On Tue, Oct 15, 2024 at 11:41 AM Ilya Maximets <[email protected]> wrote: > > On 10/15/24 15:51, Dumitru Ceara wrote: > > Hi all, > > > > We received a bug report from the ovn-kubernetes development team: > > https://issues.redhat.com/browse/FDP-871 > > > > Given a gateway router with load balancers attached to it. If: > > > > - the gateway router has a router port attached to multiple IP networks > > > > and > > > > - the router is configured with lb_force_snat_ip=router_ip (SNAT to the > > router IP configured on the interface the traffic is sent out on _if the > > packet has been load balanced_ [0]) > > > > Then ovn-northd cannot know which router IP should be used when SNAT-ing > > the packets going out. Today ovn-northd chooses the "first" IP. > > > > E.g., in a sandbox: > > > > ovn-nbctl lr-add lr -- set logical_router lr options:chassis=chassis-1 \ > > -- set logical_router lr options:lb_force_snat_ip=router_ip \ > > -- lrp-add lr lrp 00:00:00:00:00:01 1.1.1.1/24 2.2.2.2/24 \ > > -- ls-add ls \ > > -- lsp-add ls lsp -- lsp-set-type lsp router \ > > -- set logical_switch_port lsp options:router-port=lrp \ > > -- lb-add lb 42.42.42.42:80 43.43.43.43:80 tcp \ > > -- lr-lb-add lr lb > > > > northd logs: > > 2024-10-15T13:40:02.484Z|00010|northd|WARN|Logical router port "lrp" is > > configured with multiple IPv4 addresses. Only the first IP [1.1.1.1] is > > considered as SNAT for load balancer > > > > However, the problem is that NB.Logical_Router_Port.networks is a _set_ > > of strings (networks). Sets are unordered (it happens that ovsdb-server > > sorts them lexicographically but that's no guarantee) so the "first" > > value is not really something that can be controlled by the CMS. > > > > The only idea I could came up with until now to fix this is to add > > another version of the lb_force_snat_ip option but this time on the > > router port. This would allow the CMS to explicitly specify the SNAT IP > > individually, per port. However, that's an (ugly?) feature and won't be > > usable by ovn-kubernetes until OVN 25.03 is released, if we implement it. > > > > Does anyone have any other simpler and cleaner ideas about how we could > > allow the CMS to choose one of the router port IPs? > > Should we allow CMS to choose? Or can we make a decision based on the > chosen next hop? Your example above is not good for that, but in a > typical setup router will not route just random addresses, it will > route to next hops that match one of the router port networks. > > So, maybe we can look at the networks and choose IP that is in the same > network as the next hop the packet is going to? > > Today in case next hop doesn't belong to the output ports' networks, OVN > is choosing the "first" one. We can keep doing that, but choose the > one that matches otherwise. > > This should be backward compatible, as the current behavior is random. > > WDYT?
How about accepting the router port name as another value to options:lb_force_snat_ip i.e ovn-nbctl set logical_router lr options:lb_force_snat_ip=<router_port_name> Thanks Numan > > Best regards, Ilya Maximets. > > > > > Thanks, > > Dumitru > > > > [0] https://github.com/ovn-org/ovn/commit/c6e21a23bd8c > > > > _______________________________________________ > dev mailing list > [email protected] > https://mail.openvswitch.org/mailman/listinfo/ovs-dev > _______________________________________________ dev mailing list [email protected] https://mail.openvswitch.org/mailman/listinfo/ovs-dev
