Wuhongning, The code for forwarding traffic from a DVR serviced node to the default snat gw node is now included in the latest L-3 agent patch posted at (https://review.openstack.org/89413). It utilizes a combination of ip rules and ip routes to implement policy based routing for snat traffic. Carl's description is a very good representation of what it implements. Additional information is also available at (https://docs.google.com/document/d/1jCmraZGirmXq5V1MtRqhjdZCbUfiwBhRkUjDXGt5QUQ/edit)
thanks, -Rajeev. > -----Original Message----- > From: Narasimhan, Vivekanandan > Sent: Thursday, May 22, 2014 10:04 PM > To: OpenStack Development Mailing List (not for usage questions) > Cc: Grover, Rajeev; Smith, Michael (HPN R&D) > Subject: RE: [openstack-dev] [Neutron] Default routes to SNAT gateway > in DVR > > > Thanks Carl, for pitching in for us. > > As Carl said, this is the last detail that is being worked out. > > Wuhogning, > > I am requesting Rajeev and Mike(CC'ed) who are working in DVR SNAT to > post the document into to the blueprint link here, so that you can take > a look. > > https://blueprints.launchpad.net/neutron/+spec/neutron-ovs-dvr > > - > Thanks, > > Vivek > > > > -----Original Message----- > From: Carl Baldwin [mailto:c...@ecbaldwin.net] > Sent: Friday, May 23, 2014 3:57 AM > To: OpenStack Development Mailing List (not for usage questions) > Subject: Re: [openstack-dev] [Neutron] Default routes to SNAT gateway > in DVR > > Hi, > > I found this message in my backlog from when I was at the summit. > Sorry for the delay in responding. > > The "default SNAT" or "dynamic SNAT" use case is one of the last > details being worked in the DVR subteam. That may be why you do not > see any code around this in the patches that have been submitted. > Outbound traffic that will use this SNAT address will first enter the > IR on the compute host. In the IR, it will not match against any of > the static SNAT addresses for floating IPs. At that point the packet > will be redirected to another port belonging to the central component > of the DVR. This port has an IP address different from the default > gateway address (e.g. 192.168.1.2 instead of 192.168.1.1). At this > point, the packet will go back out to br-int and but tunneled over to > the network node just like any other intra-network traffic. > > Once the packet hits the central component of the DVR on the network > node it will be processed very much like default SNAT traffic is > processed in the current Neutron implementation. Another "interconnect > subnet" should not be needed here and would be overkill. > > I hope this helps. Let me know if you have any questions. > > Carl > > On Fri, May 16, 2014 at 1:57 AM, Wuhongning <wuhongn...@huawei.com> > wrote: > > Hi DVRers, > > > > I didn't see any detail documents or source code on how to deal with > > routing packet from DVR node to SNAT gw node. If the routing table > see > > a outside ip, it should be matched with a default route, so for the > > next hop, which interface will it select? > > > > Maybe another standalone "interconnect subnet" per DVR is needed, > > which connect each DVR node and optionally, the SNAT gw node. For > > packets from dvr > > node->snat node, the interconnect subnet act as the "default route" > > node->for this > > host, and the next hop will be the snat node. > > > > _______________________________________________ > > OpenStack-dev mailing list > > OpenStack-dev@lists.openstack.org > > http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev > > > > _______________________________________________ > OpenStack-dev mailing list > OpenStack-dev@lists.openstack.org > http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev _______________________________________________ OpenStack-dev mailing list OpenStack-dev@lists.openstack.org http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev