Just wanted to add info on my ml2/ovs deployment, here are the two
routers and the instance info. Sorry for the wrapping.
$ openstack router show router1
+-------------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| Field | Value |
+-------------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| admin_state_up | UP |
| availability_zone_hints | |
| availability_zones | nova |
| created_at | 2024-02-16T16:00:30Z |
| description | |
| enable_ndp_proxy | None |
| external_gateway_info | {"network_id": "f472eb6f-c386-4e21-b601-45af4f30d0f1", "external_fixed_ips": [{"subnet_id": "eeb80f5c-79f2-4097-b5e7-54362a45e3cc", "ip_address": "172.24.4.172"}, {"subnet_id": "80f89407-a55a-43c2-9057-5742e79074b4", "ip_address": "2001:db8::3b9"}], |
| | "enable_snat": true} |
| flavor_id | None |
| id | 88534f12-a6e2-4ee2-9535-2b20e9fe2c22 |
| interfaces_info | [{"port_id": "39b0df38-05c5-4047-8550-f0791fa0ba3f", "ip_address": "fd87:4bf8:f6a8::1", "subnet_id": "d06ddf60-953b-4612-9e7b-25be42083bb0"}, {"port_id": "b4f00adf-7e7f-4fd1-ad8a-8557f30fdb46", "ip_address": "10.0.0.1", "subnet_id": |
| | "fcf1cc9d-cb61-4a41-95fb-2ca0ce0fad05"}] |
| name | router1 |
| project_id | c0101f76d7434045b1d0dc0bbec91a1a |
| revision_number | 7 |
| routes | destination='10.0.0.64/26', gateway='10.0.0.62' |
| status | ACTIVE |
| tags | |
| tenant_id | c0101f76d7434045b1d0dc0bbec91a1a |
| updated_at | 2024-02-16T16:44:30Z |
+-------------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
$ openstack router show router-nested
+-------------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| Field | Value |
+-------------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| admin_state_up | UP |
| availability_zone_hints | |
| availability_zones | nova |
| created_at | 2024-02-16T16:43:44Z |
| description | |
| enable_ndp_proxy | None |
| external_gateway_info | null |
| flavor_id | None |
| id | 73ce5997-1a90-4207-9ce0-e431eb967c00 |
| interfaces_info | [{"port_id": "9e13289b-3ff0-4dab-b75f-8475aea99d45", "ip_address": "10.0.0.65", "subnet_id": "1b1830c6-2740-4184-aab8-c7b96377a2aa"}, {"port_id": "ddead887-d5d3-405f-a737-dc4a3a3b1694", "ip_address": "10.0.0.62", "subnet_id": |
| | "fcf1cc9d-cb61-4a41-95fb-2ca0ce0fad05"}, {"port_id": "ddead887-d5d3-405f-a737-dc4a3a3b1694", "ip_address": "fd87:4bf8:f6a8:0:f816:3eff:fef7:1db8", "subnet_id": "d06ddf60-953b-4612-9e7b-25be42083bb0"}] |
| name | router-nested |
| project_id | c0101f76d7434045b1d0dc0bbec91a1a |
| revision_number | 4 |
| routes | destination='0.0.0.0/0', gateway='10.0.0.1' |
| status | ACTIVE |
| tags | |
| tenant_id | c0101f76d7434045b1d0dc0bbec91a1a |
| updated_at | 2024-02-16T16:44:36Z |
+-------------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
$ openstack server list
+--------------------------------------+--------------+--------+----------------------------------+--------------------------+---------+
| ID | Name | Status | Networks | Image | Flavor |
+--------------------------------------+--------------+--------+----------------------------------+--------------------------+---------+
| 073e51d6-9cde-49ac-b934-6f4bea985d13 | test_server1 | ACTIVE | private-network-nested=10.0.0.77 | cirros-0.6.2-x86_64-disk | m1.tiny |
+--------------------------------------+--------------+--------+----------------------------------+--------------------------+---------+
--
You received this bug notification because you are a member of Ubuntu
OpenStack, which is subscribed to neutron in Ubuntu.
https://bugs.launchpad.net/bugs/2051935
Title:
[OVN] SNAT only happens for subnets directly connected to a router
Status in neutron:
In Progress
Status in neutron package in Ubuntu:
New
Bug description:
I am trying to achieve the following scenario:
I have a VM attached to a router w/o external gateway (called project-
router) but with a default route which send all the traffic to another
router (transit router) which has an external gateway with snat
enabled and it is connected to a transit network 192.168.100.0/24
My VM is on 172.16.100.0/24, traffic hits the project-router thanks
to the default route gets redirected to the transit-router correctly,
here it gets into the external gateway but w/o being snat.
This is because in ovn I see that SNAT on this router is only enabled
for logical ip in 192.168.100.0/24 which is the subnet directly
connected to the router
# ovn-nbctl lr-nat-list neutron-6d1e6bb7-3949-43d1-8dac-dc55155b9ad8
TYPE EXTERNAL_IP EXTERNAL_PORT LOGICAL_IP EXTERNAL_MAC LOGICAL_PORT
snat 147.22.16.207 192.168.100.0/24
But I would like that this router snat all the traffic that hits it,
even when coming from a subnet not directly connected to it.
I can achieve this by setting in ovn the snat for 0.0.0.0/0
# ovn-nbctl lr-nat-add neutron-6d1e6bb7-3949-43d1-8dac-dc55155b9ad8
snat 147.22.16.207 0.0.0.0/0
# ovn-nbctl lr-nat-list neutron-6d1e6bb7-3949-43d1-8dac-dc55155b9ad8
TYPE EXTERNAL_IP EXTERNAL_PORT LOGICAL_IP EXTERNAL_MAC LOGICAL_PORT
snat 147.22.16.207 0.0.0.0/0
snat 147.22.16.207 192.168.100.0/24
But this workaround can be wiped if I run the neutron-ovn-db-sync-util
on any of the neutron-api unit.
Is there a way to achieve this via OpenStack? If not does it make
sense to have this as a new feature?
To manage notifications about this bug go to:
https://bugs.launchpad.net/neutron/+bug/2051935/+subscriptions