On 16 Jun 2026, at 9:22, Eelco Chaudron wrote:
> On 16 Jun 2026, at 4:52, Chanyeol Yoon wrote:
>
>> Native OVN BGP-EVPN only advertises addresses of ports that are directly
>> attached to an EVPN-enabled Logical Switch (VIFs and router ports). A
>> distributed dnat_and_snat NAT entry -- i.e. an OpenStack-style floating
>> IP -- exists only as a NAT rule on the Logical Router and has no port on
>> the provider Logical Switch, so its external_ip/external_mac never reach
>> Advertised_MAC_Binding and the FIP stays unreachable from the EVPN
>> fabric. This was raised on ovs-dev as an RFC and acknowledged as a
>> missing case rather than an intentional restriction.
>>
>> This series closes that gap:
>>
>> 1. northd populates Advertised_MAC_Binding on the provider Logical
>> Switch that carries the NAT's distributed gateway port, using the
>> NAT's external_ip/external_mac.
>> 2. ovn-controller injects those MACs into the EVPN advertise FDB so
>> FRR can emit the Type-2 MAC+IP route.
>>
>> It is gated by a new 'nat' token of the Logical Switch
>> dynamic-routing-redistribute option, independent of 'ip': 'ip' keeps
>> advertising VIF/router-port addresses, 'nat' opts in to floating IPs.
>> This mirrors the 'nat' token of the Logical_Router
>> dynamic-routing-redistribute option (same NAT entries, advertised as
>> EVPN Type-5 routes), and honors the per-NAT dynamic-routing-advertise
>> opt-out.
>>
>> Testing:
>> - tests/ovn-northd.at: new test for the 'nat' gating, independence from
>> 'ip', NAT add/remove, and the localnet requirement (a distributed FIP
>> is only "distributed" when the provider LS has a localnet port).
>> Inc-proc graph dump updated.
>> - Validated on a Kube-OVN / OVN 26.03.90 lab: with
>> dynamic-routing-redistribute=fdb,ip,nat an OpenStack FIP appears in
>> Advertised_MAC_Binding on the provider LS router port and is reachable
>> from the EVPN gateway (ping, 0% loss), alongside a direct-attach VM.
>>
>> Notes for review:
>> - en_advertised_mac_binding_sync now uses a recompute handler for the
>> northd input instead of a noop, because the node reads per-datapath
>> EVPN settings (VNI, redistribute tokens). A targeted incremental
>> handler could replace the full recompute later.
>> - Distributed FIPs are advertised on the provider-LS router port binding
>> (dgp->peer); locality vs. the workload chassis is a possible follow-up.
>>
>> Changes since v3:
>> - Resend with the correct "ovn" subject prefix. v1-v3 were sent with
>> the default "[PATCH ...]" prefix, so the 0-day robot tried to apply
>> them to the OVS tree and failed ("could not build fake ancestor").
>> - Restore the architecture.rst doc hunk that was unnecessarily dropped
>> in v3 (the drop was based on a wrong diagnosis of that failure).
>>
>> Changes since v1:
>> - Recorded a base-commit.
>>
>> Chanyeol Yoon (2):
>> northd: Advertise distributed NAT IPs over EVPN.
>> controller: Add Advertised_MAC_Binding to FDB.
>
>
> Hi Chanyeol,
>
> You need to repost this to OVN (see [0]), i.e., by adding the "[PATCH ovn]"
> prefix to your email subject. Otherwise, it will end up in the OVS tree.
>
> //Eelco
>
> [0]
> https://github.com/ovn-org/ovn/blob/main/Documentation/internals/contributing/submitting-patches.rst#email-subject
Sorry, ignore my email. I see you already did this in v4. I was replying too
quickly. :)
//Eelco
_______________________________________________
dev mailing list
[email protected]
https://mail.openvswitch.org/mailman/listinfo/ovs-dev
