Re: [ovs-discuss] [ovn] distributed router port and distributed SNAT
> -Original Message- > From: Numan Siddique > Sent: Wednesday, September 23, 2020 11:12 PM > To: Tony Liu > Cc: ovs-discuss > Subject: Re: [ovs-discuss] [ovn] distributed router port and distributed > SNAT > > > > On Thu, Sep 24, 2020 at 10:14 AM Tony Liu <mailto:tonyliu0...@hotmail.com> > wrote: > > > Hi, > > I read through this long discussion [1]. > > Here is what I am doing. > > +--+ > |external logical switch | > +-+-++-+ > | || > +--+--+ +--+--+ +---++ > |dgp1 | |dgp2 | ... |dgp1000 | > +--+--+ +--+--+ +---++ > | || > +-+-+ +-+-+ +---+---+ > |LR1| |LR2| |LR1000 | > +---+ +---+ +---+ > > First of all, I see the same flow explosion in lr_in_arp_resolve > table. I'd like to confirm the patch [2] will also avoid explosion > in my case? > > > > > I think so. Maybe Han or Dumitru can confirm. I suggest that you test it > out yourself. > You can stop the neutron server and run a script which sets this option > on each logical router. > > something like > > for i in $(ovn-nbctl --bare --columns __uuid list logical_router) do > ovn-nbctl set logical_router $i > options:always_learn_from_arp_request=false > done > > > > In my case, LRs are not bound to any specific compute chassis. > All DGPs are bound on the central set of gateway chassis. > It's central SNAT and FIP. > > I am looking for the possibility to do distributed SNAT and FIP to > avoid central gateway nodes. With OpenStack integration, > distributed FIP is supported, but not distributed SNAT. because > there is not chassis specific address can be used as the source > IP for SNAT. > > > > > I don't think OVN supports distributed SNAT. > > > > Given the idea in [3], DPG can be bound on compute chassis. > I don't need the support to have multiple DPGs on one LR. > Then is that going to work for distributed SNAT? > Any details, like how to allocate chassis specific address > as the source IP for SNAT, and how ARP works for that address? > > > > I am not sure how easy is it going to support this. Two pieces here, 1) multiple DPG, 2) DPG binding. I know #1 is not supported, and I actually don't need it. Is #2 already supported? If yes, then distributed SNAT can be supported by that? Thanks! Tony > > Thanks > Numan > > > > [1] https://www.mail-archive.com/ovs- > disc...@openvswitch.org/msg06948.html > [2] https://www.mail-archive.com/ovs- > d...@openvswitch.org/msg45681.html > [3] https://www.mail-archive.com/ovs- > disc...@openvswitch.org/msg06987.html > > Thanks! > Tony > > ___ > discuss mailing list > disc...@openvswitch.org <mailto:disc...@openvswitch.org> > https://mail.openvswitch.org/mailman/listinfo/ovs-discuss > > ___ discuss mailing list disc...@openvswitch.org https://mail.openvswitch.org/mailman/listinfo/ovs-discuss
Re: [ovs-discuss] [ovn] distributed router port and distributed SNAT
On Thu, Sep 24, 2020 at 10:14 AM Tony Liu wrote: > Hi, > > I read through this long discussion [1]. > > Here is what I am doing. > > +--+ > |external logical switch | > +-+-++-+ > | || >+--+--+ +--+--+ +---++ >|dgp1 | |dgp2 | ... |dgp1000 | >+--+--+ +--+--+ +---++ > | || > +-+-+ +-+-+ +---+---+ > |LR1| |LR2| |LR1000 | > +---+ +---+ +---+ > > First of all, I see the same flow explosion in lr_in_arp_resolve > table. I'd like to confirm the patch [2] will also avoid explosion > in my case? > > I think so. Maybe Han or Dumitru can confirm. I suggest that you test it out yourself. You can stop the neutron server and run a script which sets this option on each logical router. something like for i in $(ovn-nbctl --bare --columns __uuid list logical_router) do ovn-nbctl set logical_router $i options:always_learn_from_arp_request=false done > In my case, LRs are not bound to any specific compute chassis. > All DGPs are bound on the central set of gateway chassis. > It's central SNAT and FIP. > > I am looking for the possibility to do distributed SNAT and FIP to > avoid central gateway nodes. With OpenStack integration, > distributed FIP is supported, but not distributed SNAT. because > there is not chassis specific address can be used as the source > IP for SNAT. > > I don't think OVN supports distributed SNAT. > Given the idea in [3], DPG can be bound on compute chassis. > I don't need the support to have multiple DPGs on one LR. > Then is that going to work for distributed SNAT? > Any details, like how to allocate chassis specific address > as the source IP for SNAT, and how ARP works for that address? > I am not sure how easy is it going to support this. Thanks Numan > > [1] https://www.mail-archive.com/ovs-discuss@openvswitch.org/msg06948.html > [2] https://www.mail-archive.com/ovs-dev@openvswitch.org/msg45681.html > [3] https://www.mail-archive.com/ovs-discuss@openvswitch.org/msg06987.html > > Thanks! > Tony > > ___ > discuss mailing list > disc...@openvswitch.org > https://mail.openvswitch.org/mailman/listinfo/ovs-discuss > > ___ discuss mailing list disc...@openvswitch.org https://mail.openvswitch.org/mailman/listinfo/ovs-discuss
[ovs-discuss] [ovn] distributed router port and distributed SNAT
Hi, I read through this long discussion [1]. Here is what I am doing. +--+ |external logical switch | +-+-++-+ | || +--+--+ +--+--+ +---++ |dgp1 | |dgp2 | ... |dgp1000 | +--+--+ +--+--+ +---++ | || +-+-+ +-+-+ +---+---+ |LR1| |LR2| |LR1000 | +---+ +---+ +---+ First of all, I see the same flow explosion in lr_in_arp_resolve table. I'd like to confirm the patch [2] will also avoid explosion in my case? In my case, LRs are not bound to any specific compute chassis. All DGPs are bound on the central set of gateway chassis. It's central SNAT and FIP. I am looking for the possibility to do distributed SNAT and FIP to avoid central gateway nodes. With OpenStack integration, distributed FIP is supported, but not distributed SNAT. because there is not chassis specific address can be used as the source IP for SNAT. Given the idea in [3], DPG can be bound on compute chassis. I don't need the support to have multiple DPGs on one LR. Then is that going to work for distributed SNAT? Any details, like how to allocate chassis specific address as the source IP for SNAT, and how ARP works for that address? [1] https://www.mail-archive.com/ovs-discuss@openvswitch.org/msg06948.html [2] https://www.mail-archive.com/ovs-dev@openvswitch.org/msg45681.html [3] https://www.mail-archive.com/ovs-discuss@openvswitch.org/msg06987.html Thanks! Tony ___ discuss mailing list disc...@openvswitch.org https://mail.openvswitch.org/mailman/listinfo/ovs-discuss
