Hi, My question is about doing NAT based on route lookup decision, not based on port. The ovn-nbctl would be the command line change to support that as you mentioned. So yes my question is more related to the ovs flow rules. If we were to make the change to do NAT based on route lookup, any available registers or bits in register we can use? Any general guideline on that so code change will be easily merged back to mainline if agreed by the community.
Thanks. Hexin From: Guru Shetty Date: Tuesday, April 25, 2017 at 8:57 AM To: Hexin Wang Cc: "[email protected]<mailto:[email protected]>", Manoj Sharma Subject: Re: [ovs-discuss] OVN knob to control floating IP NAT action On 24 April 2017 at 18:49, Hexin Wang <[email protected]<mailto:[email protected]>> wrote: If I were to qualify the NAT action based on some route lookup instead of outport, is there any bit/register available for me to carry the nat decision down in the pipeline? I think I no longer understand what we are talking about. It is very easy to miss context when writing. It looks like, you are a little more familiar now with what OVN supports. And it is likely that you want to do something else. ovn-nb is a database. There are details in 'man ovn-nb'. It currently lets users add NAT rules on a router. It also lets users add static routes on a router to decide where to send the packet next. ovn-nbctl has a few shortcut commands like lr-nat-add for common cases. But, there are also the basic database commands where you can create/set/remove/.. database entries anyway you like. So please try again to frame your question without depending on previous mails for context. With a clear example. Thanks. Hexin From: <[email protected]<mailto:[email protected]>> on behalf of Hexin Wang Date: Monday, April 24, 2017 at 2:57 PM To: Guru Shetty Cc: "[email protected]<mailto:[email protected]>" Subject: Re: [ovs-discuss] OVN knob to control floating IP NAT action Hi Guru, Thanks. You probably referred to the unit test "ovn -- DNAT and SNAT on distributed router - E/W" in tests/system-ovn.at<http://system-ovn.at>? Is there anyway for me to configure route based dnat_and_snat from ovn-nbctl? Specifically can I qualify the following command with some prefix routes? ovn-nbctl lr-nat-add R1 dnat_and_snat <public_ip> <private_ip> <lsp> <mac> Or maybe there is another way to achieve the same functionality? Regards, Hexin From: Guru Shetty Date: Monday, April 24, 2017 at 12:44 PM To: Hexin Wang Cc: "[email protected]<mailto:[email protected]>" Subject: Re: [ovs-discuss] OVN knob to control floating IP NAT action On 24 April 2017 at 11:39, Hexin Wang <[email protected]<mailto:[email protected]>> wrote: Hi Guru, Let me try with the following use cases. 1. No floating IP is used for east-west routing traffic. E.g. VM1 <-> VM2: Private IPs are used. No NAT applied. 2. Floating IP is used for south-north default route to internet traffic. E.g. VM originated internet traffic: SNAT is applied to change source IP to floating IP. UNSNAT is applied to change destination IP back to private IP. Yes. There are examples in tests/system-traffic.at<http://system-traffic.at> Thanks. Hexin From: Guru Shetty Date: Monday, April 24, 2017 at 11:34 AM To: Hexin Wang Cc: "[email protected]<mailto:[email protected]>" Subject: Re: [ovs-discuss] OVN knob to control floating IP NAT action On 24 April 2017 at 11:31, Hexin Wang <[email protected]<mailto:[email protected]>> wrote: Hi, Is there any knob in OVN to control when floating IP will be applied in the distributed NAT? Specifically: 1. If the destination IP is part of some private layer3 domain, the usual private IP is used to to reach the destination in the private layer3 domain. 2. If the destination IP is not part of the private layer3 domain but part of the public layer3 domain, the public IP (I.e. Floating IP) is used to replace the private IP address of the source packet. I don't understand what you mean above. Please re-phrase with the direction of the packet. Does OVN support this behavior today? Thanks. Hexin _______________________________________________ discuss mailing list [email protected]<mailto:[email protected]> https://mail.openvswitch.org/mailman/listinfo/ovs-discuss
_______________________________________________ discuss mailing list [email protected] https://mail.openvswitch.org/mailman/listinfo/ovs-discuss
