Thanks Numan, adding SNAT rule worked for me. I think it is worth to add same logic for LB’s VIP to skip drop lflow.
I’ve submitted a patch: https://patchwork.ozlabs.org/project/ovn/patch/20220831130635.146270-1-odiv...@gmail.com/ If it is possible to consider it to be included in 22.09, it would be great as it's quite small but "nice to have" change set. I know that soft freeze is in progress, but maybe :). Regards, Vladislav Odintsov > On 31 Aug 2022, at 10:58, Numan Siddique <num...@ovn.org> wrote: > > On Wed, Aug 31, 2022 at 4:04 PM Numan Siddique <num...@ovn.org > <mailto:num...@ovn.org>> wrote: >> >> On Tue, Aug 30, 2022 at 5:42 AM Vladislav Odintsov <odiv...@gmail.com> wrote: >>> >>> Hi, >>> >>> I’ve got 1 LR, let say lr1. To this LR two LSs are connected: ls-int >>> (192.168.0.1/24) with VIF 192.168.0.10 and ls-ext (172.16.0.1/24). >>> On ls-ext’s GW LRP I’ve set gateway chassis. Localnet port is present in >>> ls-ext to connect lr1 to external network. >>> Also, I've created tcp load balancer: VIP=172.16.0.1:179 with backend >>> 192.168.0.10:179 and attached it to LR. >>> >>> Next in lr_in_ip_input stage this traffic is dropped as it is destined to >>> LRP’s IP. ovn-detrace showed explicit DROP lflow in lr_in_ip_input stage >>> (ip4.dst == {172.16.0.1}, action=drop). >>> I’ve also tried to attach LB to LS, but traffic coming from localnet port >>> skips conntrack in LS pipeline, IIUC. >>> >>> I wonder if having load balancer VIP’s IP part equal to DGP’s IP is not >>> supported? If it is so, why? >> >> It does support. But you need to add an SNAT entry to the logical router. >> >> Eg. ovn-nbctl lr-nat-add lr1 snat 172.16.0.1 192.168.0.1/24 >> >> I tested it and it works for me provided there is an SNAT entry for >> the router port ip connecting to the ls-ext. >> >> If you see the code here [2], the flow to drop the router ip in >> "lr_in_ip_input" is NOT added if the router ip is an SNAT ip. > > Maybe we should fix this in northd.c to not add the drop flow if the > router ip is used as VIP. > > Numan > >> >> [2] - https://github.com/ovn-org/ovn/blob/main/northd/northd.c#L10666 >> >> Thanks >> Numan >> >>> >>> [1]: >>> https://github.com/ovn-org/ovn/blob/a7c7d4519e5047232045881bf3af3788eb277a16/northd/northd.c#L5848-L5852 >>> >>> Regards, >>> Vladislav Odintsov >>> >>> _______________________________________________ >>> discuss mailing list >>> disc...@openvswitch.org >>> https://mail.openvswitch.org/mailman/listinfo/ovs-discuss
_______________________________________________ discuss mailing list disc...@openvswitch.org https://mail.openvswitch.org/mailman/listinfo/ovs-discuss
