Does that help answer the question? On Thu, 9 Mar 2023 at 16:09, Dan Williams <d...@redhat.com> wrote:
> On Wed, 2023-03-08 at 14:03 +0100, Charles Gibert via discuss wrote: > > Hi all, > > > > I am not sure this is the right place to ask about this here I go. I > > was wondering if ovn-kubernetes has some similar way to achieve what > > the Calico CNI does to disable NAT in egress. > > > > The Calico CNI or the AWS CNI have a way to disable NAT for a given > > CIDR like > > this https://github.ibm.com/palmetto/gateway/blob/develop/doc/k8s/vm. > > md#identity-ip-preservation-cni. And basically, you can play with > > couple of environment variables: > > * AWS_VPC_K8S_CNI_EXCLUDE_SNAT_CIDRS > > * AWS_VPC_K8S_CNI_EXTERNALSNAT > > I have been playing with openvswitch and the ovn CNI and I cannot > > find an equivalent. > > > > Sure you can play with the northbound database, remove the pod snat > > that you want to remove and add some policies to the > > ovn_cluster_router, but packets seem to eventually drop when exiting > > the node. > > > > Would you have some pointers for me to achieve the same functionality > > than calico or aws CNI but with OVN? > > ovnkube does not currently have a way to send traffic out of a node > without SNAT only if the destination is a specific subnet. > > It does have a feature to send all traffic for specific namespaces to > an external gateway(s) without SNAT, optionally using ECMP for > redundancy/balancing. You might be able to just specify the IP of the > cluster's default gateway (assuming all nodes are on the same L2) to do > what you want (though for all traffic not specific subnets). > > This uses the "k8s.ovn.org/routing-external-gws" Namespace annotation > whose value is a comma-separated list of IPv4 and/or IPv6 addresses. > > If you're interested in adding a feature to limit this to only specific > destination CIDRs others might find it useful. > > Does that help answer the question? > > Dan > > > > > Thanks in advance, and best regards, > > > > Charles > > > > _______________________________________________ > > discuss mailing list > > disc...@openvswitch.org > > https://mail.openvswitch.org/mailman/listinfo/ovs-discuss > >
_______________________________________________ discuss mailing list disc...@openvswitch.org https://mail.openvswitch.org/mailman/listinfo/ovs-discuss
