On Tue, Aug 30, 2022 at 5:42 AM Vladislav Odintsov <odiv...@gmail.com> wrote:
>
> Hi,
>
> I’ve got 1 LR, let say lr1. To this LR two LSs are connected: ls-int
> (192.168.0.1/24) with VIF 192.168.0.10 and ls-ext (172.16.0.1/24).
> On ls-ext’s GW LRP I’ve set gateway chassis. Localnet port is present in
> ls-ext to connect lr1 to external network.
> Also, I've created tcp load balancer: VIP=172.16.0.1:179 with backend
> 192.168.0.10:179 and attached it to LR.
>
> Next in lr_in_ip_input stage this traffic is dropped as it is destined to
> LRP’s IP. ovn-detrace showed explicit DROP lflow in lr_in_ip_input stage
> (ip4.dst == {172.16.0.1}, action=drop).
> I’ve also tried to attach LB to LS, but traffic coming from localnet port
> skips conntrack in LS pipeline, IIUC.
>
> I wonder if having load balancer VIP’s IP part equal to DGP’s IP is not
> supported? If it is so, why?
It does support. But you need to add an SNAT entry to the logical router.
Eg. ovn-nbctl lr-nat-add lr1 snat 172.16.0.1 192.168.0.1/24
I tested it and it works for me provided there is an SNAT entry for
the router port ip connecting to the ls-ext.
If you see the code here [2], the flow to drop the router ip in
"lr_in_ip_input" is NOT added if the router ip is an SNAT ip.
[2] - https://github.com/ovn-org/ovn/blob/main/northd/northd.c#L10666
Thanks
Numan
>
> [1]:
> https://github.com/ovn-org/ovn/blob/a7c7d4519e5047232045881bf3af3788eb277a16/northd/northd.c#L5848-L5852
>
> Regards,
> Vladislav Odintsov
>
> _______________________________________________
> discuss mailing list
> disc...@openvswitch.org
> https://mail.openvswitch.org/mailman/listinfo/ovs-discuss
_______________________________________________
discuss mailing list
disc...@openvswitch.org
https://mail.openvswitch.org/mailman/listinfo/ovs-discuss
