On 02/01/2016 01:19 PM, Amitabha Biswas wrote: > This is a proposal regarding how Floating IP will be supported in > OpenStack using OVN. > > The complete proposal can also be found at > https://review.openstack.org/#/c/274274/. > > The additions proposed to the OVN Northbound Schema and Southbound Flows > are outlined here as well. The proposal assumes the availability of > conntrack NAT support in kernel. > > OVN Floating IP Design and Setup > ================================ > > OpenStack/Neutron provides support for "Floating IP" where a VM/container > can be accessed from the external network using that "Floating IP" > assigned > to the VM. Neutron provides a 1-1 mapping between the "Fixed IP" assigned > to > the VM and the "Floating IP". > > Floating IP support for OVN is provided by utilizing the NAT capabilities > provided by OVS. Inbound traffic is DNATed (Floating IP --> Fixed IP) and > outbound traffic is SNATed (Fixed IP --> Floating IP). > > In the example below Fixed IP=10.1.1.5 is mapped to FloatingIP=172.16.0.5 > > OVN Bridge Setup > ---------------- > > ------------ ------------ > | VM | |FloatingIP| > | 10.1.1.5 | |172.16.0.5| > | MAC[VM] | | MAC[FIP] | > ------|----- -----|----- > | [UP] [UP] | > ----------|----------------------------------------------------|-------- > | ---------------- | | > | | LSwitch | (BR-INT) | | > | | 10.1.1.X | | | > | | | | | > | |L2 Flow Tables| | | > | ---------------- | | > | \ | | > | lRouterPort \ lRouterPortExt | | > | 10.1.1.1 \ --------------------- | 172.16.0.2 | | > | MAC[PrvtRtr] \ { } | MAC[ExtRtr] | | > | \| LRouter | | | | > | | | | ------------------ | > | | Flow Tables | \ / | LSwitch | | > | | 10.1.1.X (Prv) |-------| (EXT) | | > | | 172.16.X.X (Ext) | | | | > | { 0.0.0.0 (Wildcard)} | L2 Flows | | > | --------------------- |(diff from norm)| | > | -----------------| | > | (localnet) | | > | (port) | | > ----------------------------------------------------------|------------- > | > ------------------ > | | > | (BR-EXT) | > | | > ------------------ > | > chassis | > [172.16.0.4] > --------- | > To Internet | | Physical Net | > <-------------| Phy |--------------------------------- > ... > | Router| 172.16.0.1 (default gateway) > | | > ---------
Thank you very much for your work on this. I believe you said you had some code for this already? What's your plan for the code? Are you waiting for the various pre-requisites to be merged first? (NAT support, OVN ARP) This proposal covers the case where we have floating IPs assigned directly to a hypervisor. That model seems beneficial primarily because it avoids needing to send all traffic through a gateway node. This is what Neutron supports today if you have DVR enabled. We've also been discussing an OVN gateway solution. I think we should figure out exactly how this proposal works with that. Would we also support floating IPs on OVN gateways instead of on each hypervisor? It seems that as long as we keep the logical and physical separation, the same northbound db configuration could be implemented both ways, depending on how the physical side has been configured (localnet ports like today, or a gateway). > OVN NorthDB Changes > =================== > > Map from VM Fixed IP to Floating IP, new options field in lport. > > Logical_Port TABLE > ------------------ > > Type: > floatingip: A port representing a Floating IP. > router-external: A connection to an External Logical Router. What is router-external used for? Is default_gw on Logical_Router not enough? Do you have an example workflow that shows how you would use this? > > Options: > Options for floating ip ports: > options: floatingip-port optional string > Required: The name of Logical_Port to which this Floating > IP port is connected. -- Russell Bryant _______________________________________________ dev mailing list dev@openvswitch.org http://openvswitch.org/mailman/listinfo/dev
