Message ID | 1597890856-68849-1-git-send-email-svc.mail.git@nutanix.com |
---|---|
Headers | show
Return-Path: <ovs-dev-bounces@openvswitch.org> X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=openvswitch.org (client-ip=140.211.166.136; helo=silver.osuosl.org; envelope-from=ovs-dev-bounces@openvswitch.org; receiver=<UNKNOWN>) Authentication-Results: ozlabs.org; dmarc=fail (p=none dis=none) header.from=nutanix.com Authentication-Results: ozlabs.org; dkim=fail reason="signature verification failed" (2048-bit key; unprotected) header.d=nutanix.com header.i=@nutanix.com header.a=rsa-sha256 header.s=proofpoint20171006 header.b=iuM5hBL7; dkim-atps=neutral Received: from silver.osuosl.org (smtp3.osuosl.org [140.211.166.136]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 4BX7yk1T3pz9sRN for <incoming@patchwork.ozlabs.org>; Thu, 20 Aug 2020 12:34:38 +1000 (AEST) Received: from localhost (localhost [127.0.0.1]) by silver.osuosl.org (Postfix) with ESMTP id 36ACB20532; Thu, 20 Aug 2020 02:34:36 +0000 (UTC) X-Virus-Scanned: amavisd-new at osuosl.org Received: from silver.osuosl.org ([127.0.0.1]) by localhost (.osuosl.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Efhbl5pihw2h; Thu, 20 Aug 2020 02:34:32 +0000 (UTC) Received: from lists.linuxfoundation.org (lf-lists.osuosl.org [140.211.9.56]) by silver.osuosl.org (Postfix) with ESMTP id C56302078B; Thu, 20 Aug 2020 02:34:31 +0000 (UTC) Received: from lf-lists.osuosl.org (localhost [127.0.0.1]) by lists.linuxfoundation.org (Postfix) with ESMTP id 9FB0AC088E; Thu, 20 Aug 2020 02:34:31 +0000 (UTC) X-Original-To: ovs-dev@openvswitch.org Delivered-To: ovs-dev@lists.linuxfoundation.org Received: from hemlock.osuosl.org (smtp2.osuosl.org [140.211.166.133]) by lists.linuxfoundation.org (Postfix) with ESMTP id C68F7C07FF for <ovs-dev@openvswitch.org>; Thu, 20 Aug 2020 02:34:30 +0000 (UTC) Received: from localhost (localhost [127.0.0.1]) by hemlock.osuosl.org (Postfix) with ESMTP id B4D9488276 for <ovs-dev@openvswitch.org>; Thu, 20 Aug 2020 02:34:30 +0000 (UTC) X-Virus-Scanned: amavisd-new at osuosl.org Received: from hemlock.osuosl.org ([127.0.0.1]) by localhost (.osuosl.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id FnIbGKkr0hMw for <ovs-dev@openvswitch.org>; Thu, 20 Aug 2020 02:34:29 +0000 (UTC) X-Greylist: domain auto-whitelisted by SQLgrey-1.7.6 Received: from mx0a-002c1b01.pphosted.com (mx0a-002c1b01.pphosted.com [148.163.151.68]) by hemlock.osuosl.org (Postfix) with ESMTPS id E470C88265 for <ovs-dev@openvswitch.org>; Thu, 20 Aug 2020 02:34:28 +0000 (UTC) Received: from pps.filterd (m0127839.ppops.net [127.0.0.1]) by mx0a-002c1b01.pphosted.com (8.16.0.42/8.16.0.42) with SMTP id 07K2YS6a029355 for <ovs-dev@openvswitch.org>; Wed, 19 Aug 2020 19:34:28 -0700 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=nutanix.com; h=from : to : cc : subject : date : message-id : content-type : mime-version; s=proofpoint20171006; bh=8FL8XxwJMLFwAPmt44U1HKczd1rZWoz4qBWKtM8JXy0=; b=iuM5hBL7IjN2AtNJrsZjGsd1uRKxDKTg5Q1XjhdQ7e/PFaboY+vz7roDCdbXGPlmYGfr dn6Jk11+d7uoAZ0kch3d2iXCqDsZoDjHv0ZiFvapyDTNM7IUEgsCKrAfHL41tf/0irxx 4CmhiArr7WXZ5EVpNjU1nUHpX1bnvwGAY6R2SHwGs2pVY9d3/QrRvdiJS8mggECzKoA2 sFHwNC/BCTTV/opNXaNLRb/P/EmSw2YFxqybVvw0TBi+Ev1Ti6qOzUgsveX/cohrDRqy 2qQ8ziVP9MQCLAmuitpfzl8BfSdEdJUyEYJBTajx7q+OPUeqblxJReI2yjOxRFUMTvbW dw== Received: from nam11-dm6-obe.outbound.protection.outlook.com (mail-dm6nam11lp2172.outbound.protection.outlook.com [104.47.57.172]) by mx0a-002c1b01.pphosted.com with ESMTP id 3304nydbtb-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT) for <ovs-dev@openvswitch.org>; Wed, 19 Aug 2020 19:34:28 -0700 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=avTbvG/PpgV6en+PWTY1i2+d3u5cBApPDzZ8Skzi+moNitVNW6Gf/X5X81HGB3ZtDWKCTgiqawRtqbi/n4WUbk5OWWONg3qvzFvvD79RzU1voy5F3xwhIBjcIW5gyUcM5JKOnatyeGil4QfmBBfB0IB/GbjYXTL33Msc+p9zQrAhuzr7cHpIVDM3Scpg+tr9QjK6ioIFr/xs8j6eMc3OAMSKJwSVlMmos9aVtsZgjiBro9S68t6U93Ry3mZOtEuYZRPjlnWup5L6URe+20Ia5IVrXeSc0pLh42tvuOwh9SrBeANal80FphqzdfUYf1ee31PgL4DyqCSlUVm4ZSvX/Q== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=8FL8XxwJMLFwAPmt44U1HKczd1rZWoz4qBWKtM8JXy0=; b=LJf8yoEfW6aHxbOhZtpndGKk5ZqniBkrNLtgddc96R6COiLTdKA4Esmvus0Oj/cy9ygpQg1AauOMvzsleZDCd765vIfzX/dWdtbJYmZB2zFLVuHAbwSPg3lqMTAG6L7U7G9zMQ86FeDFNY5l/254fxa25gqQh6KcyLbehtP+23CjSipxhNwB3n3fiI3jglViP9fdjVwbi67++PGeRbweBKvR0SmKnJFgRbIgwHGmzNUWnO2adJMUgQMUZrSgdFyyh0yOAp8VI+I7A9JNHjCgbEDifJbwW1VweooTorxTLm/uVmDv7tJUNKvCoqswicun2ep7kNGr5XoXT7ohmH24dw== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=nutanix.com; dmarc=pass action=none header.from=nutanix.com; dkim=pass header.d=nutanix.com; arc=none Authentication-Results: openvswitch.org; dkim=none (message not signed) header.d=none;openvswitch.org; dmarc=none action=none header.from=nutanix.com; Received: from BY5PR02MB6881.namprd02.prod.outlook.com (2603:10b6:a03:21d::10) by BYAPR02MB4023.namprd02.prod.outlook.com (2603:10b6:a02:fa::14) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3283.18; Thu, 20 Aug 2020 02:34:21 +0000 Received: from BY5PR02MB6881.namprd02.prod.outlook.com ([fe80::bce2:ddd2:1359:8bb0]) by BY5PR02MB6881.namprd02.prod.outlook.com ([fe80::bce2:ddd2:1359:8bb0%9]) with mapi id 15.20.3283.028; Thu, 20 Aug 2020 02:34:21 +0000 From: Ankur Sharma <svc.mail.git@nutanix.com> To: ovs-dev@openvswitch.org Date: Wed, 19 Aug 2020 19:34:14 -0700 Message-Id: <1597890856-68849-1-git-send-email-svc.mail.git@nutanix.com> X-Mailer: git-send-email 1.8.3.1 X-ClientProxiedBy: BY5PR04CA0008.namprd04.prod.outlook.com (2603:10b6:a03:1d0::18) To BY5PR02MB6881.namprd02.prod.outlook.com (2603:10b6:a03:21d::10) MIME-Version: 1.0 X-MS-Exchange-MessageSentRepresentingType: 1 Received: from northd.localdomain (192.146.154.98) by BY5PR04CA0008.namprd04.prod.outlook.com (2603:10b6:a03:1d0::18) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3305.25 via Frontend Transport; Thu, 20 Aug 2020 02:34:20 +0000 X-Mailer: git-send-email 1.8.3.1 X-Originating-IP: [192.146.154.98] X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-Correlation-Id: 9793f7b5-c58e-47f4-ed1f-08d844b18b43 X-MS-TrafficTypeDiagnostic: BYAPR02MB4023: X-MS-Exchange-Transport-Forked: True X-Microsoft-Antispam-PRVS: <BYAPR02MB4023388647FF39A69A0A4D21D15A0@BYAPR02MB4023.namprd02.prod.outlook.com> x-proofpoint-crosstenant: true X-MS-Oob-TLC-OOBClassifiers: OLM:9508; X-MS-Exchange-SenderADCheck: 1 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: U9/arSB+L2LWn2mYCue1FFUHzStTtGCfXM6cCoQCrvHvpbDS+n69u6+oqI0acmPj0zfiLDGUTh3YlHSq2JhBFG72DVPiPj63YAUv8DWNzTNeoZINiCuef31SCigSLp5DEIPPvazT6G5/vT5Fcq5amjEh+HjZ19422fUpjIe+HlJWjmCkSBagObhk/k6dSbF/p//U3qi1WxOfXzECgQXRPLTIy3gh1JJiLgpOYDkX0w5I0nDeL+ok/ODsQQddJH79+FLky6f+wmnbUDDardugrJNd5QsVc2nOG9d/xdLAS95VMtU5nDPfCZtMpbci9KNp X-Forefront-Antispam-Report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:BY5PR02MB6881.namprd02.prod.outlook.com; PTR:; CAT:NONE; SFS:(4636009)(366004)(39860400002)(136003)(346002)(396003)(376002)(66476007)(86362001)(6512007)(66556008)(66946007)(66574015)(6506007)(36756003)(2906002)(6916009)(83380400001)(478600001)(107886003)(52116002)(956004)(6666004)(8676002)(16526019)(186003)(26005)(2616005)(316002)(6486002)(4326008)(5660300002)(8936002); DIR:OUT; SFP:1102; X-MS-Exchange-AntiSpam-MessageData: 1kmmYzvJNwnZO/1y4BWHYtUAdo08RXDEN0Rm1m2bqoKHoLzCqZPYQD10T9IYcd6oNJAQBKA5ZAxiOBXdW7yEpq574ROsjt3jzO/vod82cx8+NFRYN2yGSAew8ILfNzWRKaR9N5LQfOiS9IXeJLslh/NoIbgmTAwGJt0wfV96Ak6rjvL/rS5m7JFVeillv/Lq8Rxr/LFq8ddNGTAA4oWD5gCCl2TMz0euOy/XM9tEGl7fzBC14W0ecopLkg3xOx0L/iz+PPadw/0mYTKEA3EEGSphXDa4J6li+WNpDL5I+sNL2fXyl1ZdOCu089akJ1Y6Ie6CjsdgkZU7limZDJRZRV5dUrUI7xU3tp7AagEtykwxeHTuhjOjEwxnEu+po9jeGBDcXAtzk3jpqvSi9KTpGHZuSOyOQx35r/XJlpdQWU4OKzQDCgqz4KkZPvk5kmkxmIx2P0U2yI77lbLU00oFcXDUHpRlj0uHYDWYBnBrAOg5QOCgMIzz8klEQrtz7jKAEbqN8K2OzMW7sajRn6pJw3TbklLPox3cPEHiYnB66xk+oS2OFMcmMYAoF4oWBcmm8ojbG0I9Q6hzyCyrAbDAOZBKX0ZrYTR0j25CN6GuNDVVSK2sNQfagQXuJnybVwFw5wwvotVS8tRfx41LzKkxjw== X-OriginatorOrg: nutanix.com X-MS-Exchange-CrossTenant-Network-Message-Id: 9793f7b5-c58e-47f4-ed1f-08d844b18b43 X-MS-Exchange-CrossTenant-AuthSource: BY5PR02MB6881.namprd02.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 20 Aug 2020 02:34:21.3461 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: bb047546-786f-4de1-bd75-24e5b6f79043 X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: 77l6+lXci9RLPSqNm1kyjASA0wE8Rs/U9RihAdw4eAuTqw3bIzkcmRQjTCPYHwmyhS9T+S+wOIjThbPVz7aAxStYH0zu2oNyrgv0GjMJnno= X-MS-Exchange-Transport-CrossTenantHeadersStamped: BYAPR02MB4023 X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:6.0.235, 18.0.687 definitions=2020-08-19_13:2020-08-19, 2020-08-19 signatures=0 X-Proofpoint-Spam-Reason: safe Subject: [ovs-dev] [PATCH v5 0/2 ovn] External IP based NAT X-BeenThere: ovs-dev@openvswitch.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: <ovs-dev.openvswitch.org> List-Unsubscribe: <https://mail.openvswitch.org/mailman/options/ovs-dev>, <mailto:ovs-dev-request@openvswitch.org?subject=unsubscribe> List-Archive: <http://mail.openvswitch.org/pipermail/ovs-dev/> List-Post: <mailto:ovs-dev@openvswitch.org> List-Help: <mailto:ovs-dev-request@openvswitch.org?subject=help> List-Subscribe: <https://mail.openvswitch.org/mailman/listinfo/ovs-dev>, <mailto:ovs-dev-request@openvswitch.org?subject=subscribe> Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Errors-To: ovs-dev-bounces@openvswitch.org Sender: "dev" <ovs-dev-bounces@openvswitch.org> |
Series |
External IP based NAT
|
expand
|
From: Ankur Sharma <ankur.sharma@nutanix.com> Another term for this feature is destination based NAT, especially in the context of SNAT. Current NAT implementation is OVN endpoint ip based. For example, # ovn-nbctl lr-nat-list router TYPE EXTERNAL_IP LOGICAL_IP snat 10.15.24.135 50.0.0.0/24 # ovn-nbctl lr-route-list router IPv4 Routes 0.0.0.0/0 10.15.24.1 dst-ip Above configuration implies that anytime packet from 50.0.0.0/24 leaves logical router space (through default route), then it will be NATed. Similarly, if we remove the NAT rule, then packet from 50.0.0.0/24 leaves logical router space, without any NAT. i.e as of now in OVN, NAT/NON-NAT based communication from an endpoint with external ips is mutually exclusive. This feature allows external ips to be specified in NAT rule so that we can decide which external ips we want to apply a rule on. That ways a given source ip can talk to external ips with NAT and without NAT as well. One of the key usecases for this feature if a logical router has to talk to endpoints outside the logical router space (i.e NS traffic), but we dont have to do NAT for all the external endpoints. i.e logical router is peered to (some) external subnets, and non overlapping ips between logical router and external subnet space are ensured. Ankur Sharma (2): External IP based NAT: Add Columns and CLI External IP based NAT: NORTHD changes to use allowed/exempted external ip northd/ovn-northd.c | 101 +++++++++++++++++++++++++++++++++++++++++++ ovn-nb.ovsschema | 14 +++++- ovn-nb.xml | 48 +++++++++++++++++++++ tests/ovn-nbctl.at | 44 ++++++++++++++++++- tests/ovn-northd.at | 111 +++++++++++++++++++++++++++++++++++++++++++++++ utilities/ovn-nbctl.c | 116 +++++++++++++++++++++++++++++++++++++++++++++++++- 6 files changed, 430 insertions(+), 4 deletions(-)