Hello, we have a problem with ovn in connection with neutron dynamic routing (which is now supported with ovn). We can announce our internal networks via BGP and the VMs in this network can also be reached directly without nat. But if we attach a public floating ip to the internal self service network ip, we have some strange effects. The VM can still be reached via ping with both ips. But SSH for example only works via floating ip. I did some network traces and found that the return traffic is being natted even though no nat was applied on incoming way. From my point of view we need a conntrack marker which identifies traffic which was d-natted on incoming way and s-nat only those traffic on return way. Is it possible to implement something like this to fully support ovn with BGP announced networks which are directly reachable via routing?
Thanks for reply and best regards! Michael
_______________________________________________ discuss mailing list disc...@openvswitch.org https://mail.openvswitch.org/mailman/listinfo/ovs-discuss
