On Fri, Apr 13, 2018 at 6:22 PM, Russell Bryant <russ...@ovn.org> wrote: > > On Fri, Apr 13, 2018 at 9:01 PM, Russell Bryant <russ...@ovn.org> wrote: > > On Fri, Apr 13, 2018 at 5:27 PM, Ben Pfaff <b...@ovn.org> wrote: > >> On Wed, Apr 11, 2018 at 07:44:25PM +0530, Anil Venkata wrote: > >>> vm created on a vlan tenant network is using geneve tunnel(between compute > >>> and gateway nodes) to reach external network. Because of this, we need to > >>> consider tunnelling overhead while assigning MTU for vlan network. Can we > >>> improve OVN to avoid tunnelling in this case. > >> > >> When OVN tunnels packets, the tunnel metadata includes information on > >> the logical network, logical input port, and logical output port. The > >> logical input port is only used for egress ACLs, so it could be omitted > >> if egress ACLs are constrained not to match on the logical input port. > >> The logical network and logical output port are still needed, though, so > >> to encode that in a VLAN they would have to add up to 12 bits or less. > >> That's pretty constraining. Do you have some idea for how to do it? > > > > I don't think ACLs are a factor here because it's actually the logical > > router pipeline forwarded the packet over a tunnel. The only logical > > switches involved are VLAN networks (a switch with a localnet port). > > > > The unexpected behavior here is that despite using all VLAN networks, > > a Geneve tunnel is used when the packet is sent to the L3 gateway node > > that's doing SNAT. Note that the type of router configured here is > > the hybrid-type, where routing is fully distributed in all cases > > except when NAT is required, then it gets redirected to a central > > point. That redirect is what we're seeing here. > > > > I've thought of two ways out of this: > > > > 1) In this scenario, if you really don't want any tunneling in use, > > configure a fully centralized router instead. The downside is that > > East-West routing will be centralized, as well. > > > > 2) Use two routers. ls1 (VLAN) with all ports for VMs <-> distributed > > east-west router <-> ls2 (VLAN) used just to interconnect the routers > > <-> centralized router for SNAT. The downside here is that you still > > lose the ability to bind floating IPs directly to compute nodes like > > today. > > > > 3) Figure out a way for OVN to do this redirect to the gateway host > > over a VLAN network. I suspect this isn't trivial and honestly > > haven't spent the time to figure out what it would take, but this does > > seem like the ideal behavior.
For the VLAN network to be used to redirect to a gateway, direct physical L2 connection is required, but Gateway router in OVN generally doesn't require L2 connection. > > > > -- > > Russell Bryant > > After an internal conversation on this topic, I wrote the following > doc to summarize what was observed and to capture ideas for next > steps: > > https://docs.google.com/document/d/1JecGIXPH0RAqfGvD0nmtBdEU1zflHACp8WSRnKCFSgg/edit?usp=sharing > > -- > Russell Bryant > _______________________________________________ > discuss mailing list > disc...@openvswitch.org > https://mail.openvswitch.org/mailman/listinfo/ovs-discuss
_______________________________________________ discuss mailing list disc...@openvswitch.org https://mail.openvswitch.org/mailman/listinfo/ovs-discuss
