Uploaded image for project: 'Fast Datapath Product'
  1. Fast Datapath Product
  2. FDP-1464

[OVN][BGP] Expose config to tweak whether distributed NAT IPs are advertised on all chassis.

XMLWordPrintable

    • Icon: Story Story
    • Resolution: Done-Errata
    • Icon: Major Major
    • None
    • None
    • ovn25.03
    • None
    • 5
    • False
    • Hide

      None

      Show
      None
    • False
    • Hide

      Given an OVN deployment that includes the new nat-local value for options:dynamic-routing-redistribute and a LR R is configured with options:dynamic-routing-redistribute=nat-local,

      When, R contains at least one distributed DNAT_and_SNAT rule whose logical_port is bound to chassis C and BGP advertisements are examined on every chassis in the topology,

      Then only C advertises the NAT external prefix belonging to that rule and no other chassis advertises the same prefix in BGP.

      Show
      Given an OVN deployment that includes the new nat-local value for options:dynamic-routing-redistribute and a LR R is configured with options:dynamic-routing-redistribute=nat-local, When, R contains at least one distributed DNAT_and_SNAT rule whose logical_port is bound to chassis C and BGP advertisements are examined on every chassis in the topology, Then only C advertises the NAT external prefix belonging to that rule and no other chassis advertises the same prefix in BGP.
    • ovn25.03-25.03.1-36.el9fdp
    • rhel-9
    • None
    • OVN FDP Sprint 7
    • 1
    • +

      Starting with OVN 25.03, OVN supports the "dynamic-routing-redistribute" option on logical routers/logical router ports.  Through this configuration users can specify whether OVN should advertise (install routes) into a Linux VRF attached to the configured logical router.

      Currently any combination (comma-separated) of the following values is supported:

      • "connected" - advertise logical router port networks
      • "connected-as-host" - advertise all IPs owned by a logical router (and connected logical switches and their ports) as host routes (/32 or /128)
      • "static" - advertise all static routes configured on the logical router
      • "lb" - advertise VIPs of load balancer configured on the router or adjacent logical routers
      • "nat" - advertise all SNAT and DNAT_and_SNAT IPs configured on the router or adjacent logical routers

      In the current implementation "distributed" DNAT_and_SNAT IPs are advertised from all chassis for which the logical router datapath is considered local (workloads of connected to the router are reachable through OVN from the chassis).

      A "distributed" DNAT_and_SNAT rule is configured by specifying all of the following:

      • external IP
      • internal IP
      • mac address to be used as source after SNAT
      • logical switch port, "LSP",  of the workload behind NAT

      OVN's implementation advertises routes for such NAT IPs on all chassis that consider the logical router datapath as "local".  There is a distinction though:

      1. on the chassis where "LSP" is bound (on the chassis where the workload is running) the route is advertised with a better metric
      2. on the chassis where the "LSP" is NOT bound the route is advertised with a worse metric

      The reason this has been chosen as implementation was to provide a level of redundancy at OVN level (through the overlay).

      However, in specific deployments (e.g., with the fabric consisting of a spine-leaf topology), this is not necessary and actually can affect optimal routing of packets in the fabric.

      The goal of this feature is to export a configuration option to the user that would allow users to choose to not advertise the route on chassis where the workload isn't running ("2" above).

      A potential way to configure this would be to add a new supported value for the dynamic-routing-redistribute option, e.g., "nat-local".

              dceara@redhat.com Dumitru Ceara
              dceara@redhat.com Dumitru Ceara
              Jianlin Shi Jianlin Shi
              Votes:
              0 Vote for this issue
              Watchers:
              4 Start watching this issue

                Created:
                Updated:
                Resolved: