Public bug reported:
I am trying to achieve the following scenario:
I have a VM attached to a router w/o external gateway (called project-
router) but with a default route which send all the traffic to another
router (transit router) which has an external gateway with snat enabled
and it is connected to a transit network 192.168.100.0/24
My VM is on 172.16.100.0/24, traffic hits the project-router thanks to
the default route gets redirected to the transit-router correctly, here
it gets into the external gateway but w/o being snat.
This is because in ovn I see that SNAT on this router is only enabled
for logical ip in 192.168.100.0/24 which is the subnet directly
connected to the router
# ovn-nbctl lr-nat-list neutron-6d1e6bb7-3949-43d1-8dac-dc55155b9ad8
TYPE EXTERNAL_IP EXTERNAL_PORT LOGICAL_IP
EXTERNAL_MAC LOGICAL_PORT
snat 147.22.16.207 192.168.100.0/24
But I would like that this router snat all the traffic that hits it,
even when coming from a subnet not directly connected to it.
I can achieve this by setting in ovn the snat for 0.0.0.0/0
# ovn-nbctl lr-nat-add neutron-6d1e6bb7-3949-43d1-8dac-dc55155b9ad8 snat
147.22.16.207 0.0.0.0/0
# ovn-nbctl lr-nat-list neutron-6d1e6bb7-3949-43d1-8dac-dc55155b9ad8
TYPE EXTERNAL_IP EXTERNAL_PORT LOGICAL_IP
EXTERNAL_MAC LOGICAL_PORT
snat 147.22.16.207 0.0.0.0/0
snat 147.22.16.207 192.168.100.0/24
But this workaround can be wiped if I run the neutron-ovn-db-sync-util
on any of the neutron-api unit.
Is there a way to achieve this via OpenStack? If not does it make sense
to have this as a new feature?
** Affects: neutron
Importance: Undecided
Status: New
** Affects: neutron (Ubuntu)
Importance: Undecided
Status: New
** Description changed:
I am trying to achieve the following scenario:
I have a VM attached to a router w/o external gateway (called project-
router) but with a default route which send all the traffic to another
router (transit router) which has an external gateway with snat enabled
and it is connected to a transit network 192.168.100.0/24
My VM is on 172.16.100.0/24, traffic hits the project-router thanks to
the default route gets redirected to the transit-router correctly, here
it gets into the external gateway but w/o being snat.
- This is because in ovn since in ovn I see that in SNAT on that router is
- only enabled for logical ip in 192.168.100.0/24 which is the subnet
- directly connected to the router
+ This is because in ovn I see that SNAT on this router is only enabled
+ for logical ip in 192.168.100.0/24 which is the subnet directly
+ connected to the router
# ovn-nbctl lr-nat-list neutron-6d1e6bb7-3949-43d1-8dac-dc55155b9ad8
TYPE EXTERNAL_IP EXTERNAL_PORT LOGICAL_IP
EXTERNAL_MAC LOGICAL_PORT
snat 147.22.16.207 192.168.100.0/24
But I would like that this router snat all the traffic that hits it,
even when coming from a subnet not directly connected to it.
I can achieve this by setting in ovn the snat for 0.0.0.0/0
# ovn-nbctl lr-nat-add neutron-6d1e6bb7-3949-43d1-8dac-dc55155b9ad8 snat
147.22.16.207 0.0.0.0/0
# ovn-nbctl lr-nat-list neutron-6d1e6bb7-3949-43d1-8dac-dc55155b9ad8
TYPE EXTERNAL_IP EXTERNAL_PORT LOGICAL_IP
EXTERNAL_MAC LOGICAL_PORT
snat 147.22.16.207 0.0.0.0/0
snat 147.22.16.207 192.168.100.0/24
-
- But this workaround can be wiped if I run the neutron-ovn-db-sync-util on any
of the neutron-api unit.
+ But this workaround can be wiped if I run the neutron-ovn-db-sync-util
+ on any of the neutron-api unit.
Is there a way to achieve this via OpenStack? If not does it make sense
to have this as a new feature?
** Summary changed:
- [OVN] SNAT only happens for subnets directly connected to the router
+ [OVN] SNAT only happens for subnets directly connected to a router
** Also affects: neutron
Importance: Undecided
Status: New
--
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to neutron.
https://bugs.launchpad.net/bugs/2051935
Title:
[OVN] SNAT only happens for subnets directly connected to a router
Status in neutron:
New
Status in neutron package in Ubuntu:
New
Bug description:
I am trying to achieve the following scenario:
I have a VM attached to a router w/o external gateway (called project-
router) but with a default route which send all the traffic to another
router (transit router) which has an external gateway with snat
enabled and it is connected to a transit network 192.168.100.0/24
My VM is on 172.16.100.0/24, traffic hits the project-router thanks
to the default route gets redirected to the transit-router correctly,
here it gets into the external gateway but w/o being snat.
This is because in ovn I see that SNAT on this router is only enabled
for logical ip in 192.168.100.0/24 which is the subnet directly
connected to the router
# ovn-nbctl lr-nat-list neutron-6d1e6bb7-3949-43d1-8dac-dc55155b9ad8
TYPE EXTERNAL_IP EXTERNAL_PORT LOGICAL_IP
EXTERNAL_MAC LOGICAL_PORT
snat 147.22.16.207 192.168.100.0/24
But I would like that this router snat all the traffic that hits it,
even when coming from a subnet not directly connected to it.
I can achieve this by setting in ovn the snat for 0.0.0.0/0
# ovn-nbctl lr-nat-add neutron-6d1e6bb7-3949-43d1-8dac-dc55155b9ad8
snat 147.22.16.207 0.0.0.0/0
# ovn-nbctl lr-nat-list neutron-6d1e6bb7-3949-43d1-8dac-dc55155b9ad8
TYPE EXTERNAL_IP EXTERNAL_PORT LOGICAL_IP
EXTERNAL_MAC LOGICAL_PORT
snat 147.22.16.207 0.0.0.0/0
snat 147.22.16.207 192.168.100.0/24
But this workaround can be wiped if I run the neutron-ovn-db-sync-util
on any of the neutron-api unit.
Is there a way to achieve this via OpenStack? If not does it make
sense to have this as a new feature?
To manage notifications about this bug go to:
https://bugs.launchpad.net/neutron/+bug/2051935/+subscriptions
--
Mailing list: https://launchpad.net/~yahoo-eng-team
Post to : yahoo-eng-team@lists.launchpad.net
Unsubscribe : https://launchpad.net/~yahoo-eng-team
More help : https://help.launchpad.net/ListHelp
