From patchwork Mon Sep 7 20:56:43 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Ankur Sharma X-Patchwork-Id: 1359257 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=openvswitch.org (client-ip=140.211.166.133; helo=hemlock.osuosl.org; envelope-from=ovs-dev-bounces@openvswitch.org; receiver=) Authentication-Results: ozlabs.org; dmarc=fail (p=none dis=none) header.from=nutanix.com Authentication-Results: ozlabs.org; dkim=fail reason="signature verification failed" (2048-bit key; unprotected) header.d=nutanix.com header.i=@nutanix.com header.a=rsa-sha256 header.s=proofpoint20171006 header.b=CvJ2uFQi; dkim-atps=neutral Received: from hemlock.osuosl.org (smtp2.osuosl.org [140.211.166.133]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 4BlgbC5764z9sTK for ; Tue, 8 Sep 2020 06:57:43 +1000 (AEST) Received: from localhost (localhost [127.0.0.1]) by hemlock.osuosl.org (Postfix) with ESMTP id E002F8710E; Mon, 7 Sep 2020 20:57:41 +0000 (UTC) X-Virus-Scanned: amavisd-new at osuosl.org Received: from hemlock.osuosl.org ([127.0.0.1]) by localhost (.osuosl.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Vt952-u0WNbX; Mon, 7 Sep 2020 20:57:41 +0000 (UTC) Received: from lists.linuxfoundation.org (lf-lists.osuosl.org [140.211.9.56]) by hemlock.osuosl.org (Postfix) with ESMTP id 22802870E8; Mon, 7 Sep 2020 20:57:41 +0000 (UTC) Received: from lf-lists.osuosl.org (localhost [127.0.0.1]) by lists.linuxfoundation.org (Postfix) with ESMTP id 0F50BC0052; Mon, 7 Sep 2020 20:57:41 +0000 (UTC) X-Original-To: ovs-dev@openvswitch.org Delivered-To: ovs-dev@lists.linuxfoundation.org Received: from fraxinus.osuosl.org (smtp4.osuosl.org [140.211.166.137]) by lists.linuxfoundation.org (Postfix) with ESMTP id 52CFBC0051 for ; Mon, 7 Sep 2020 20:57:40 +0000 (UTC) Received: from localhost (localhost [127.0.0.1]) by fraxinus.osuosl.org (Postfix) with ESMTP id 3A02C86142 for ; Mon, 7 Sep 2020 20:57:40 +0000 (UTC) X-Virus-Scanned: amavisd-new at osuosl.org Received: from fraxinus.osuosl.org ([127.0.0.1]) by localhost (.osuosl.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id o19hO3Xt6kYr for ; Mon, 7 Sep 2020 20:57:39 +0000 (UTC) X-Greylist: domain auto-whitelisted by SQLgrey-1.7.6 Received: from mx0b-002c1b01.pphosted.com (mx0b-002c1b01.pphosted.com [148.163.155.12]) by fraxinus.osuosl.org (Postfix) with ESMTPS id ED68685F56 for ; Mon, 7 Sep 2020 20:57:38 +0000 (UTC) Received: from pps.filterd (m0127841.ppops.net [127.0.0.1]) by mx0b-002c1b01.pphosted.com (8.16.0.42/8.16.0.42) with SMTP id 087KsugY010092 for ; Mon, 7 Sep 2020 13:57:37 -0700 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=nutanix.com; h=from : to : cc : subject : date : message-id : content-type : mime-version; s=proofpoint20171006; bh=vlAv7FwTnhTpG/KNXtP7ioASsnBqpsqEIIpOmqTKCeU=; b=CvJ2uFQiQ3q+5fKnqyRiRVP+i74gC8b+Yx80OeRngg4YwDXPHFO93ydDv64FwYXi0LMY MpxcgYevLecgGt+m+7iKTeTxdYl0pyyfcc4wB9w7kOuQFrCem9NbczpYQDw5PjKtA7X+ IgZc9tO9GHOwfZvIpGfFQR/eWpB2YmDsTT/7xxQVDquTz41MsLBc1F8H3PbrgI/6uK/e WNfN+lT/fUJ7+0vqVT09RiFcmuvg2rjZdSsCcR27sGwnqfJ12Hlg353P9Fwk6Nw04HIZ AStnlNM/NsMCIKadLmG9JQ996QauTpH1X305YsJCf5neAQgAhcKHbJo8SEqlqPQisjTQ mQ== Received: from nam11-co1-obe.outbound.protection.outlook.com (mail-co1nam11lp2169.outbound.protection.outlook.com [104.47.56.169]) by mx0b-002c1b01.pphosted.com with ESMTP id 33c879v3f1-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT) for ; Mon, 07 Sep 2020 13:57:37 -0700 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=FPu0gdeiheVuHVveVc//CTf+WnOCzThq7AkessoTBJ+d2P7vTT3zwtVObjFS/YsZLS42Sqs8E0X1WuiQH4V4Ti9Srlv9m8wjVHgb6gQj+cw3qFnyRLTfW+TvCveG8TzCpNmauMwCk53hut/JeAUnYNpJ0reaGMaOpJEH5AV5fRYMryPnvhzbxHb1Y/seiXzBbWGoGp4rxLkg7AXwXUWHRaQBi31HSytH0z37spSQN2GK7TxDD0/0ZUw2gqeQxiaiQJzO4i38hX0beCOex9oe3/IjHvmE2TWMOQnQ5/Gx4q7Rbv8JM05mGfIWe1z3WDUzKux4F+fefEJ/HzTm+Xo+tw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=vlAv7FwTnhTpG/KNXtP7ioASsnBqpsqEIIpOmqTKCeU=; b=k67mwE71PXRHrdsTtW7B7ive/BE/sjE92Iam/GEELKwPbD3TRbIajO5y2Cw4+LFYFweJM2fYAUzFkFw3ZONsuAqShXJbRr+SWUP9kH9Kdk3wDgkv6MF+tyLQc9BWXorh+Wo3ik+HXwa8xG80tP/P/cEKMY+VZ+WpdilU5ktNkV8+pjQLjHUbuaO08PZPPGL/Jab/tn/AXB2885BYZfzr6ubX1tl/AjOSjNF6mTGCLNzXWCXM1sqSe5fDLMPRNfNp5VERM289AXHrExO1SaVhH/PsbZhNAHPUqS4FSk1DiqbELIU/clVsQPm90tvZSe8JtHIC01HNngJftxzaZ7RQGQ== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=nutanix.com; dmarc=pass action=none header.from=nutanix.com; dkim=pass header.d=nutanix.com; arc=none Authentication-Results: openvswitch.org; dkim=none (message not signed) header.d=none;openvswitch.org; dmarc=none action=none header.from=nutanix.com; Received: from BY5PR02MB6881.namprd02.prod.outlook.com (2603:10b6:a03:21d::10) by BY5PR02MB6706.namprd02.prod.outlook.com (2603:10b6:a03:208::22) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3348.15; Mon, 7 Sep 2020 20:57:34 +0000 Received: from BY5PR02MB6881.namprd02.prod.outlook.com ([fe80::bce2:ddd2:1359:8bb0]) by BY5PR02MB6881.namprd02.prod.outlook.com ([fe80::bce2:ddd2:1359:8bb0%8]) with mapi id 15.20.3348.019; Mon, 7 Sep 2020 20:57:34 +0000 From: Ankur Sharma To: ovs-dev@openvswitch.org Date: Mon, 7 Sep 2020 13:56:43 -0700 Message-Id: <1599512205-11041-1-git-send-email-svc.mail.git@nutanix.com> X-Mailer: git-send-email 1.8.3.1 X-ClientProxiedBy: BYAPR07CA0102.namprd07.prod.outlook.com (2603:10b6:a03:12b::43) To BY5PR02MB6881.namprd02.prod.outlook.com (2603:10b6:a03:21d::10) MIME-Version: 1.0 X-MS-Exchange-MessageSentRepresentingType: 1 Received: from northd.localdomain (192.146.154.98) by BYAPR07CA0102.namprd07.prod.outlook.com (2603:10b6:a03:12b::43) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3348.15 via Frontend Transport; Mon, 7 Sep 2020 20:57:34 +0000 X-Mailer: git-send-email 1.8.3.1 X-Originating-IP: [192.146.154.98] X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-Correlation-Id: edf1051e-abcf-434c-322a-08d85370a504 X-MS-TrafficTypeDiagnostic: BY5PR02MB6706: X-MS-Exchange-Transport-Forked: True X-Microsoft-Antispam-PRVS: x-proofpoint-crosstenant: true X-MS-Oob-TLC-OOBClassifiers: OLM:9508; X-MS-Exchange-SenderADCheck: 1 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: FzsrmaAxsvcg15z+PJU/U1wrvcVl6u9BTfTQ5ym/b9ufF5XKrfKQV2hbjfS3ONUwLxhgxF/Ddk9z/uII7K92PuPW4/hunkCgNQdJQwYcLV82c6jqCaOwQfcH5TZRtqjxJdoOVocEaxeP2tSfDXMAUKBvkmumsx2M5HF2l11GJCZM8+XT7amFeGkS16rO8sxFLybS7685O0dMvTK8Kuy8BSSS/QlJ81CCzP+i+XQpF2QFqeoGQmI40O9UX2O4TTqKtL6emuwTdJYSqICRQwIUZOeZaSmvXEe8Zc9njUjNn9wvc7C1J3rp7ln42tBsX6eKCRpTukpfrRj+1y2OdTpcZw== X-Forefront-Antispam-Report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:BY5PR02MB6881.namprd02.prod.outlook.com; PTR:; CAT:NONE; SFS:(39860400002)(136003)(366004)(396003)(346002)(376002)(52116002)(36756003)(26005)(6506007)(478600001)(5660300002)(4326008)(316002)(186003)(6666004)(16526019)(6916009)(66476007)(66946007)(107886003)(2616005)(956004)(2906002)(8936002)(66556008)(8676002)(83380400001)(6486002)(6512007)(86362001)(66574015); DIR:OUT; SFP:1102; X-MS-Exchange-AntiSpam-MessageData: ZwKRtKxBDScqigYPGYS3QklfxL5piqFmWQqBAmrlLHyr4ZKgv9oBF0f3HBB5vWqxzm3HNs1PyUUjHyIkUKPjU4Ez6uvtl103T2oS805ZMxeoiV2YCblEP9kN4dNrlalmE+fjXxNJW2hAGhRkQWc7CtlHyHmpYe0G5loZoV++wBRPgMv+TsZPzzuWR/YYrMjjyV3P5cAAInD1RGI/aZctSbmQqwa/g4kCW/IKudFvwA4LChfxInUd8Lwdca43b8Dia9ntqFXrwqKyJEcx6b6fkE3+pqEXutDV3eq3PMMBTixdZpZvg1AR+3eDUEzGfPt7zMJJ85oYcfgz8IZuXHsxy4MP23CuGs8bBn/gPJTzWOA5qxYWYMLxg+BjEh+YTb5zDg9vh4lfxbDjlc/m6erCwfP9P7tHJQZoq2g2rMsDCPFv3xTdoKBfHMfc+EuUtGdwqn2wqpigZlC32Hs7HS7f4kvgOkxCPI3WQlF1FJcNYq86zuUGHN9uYtZcaOqL+MHkYhACRPDag8mcueLwf2mdavfUzwuGmq8J2BMoACvfLwK514iNUB+xCL8/ix7wVelZyA6foo6OBa5zjV5jIssGNDSY+GB3fhHsROJhq+3rrsoWsBJU4XUwS7WeXmkZZ6w2JXKgsLkIOBrk/8NCdL2OxQ== X-OriginatorOrg: nutanix.com X-MS-Exchange-CrossTenant-Network-Message-Id: edf1051e-abcf-434c-322a-08d85370a504 X-MS-Exchange-CrossTenant-AuthSource: BY5PR02MB6881.namprd02.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 07 Sep 2020 20:57:34.5979 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: bb047546-786f-4de1-bd75-24e5b6f79043 X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: jz/nvd0Diq9h2mesZOTroKj/bJFInS7oyVZ9EJHB1m0VjocQKJ2W9uAHjwKoH8/Kvsc8bbKqNXbXzkd2tnmDEo8V3KjeSFdedFbkaDaktXA= X-MS-Exchange-Transport-CrossTenantHeadersStamped: BY5PR02MB6706 X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:6.0.235, 18.0.687 definitions=2020-09-07_11:2020-09-07, 2020-09-07 signatures=0 X-Proofpoint-Spam-Reason: safe Subject: [ovs-dev] [PATCH v6 0/2 ovn] External IP based NAT X-BeenThere: ovs-dev@openvswitch.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: ovs-dev-bounces@openvswitch.org Sender: "dev" From: Ankur Sharma Another term for this feature is destination based NAT, especially in the context of SNAT. Current NAT implementation is OVN endpoint ip based. For example, # ovn-nbctl lr-nat-list router TYPE EXTERNAL_IP LOGICAL_IP snat 10.15.24.135 50.0.0.0/24 # ovn-nbctl lr-route-list router IPv4 Routes 0.0.0.0/0 10.15.24.1 dst-ip Above configuration implies that anytime packet from 50.0.0.0/24 leaves logical router space (through default route), then it will be NATed. Similarly, if we remove the NAT rule, then packet from 50.0.0.0/24 leaves logical router space, without any NAT. i.e as of now in OVN, NAT/NON-NAT based communication from an endpoint with external ips is mutually exclusive. This feature allows external ips to be specified in NAT rule so that we can decide which external ips we want to apply a rule on. That ways a given source ip can talk to external ips with NAT and without NAT as well. One of the key usecases for this feature if a logical router has to talk to endpoints outside the logical router space (i.e NS traffic), but we dont have to do NAT for all the external endpoints. i.e logical router is peered to (some) external subnets, and non overlapping ips between logical router and external subnet space are ensured. Ankur Sharma (2): External IP based NAT: Add Columns and CLI External IP based NAT: NORTHD changes to use allowed/exempted external ip northd/ovn-northd.8.xml | 67 +++++++++++++++ northd/ovn-northd.c | 102 +++++++++++++++++++++++ ovn-nb.ovsschema | 14 +++- ovn-nb.xml | 48 +++++++++++ tests/ovn-nbctl.at | 44 +++++++++- tests/ovn-northd.at | 210 ++++++++++++++++++++++++++++++++++++++++++++++++ utilities/ovn-nbctl.c | 116 +++++++++++++++++++++++++- 7 files changed, 597 insertions(+), 4 deletions(-)