Hi Rosemarie, Ilya, On 3/21/25 3:47 PM, Ilya Maximets wrote: > On 3/19/25 17:02, Rosemarie O'Riorden wrote: >> When a gateway router has a load balancer configured, the option >> lb_force_snat_ip=router_ip can be set so that OVN SNATs load balanced >> packets to the logical router's egress interface's IP address, that is, the >> port chosen as "outport" in the lr_in_ip_routing stage. >> >> However, this was only designed to work when one network was configured >> on the logical router outport. When multiple networks were configured, >> OVN's behavior was to simply choose the lexicographically first IP address >> for >> SNAT. This often lead to an incorrect address being used for SNAT. >> >> To fix this, two main components have been added: >> 1. A new flag, flags.network_id. It is 4 bits and stores an index. >> 2. A new stage in the router ingress pipeline, lr_in_network_id. >> >> Now in the stage lr_in_network_id, OVN generates flows that assign >> flags.network_id with an index, which is chosen by looping through the >> networks >> on the port, and assigning flags.network_id = i. > > nit: "chosen by looping through the networks" doesn't actually explain how > they are being chosen. We should say something like: > > Now in the stage lr_in_network_id, OVN generates flows that assign > flags.network_id with an index, which is chosen by looping through the > networks > on the port, and selecting the one that contains IP of a next hop. > > There is a couple more nits below (mostly for the docs), but nothing major. > May probably be fixed on commit. With those addressed: > > Acked-by: Ilya Maximets <i.maxim...@ovn.org> > > To save some trouble, the following commit has the code nits addressed > and can be sqaushed in: > > https://github.com/igsilya/ovn/commit/1866f305f38d2bf9365102e000ceed377a6a1510 > > Best regards, Ilya Maximets. >
Thanks, for the bug fix! I made the suggested changes and pushed this to main, 25.03, 24.09 and 24.03. On branches 24.09 and 24.03 I didn't backport the "lb_force_snat_ip=router_ip one IPv6 address" test because we don't support LRPs with no explicit IP address configured on versions older than 25.03. On branch 24.03 I had to adapt the ovn-northd.at tests a bit because we don't have the ovn_strip_lflows helper there. Hope that's fine with you too. Regards, Dumitru _______________________________________________ dev mailing list d...@openvswitch.org https://mail.openvswitch.org/mailman/listinfo/ovs-dev
