On 16 Jun 2026, at 4:52, Chanyeol Yoon wrote:
> Native OVN BGP-EVPN only advertises addresses of ports that are directly
> attached to an EVPN-enabled Logical Switch (VIFs and router ports). A
> distributed dnat_and_snat NAT entry -- i.e. an OpenStack-style floating
> IP -- exists only as a NAT rule on the Logical Router and has no port on
> the provider Logical Switch, so its external_ip/external_mac never reach
> Advertised_MAC_Binding and the FIP stays unreachable from the EVPN
> fabric. This was raised on ovs-dev as an RFC and acknowledged as a
> missing case rather than an intentional restriction.
>
> This series closes that gap:
>
> 1. northd populates Advertised_MAC_Binding on the provider Logical
> Switch that carries the NAT's distributed gateway port, using the
> NAT's external_ip/external_mac.
> 2. ovn-controller injects those MACs into the EVPN advertise FDB so
> FRR can emit the Type-2 MAC+IP route.
>
> It is gated by a new 'nat' token of the Logical Switch
> dynamic-routing-redistribute option, independent of 'ip': 'ip' keeps
> advertising VIF/router-port addresses, 'nat' opts in to floating IPs.
> This mirrors the 'nat' token of the Logical_Router
> dynamic-routing-redistribute option (same NAT entries, advertised as
> EVPN Type-5 routes), and honors the per-NAT dynamic-routing-advertise
> opt-out.
>
> Testing:
> - tests/ovn-northd.at: new test for the 'nat' gating, independence from
> 'ip', NAT add/remove, and the localnet requirement (a distributed FIP
> is only "distributed" when the provider LS has a localnet port).
> Inc-proc graph dump updated.
> - Validated on a Kube-OVN / OVN 26.03.90 lab: with
> dynamic-routing-redistribute=fdb,ip,nat an OpenStack FIP appears in
> Advertised_MAC_Binding on the provider LS router port and is reachable
> from the EVPN gateway (ping, 0% loss), alongside a direct-attach VM.
>
> Notes for review:
> - en_advertised_mac_binding_sync now uses a recompute handler for the
> northd input instead of a noop, because the node reads per-datapath
> EVPN settings (VNI, redistribute tokens). A targeted incremental
> handler could replace the full recompute later.
> - Distributed FIPs are advertised on the provider-LS router port binding
> (dgp->peer); locality vs. the workload chassis is a possible follow-up.
>
> Changes since v3:
> - Resend with the correct "ovn" subject prefix. v1-v3 were sent with
> the default "[PATCH ...]" prefix, so the 0-day robot tried to apply
> them to the OVS tree and failed ("could not build fake ancestor").
> - Restore the architecture.rst doc hunk that was unnecessarily dropped
> in v3 (the drop was based on a wrong diagnosis of that failure).
>
> Changes since v1:
> - Recorded a base-commit.
>
> Chanyeol Yoon (2):
> northd: Advertise distributed NAT IPs over EVPN.
> controller: Add Advertised_MAC_Binding to FDB.
Hi Chanyeol,
You need to repost this to OVN (see [0]), i.e., by adding the "[PATCH ovn]"
prefix to your email subject. Otherwise, it will end up in the OVS tree.
//Eelco
[0]
https://github.com/ovn-org/ovn/blob/main/Documentation/internals/contributing/submitting-patches.rst#email-subject
> .../topics/dynamic-routing/architecture.rst | 12 +++
> NEWS | 6 ++
> controller/neighbor.c | 38 +++++++
> lib/ovn-util.c | 3 +
> lib/ovn-util.h | 3 +-
> northd/en-advertised-route-sync.c | 101 ++++++++++++++++--
> northd/inc-proc-northd.c | 14 ++-
> ovn-nb.xml | 14 +++
> tests/ovn-inc-proc-graph-dump.at | 3 +-
> tests/ovn-northd.at | 93 ++++++++++++++++
> 10 files changed, 271 insertions(+), 16 deletions(-)
>
>
> base-commit: 655f7bfd84aec6afad7447693022a1180789b930
> --
> 2.54.0 (Apple Git-156)
> _______________________________________________
> dev mailing list
> [email protected]
> https://mail.openvswitch.org/mailman/listinfo/ovs-dev
_______________________________________________
dev mailing list
[email protected]
https://mail.openvswitch.org/mailman/listinfo/ovs-dev
