) Received: from lf-lists.osuosl.org (localhost [127.0.0.1]) by lists.linuxfoundation.org (Postfix) with ESMTP id 3225FC0051; Tue, 4 Aug 2020 20:26:26 +0000 (UTC) X-Original-To: ovs-dev@openvswitch.org Delivered-To: ovs-dev@lists.linuxfoundation.org Received: from whitealder.osuosl.org (smtp1.osuosl.org [140.211.166.138]) by lists.linuxfoundation.org (Postfix) with ESMTP id 1D7BFC004C for <ovs-dev@openvswitch.org>; Tue, 4 Aug 2020 20:26:25 +0000 (UTC) Received: from localhost (localhost [127.0.0.1]) by whitealder.osuosl.org (Postfix) with ESMTP id 06721856F6 for <ovs-dev@openvswitch.org>; Tue, 4 Aug 2020 20:26:25 +0000 (UTC) X-Virus-Scanned: amavisd-new at osuosl.org Received: from whitealder.osuosl.org ([127.0.0.1]) by localhost (.osuosl.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id VUYfndJJtlkY for <ovs-dev@openvswitch.org>; Tue, 4 Aug 2020 20:26:24 +0000 (UTC) X-Greylist: domain auto-whitelisted by SQLgrey-1.7.6 Received: from mx0b-002c1b01.pphosted.com (mx0b-002c1b01.pphosted.com [148.163.155.12]) by whitealder.osuosl.org (Postfix) with ESMTPS id 3616A8493F for <ovs-dev@openvswitch.org>; Tue, 4 Aug 2020 20:26:24 +0000 (UTC) Received: from pps.filterd (m0127841.ppops.net [127.0.0.1]) by mx0b-002c1b01.pphosted.com (8.16.0.42/8.16.0.42) with SMTP id 074KGC4s031321 for <ovs-dev@openvswitch.org>; Tue, 4 Aug 2020 13:26:23 -0700 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=nutanix.com; h=from : to : cc : subject : date : message-id : content-type : mime-version; s=proofpoint20171006; bh=3Lj2UQaSwBkgSjvzavd+5S3pL4eD8+2Q332c2wb1AWg=; b=sNfRFC1OQKbkthdxn3X3Eg8VIzUMYMy6kki+WhVT2lb4ImIjv+lkipg5G9t0dsgI3t3Y QUNXlm+E3K7/G3HhX2/F0UfkFjQuyxyz4WtIivCbmYSM2ZY9zSCSet7QzesxCRxbN6Da JCTqGWD8RJZER/hWshQo5EHK4r+ZzbSdHsUNyGRTetYkMgRstc0X7pP+C8RUN3aLFQi5 njrfcMGibFL4QyJ9gtbEkF2JFE88broUFWV4yH8uSqYarKcLQi8wQ8dWJKzySAWUyuh9 pcvcgCx/777OqEC2P6jcsHYCnLlXGoM7KDszWrhjpLUCyBzHO8C/AGolE9gHyoEv7IgC +A== Received: from nam11-dm6-obe.outbound.protection.outlook.com (mail-dm6nam11lp2177.outbound.protection.outlook.com [104.47.57.177]) by mx0b-002c1b01.pphosted.com with ESMTP id 32n5x8erqh-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT) for <ovs-dev@openvswitch.org>; Tue, 04 Aug 2020 13:26:23 -0700 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=g4ckJGYk/YGtucN1ntoHHlZDXMIBt42EX8tN7M8jo8D6ReoGV9q2tE7PQIJ+VVOyhdm6hgXC3/Rm1HctUUuMBJJIaWjcduU7OuRWg8ROZMd94R9eDEpTg5UeC9NO/aX0KFyQkW/dxebgiojuEBtHZeisJQzO3cBcXpIvlpxNBTWnggpxgO8YSXaufgn5KyZE9aqIAPn0UTFV98klDtYoULSf1FpZA2HJ7aIB7N9qqMRjaL9q3EsoTcbz3WN7q2RNXEOijHI5I8ciglZXp5lC0cE43pgKp1MJ1KKMdrydYAqMO73kSUy6Xu1LZWRcjAIweI3oeudMTSrnpuUYO3+w7w== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=3Lj2UQaSwBkgSjvzavd+5S3pL4eD8+2Q332c2wb1AWg=; b=daPxKsZo7LcxegVvCNi4Y41HODsdWUqTtRkwv/06lx2giHFbCAitmmanEnJO4mPRGsY9vqymDcwXHArbndpqQqvWnX3eWoKwDs6NNzmiLLkJqikcBdsFLQYwlyqdCSSggA5H++zio588FTc2HANTIKyMamnfwGzAErXFrKAwWimruvMx10i9akuuTfVZolmXrriifJP00C0NG8IBzNbkUaKhazRWdkD8UN0SuA1+F6OrLkWf/GtZif/+9Uj1MVK0axV0rURbrR0SCGKQhO84tBwefidWn+6k3nqWALfRJ2PCH40LCIBAmMh05/B5f93Cyvou6y1k5SkwIYDE8HcXfQ== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=nutanix.com; dmarc=pass action=none header.from=nutanix.com; dkim=pass header.d=nutanix.com; arc=none Authentication-Results: openvswitch.org; dkim=none (message not signed) header.d=none;openvswitch.org; dmarc=none action=none header.from=nutanix.com; Received: from BL0PR02MB3714.namprd02.prod.outlook.com (2603:10b6:207:44::16) by BL0PR02MB3873.namprd02.prod.outlook.com (2603:10b6:207:49::23) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3239.18; Tue, 4 Aug 2020 20:26:20 +0000 Received: from BL0PR02MB3714.namprd02.prod.outlook.com ([fe80::9911:8a54:4e9e:6f98]) by BL0PR02MB3714.namprd02.prod.outlook.com ([fe80::9911:8a54:4e9e:6f98%7]) with mapi id 15.20.3239.021; Tue, 4 Aug 2020 20:26:18 +0000 From: Ankur Sharma <svc.mail.git@nutanix.com> To: ovs-dev@openvswitch.org Date: Tue, 4 Aug 2020 13:25:55 -0700 Message-Id: <1596572757-5511-1-git-send-email-svc.mail.git@nutanix.com> X-Mailer: git-send-email 1.8.3.1 X-ClientProxiedBy: BYAPR08CA0011.namprd08.prod.outlook.com (2603:10b6:a03:100::24) To BL0PR02MB3714.namprd02.prod.outlook.com (2603:10b6:207:44::16) MIME-Version: 1.0 X-MS-Exchange-MessageSentRepresentingType: 1 Received: from northd.localdomain (192.146.154.98) by BYAPR08CA0011.namprd08.prod.outlook.com (2603:10b6:a03:100::24) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3239.18 via Frontend Transport; Tue, 4 Aug 2020 20:26:17 +0000 X-Mailer: git-send-email 1.8.3.1 X-Originating-IP: [192.146.154.98] X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-Correlation-Id: 2339a6ec-d9f0-4c13-ca62-08d838b4a490 X-MS-TrafficTypeDiagnostic: BL0PR02MB3873: X-MS-Exchange-Transport-Forked: True X-Microsoft-Antispam-PRVS: <BL0PR02MB3873AE48D64B6572D61B5574D14A0@BL0PR02MB3873.namprd02.prod.outlook.com> x-proofpoint-crosstenant: true X-MS-Oob-TLC-OOBClassifiers: OLM:9508; X-MS-Exchange-SenderADCheck: 1 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: Mlh+bdFOta3LYUihVnJheTF393vsjDCErrvRe91vczYBbZzEUWrTK3A1yvXnLeQULNdFy0kF8vkPXv+rsAga7ymxN4am7i3b6B+wcr+yTXYczyBXHy7oFOFZmoc7zlXWizD0Bx0bpSXTxLz7RVsb4pMrNzgMe90qxwNrflNDRIw2Oe5R2qqlFMF9lAHSPRlFmif7ynDv7g/ypeX12fMH2Nq1GchnyvF/kKiXce8KomqhqWAMoesrK/WkpS+r9XfEidRftynCINi46i5rR+QjAlHw5/0Mw4KpPFKUWsPvSZhslD63jaoauT28JJ8Ex5xK X-Forefront-Antispam-Report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:BL0PR02MB3714.namprd02.prod.outlook.com; PTR:; CAT:NONE; SFTY:; SFS:(4636009)(366004)(396003)(39850400004)(136003)(346002)(376002)(8676002)(316002)(8936002)(66556008)(2616005)(107886003)(2906002)(956004)(478600001)(66476007)(4326008)(6916009)(6512007)(66946007)(6486002)(5660300002)(36756003)(26005)(16526019)(6506007)(66574015)(186003)(6666004)(52116002)(83380400001)(86362001); DIR:OUT; SFP:1102; X-MS-Exchange-AntiSpam-MessageData: U092NgX8d+JDvs+9TAEqEvmVxTAY61y/Po+uG2Euln7u8DAzns+r/+Fp9oDj3Nux04j3hmAOTNj6deHYQGzOlX86vGSl3ApMn5gvAbQs7SWJf1+wXM16wRKPLpD7fD0c/wwJH0kI8bM3IIxerqXjLBgpB8DpLZftDyon4iqAPhb5ZO9XLlfuo0vwjExtBSgC3oc59ySsh6TCgjf+8uiYRL5oadLTSufI52kay7Y1eBzNUpswKYiTgWdNYIN5LVvUREmGTucq8JiQxKLweYpsmR2aDMrlQThC3YOHSN9FHaZHGzPaaIKleOUjzuo0VisPbcPViJxtRzsV0EMmfGr92+bOt0nBOktrNhpz8Cs7zsirOB1G6M8vgmjHrCUR+w4d9Y5SD3lnSxfpM974LmW22vNRVZlXyqXVii9MUUhBSLLOQZrjsOuX7lG+XH2w052asOOySJxHk3DEaC35SJpTs3WccrIVmViSDRJyQhW/jDsvlGeGuQZenXgQ4OzNcb3/3m2d5aLEjt6gTjVbeFq6+S0vjg9KsBUuZUF073K/LWN8Duv31T3mMUKmxbAPPkQ4yEg/KPlNMTUh85CWqFp4Z9m3x4pkJNTg8ISJTCc+gJGs4HWbQggBJmeoWmZKz1pdqlC9e0Djsegm3Z9ShZzKgA== X-OriginatorOrg: nutanix.com X-MS-Exchange-CrossTenant-Network-Message-Id: 2339a6ec-d9f0-4c13-ca62-08d838b4a490 X-MS-Exchange-CrossTenant-AuthSource: BL0PR02MB3714.namprd02.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 04 Aug 2020 20:26:18.1644 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: bb047546-786f-4de1-bd75-24e5b6f79043 X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: +o6cS+gsIVqRkGPYouH8MgwNaiqTzaSSr4cXXTHcGTJ7kOlz/sZWkMPk6RCf04BMR47xUVtjKjkOzlb1ioKZq3jyWfuALUQ9HDlmcfzrIrY= X-MS-Exchange-Transport-CrossTenantHeadersStamped: BL0PR02MB3873 X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:6.0.235, 18.0.687 definitions=2020-08-04_04:2020-08-03, 2020-08-04 signatures=0 X-Proofpoint-Spam-Reason: safe Subject: [ovs-dev] [PATCH v4 0/2 ovn] External IP based NAT X-BeenThere: ovs-dev@openvswitch.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: <ovs-dev.openvswitch.org> List-Unsubscribe: <https://mail.openvswitch.org/mailman/options/ovs-dev>, <mailto:ovs-dev-request@openvswitch.org?subject=unsubscribe> List-Archive: <http://mail.openvswitch.org/pipermail/ovs-dev/> List-Post: <mailto:ovs-dev@openvswitch.org> List-Help: <mailto:ovs-dev-request@openvswitch.org?subject=help> List-Subscribe: <https://mail.openvswitch.org/mailman/listinfo/ovs-dev>, <mailto:ovs-dev-request@openvswitch.org?subject=subscribe> Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Errors-To: ovs-dev-bounces@openvswitch.org Sender: "dev" <ovs-dev-bounces@openvswitch.org> |
Series |
External IP based NAT
|
expand
|
From: Ankur Sharma <ankur.sharma@nutanix.com> Another term for this feature is destination based NAT, especially in the context of SNAT. Current NAT implementation is OVN endpoint ip based. For example, # ovn-nbctl lr-nat-list router TYPE EXTERNAL_IP LOGICAL_IP snat 10.15.24.135 50.0.0.0/24 # ovn-nbctl lr-route-list router IPv4 Routes 0.0.0.0/0 10.15.24.1 dst-ip Above configuration implies that anytime packet from 50.0.0.0/24 leaves logical router space (through default route), then it will be NATed. Similarly, if we remove the NAT rule, then packet from 50.0.0.0/24 leaves logical router space, without any NAT. i.e as of now in OVN, NAT/NON-NAT based communication from an endpoint with external ips is mutually exclusive. This feature allows external ips to be specified in NAT rule so that we can decide which external ips we want to apply a rule on. That ways a given source ip can talk to external ips with NAT and without NAT as well. One of the key usecases for this feature if a logical router has to talk to endpoints outside the logical router space (i.e NS traffic), but we dont have to do NAT for all the external endpoints. i.e logical router is peered to (some) external subnets, and non overlapping ips between logical router and external subnet space are ensured. Ankur Sharma (2): External IP based NAT: Add Columns and CLI External IP based NAT: NORTHD changes to use applied/exempted external ip northd/ovn-northd.c | 61 ++++++++++++++++++++++++ ovn-nb.ovsschema | 14 +++++- ovn-nb.xml | 35 ++++++++++++++ tests/ovn-nbctl.at | 44 ++++++++++++++++- tests/ovn-northd.at | 127 ++++++++++++++++++++++++++++++++++++++++++++++++++ utilities/ovn-nbctl.c | 116 ++++++++++++++++++++++++++++++++++++++++++++- 6 files changed, 393 insertions(+), 4 deletions(-)