Do not send traffic for local FIP through the overlay tunnels but manage it in the local hypervisor
Signed-off-by: Lorenzo Bianconi <[email protected]> --- Changes since v1: - update ovn-northd.8.xml --- ovn/northd/ovn-northd.8.xml | 7 +++++++ ovn/northd/ovn-northd.c | 13 +++++++++++++ 2 files changed, 20 insertions(+) diff --git a/ovn/northd/ovn-northd.8.xml b/ovn/northd/ovn-northd.8.xml index e6417220f..193aa210f 100644 --- a/ovn/northd/ovn-northd.8.xml +++ b/ovn/northd/ovn-northd.8.xml @@ -1890,6 +1890,13 @@ reg1 = <var>EIP1</var>; outport = <code>redirect-chassis-port</code>; <code>REGBIT_DISTRIBUTED_NAT = 1; next;</code>. </pre> + + <p> + Morover a priority-400 logical flow is configured for each + <code>dnat_and_snat</code> NAT rule configured in order to + not send traffic for local FIP through the overlay tunnels + but manage it in the local hypervisor + </p> </li> <li> diff --git a/ovn/northd/ovn-northd.c b/ovn/northd/ovn-northd.c index 0b0a96a3a..c3ab4d364 100644 --- a/ovn/northd/ovn-northd.c +++ b/ovn/northd/ovn-northd.c @@ -5222,6 +5222,19 @@ add_distributed_nat_routes(struct hmap *lflows, const struct ovn_port *op) continue; } + ds_put_format(&match, "inport == %s && " + "ip4.src == %s && ip4.dst == %s", + op->json_key, nat->logical_ip, nat->external_ip); + ds_put_format(&actions, "outport = %s; eth.dst = %s; " + REGBIT_DISTRIBUTED_NAT" = 1; " + REGBIT_NAT_REDIRECT" = 0; next;", + op->od->l3dgw_port->json_key, + nat->external_mac); + ovn_lflow_add(lflows, op->od, S_ROUTER_IN_IP_ROUTING, 400, + ds_cstr(&match), ds_cstr(&actions)); + ds_clear(&match); + ds_clear(&actions); + for (size_t j = 0; j < op->od->nbr->n_nat; j++) { const struct nbrec_nat *nat2 = op->od->nbr->nat[j]; -- 2.21.0 _______________________________________________ dev mailing list [email protected] https://mail.openvswitch.org/mailman/listinfo/ovs-dev
