Re: [ovs-discuss] [ovn] Unable to configure LB with same VIP as DGP's IP

Wed, 31 Aug 2022 00:58:37 -0700 

On Wed, Aug 31, 2022 at 4:04 PM Numan Siddique <num...@ovn.org> wrote:
>
> On Tue, Aug 30, 2022 at 5:42 AM Vladislav Odintsov <odiv...@gmail.com> wrote:
> >
> > Hi,
> >
> > I’ve got 1 LR, let say lr1. To this LR two LSs are connected: ls-int 
> > (192.168.0.1/24) with VIF 192.168.0.10 and ls-ext (172.16.0.1/24).
> > On ls-ext’s GW LRP I’ve set gateway chassis. Localnet port is present in 
> > ls-ext to connect lr1 to external network.
> > Also, I've created tcp load balancer: VIP=172.16.0.1:179 with backend 
> > 192.168.0.10:179 and attached it to LR.
> >
> > Next in lr_in_ip_input stage this traffic is dropped as it is destined to 
> > LRP’s IP. ovn-detrace showed explicit DROP lflow in lr_in_ip_input stage 
> > (ip4.dst == {172.16.0.1}, action=drop).
> > I’ve also tried to attach LB to LS, but traffic coming from localnet port 
> > skips conntrack in LS pipeline, IIUC.
> >
> > I wonder if having load balancer VIP’s IP part equal to DGP’s IP is not 
> > supported? If it is so, why?
>
> It does support.  But you need to add an SNAT entry to the logical router.
>
> Eg.  ovn-nbctl lr-nat-add lr1 snat 172.16.0.1 192.168.0.1/24
>
> I tested it and it works for me provided there is an SNAT entry for
> the router port ip connecting to the ls-ext.
>
> If you see the code here [2],  the flow to drop the router ip in
> "lr_in_ip_input" is NOT added if the router ip is an SNAT ip.

Maybe we should fix this in northd.c to not add the drop flow if the
router ip is used as VIP.

Numan

>
> [2] - https://github.com/ovn-org/ovn/blob/main/northd/northd.c#L10666
>
> Thanks
> Numan
>
> >
> > [1]: 
> > https://github.com/ovn-org/ovn/blob/a7c7d4519e5047232045881bf3af3788eb277a16/northd/northd.c#L5848-L5852
> >
> > Regards,
> > Vladislav Odintsov
> >
> > _______________________________________________
> > discuss mailing list
> > disc...@openvswitch.org
> > https://mail.openvswitch.org/mailman/listinfo/ovs-discuss
_______________________________________________
discuss mailing list
disc...@openvswitch.org
https://mail.openvswitch.org/mailman/listinfo/ovs-discuss

Reply via email to