On Sun, Dec 10, 2023 at 8:30 AM Vincent Godin via discuss <[email protected]> wrote: > > Hello, > > I attached a drawing of the infrastructure > > > To get a clearer understanding of the toplogy, is it possible to share the > > output of "ovn-nbctl show" of your 3 DCs ? > > On DC-1 > > root@dc-1-hyp01:~# ovn-nbctl show > switch 475972cc-f73b-49a4-8551-f1a89a1e48a5 > (neutron-fd415705-6cd5-4ea0-9864-d4b1dd9f789d) (aka provider-1) > port a96d7d78-c3a6-487e-91bc-10e97ccb3d9d > type: router > router-port: lrp-a96d7d78-c3a6-487e-91bc-10e97ccb3d9d > port provnet-a384e581-3e54-4e75-8219-193f8fcdcd70 > type: localnet > addresses: ["unknown"] > port ce1768b3-2da9-4160-97b8-89e1315cc870 > type: localport > addresses: ["fa:16:3e:70:82:6e 172.16.10.100"] > switch b185ef2e-1a56-4a62-bd88-34527b092a27 (sw-ts) > port to-lr-1 > type: router > router-port: to-sw-ts > port to-lr-2 > type: remote > addresses: ["aa:aa:aa:aa:aa:02 169.254.100.2/24"] > switch 31e35f66-2fe7-4868-9bc0-8defcf937de3 > (neutron-8d388975-101b-4c6f-8ae4-1f6f429c22f6) (aka net-1) > port 8b0fa59b-962d-4848-96e8-6b64bb483a56 > addresses: ["fa:16:3e:c4:b1:69 10.0.1.188"] > port 4eac4d9c-7de5-4f81-a73d-1bf44e312f73 > type: router > router-port: lrp-4eac4d9c-7de5-4f81-a73d-1bf44e312f73 > port 9317e6a9-6c00-4797-8cc9-d14ac35d3fa6 > type: localport > addresses: ["fa:16:3e:51:5a:4d 10.0.1.2"] > router 45178303-bd0e-40f1-b0db-b6508d6a491e > (neutron-d3cbe671-46a9-4596-a3d3-95882ed318b7) (aka lr-1) > port to-sw-ts > mac: "aa:aa:aa:aa:aa:01" > networks: ["169.254.100.1/24"] > gateway chassis: [9e963afb-b823-49f0-bb2a-7a55ffb27c62 > 1fec4429-b7e8-445a-a6ef-86bae79822a6] > port lrp-4eac4d9c-7de5-4f81-a73d-1bf44e312f73 > mac: "fa:16:3e:52:95:fd" > networks: ["10.0.1.1/24"] > port lrp-a96d7d78-c3a6-487e-91bc-10e97ccb3d9d > mac: "fa:16:3e:38:56:0b" > networks: ["172.16.10.181/24"] > gateway chassis: [1fec4429-b7e8-445a-a6ef-86bae79822a6 > 9e963afb-b823-49f0-bb2a-7a55ffb27c62] > nat 612c64ff-a593-42eb-bce4-b99f38c442c4 > external ip: "172.16.10.181" > logical ip: "10.0.1.0/24" > type: "snat" > > On DC-2 > > root@dc-2-hyp01:~# ovn-nbctl show > switch c506d9c0-0503-4c85-b8af-00f8e89407c2 > (neutron-80badf16-5ea3-4c63-8d23-d8f69b7bc661) (aka net-2) > port 0e11f6d3-c1b6-4acf-b34d-9027bc79d802 > type: localport > addresses: ["fa:16:3e:e1:55:a4 10.0.2.2"] > port edceb0d3-7c8d-427f-a0ea-fd3712fc6c4d > type: router > router-port: lrp-edceb0d3-7c8d-427f-a0ea-fd3712fc6c4d > port d4d9dc88-ea9e-4d80-b518-c271689dee48 > addresses: ["fa:16:3e:c3:cd:32 10.0.2.195"] > switch 8019d393-65ac-46b1-9a51-e34afea6ecba > (neutron-e19b0890-61e1-402a-b4e5-434bdfbc75b0) (aka provider-2) > port 941a8243-afa0-4f2d-abb1-2eddadd2a47a > type: router > router-port: lrp-941a8243-afa0-4f2d-abb1-2eddadd2a47a > port 60fad924-22f8-48f1-b85e-b5b63b3a3beb > type: localport > addresses: ["fa:16:3e:8f:72:94 172.16.20.100"] > port provnet-200da922-d22c-477b-9307-bc599d0307de > type: localnet > addresses: ["unknown"] > switch 1d8daf77-3636-4cce-96aa-e944ae5fe1aa (sw-ts) > port to-lr-1 > type: remote > addresses: ["aa:aa:aa:aa:aa:01 169.254.100.1/24"] > port to-lr-2 > type: router > router-port: to-sw-ts > router 33aee57e-beea-4347-9060-d70031e74d5c > (neutron-b761e5e4-7327-4cdf-b1d0-97c267fd52d7) (aka lr-2) > port to-sw-ts > mac: "aa:aa:aa:aa:aa:02" > networks: ["169.254.100.2/24"] > gateway chassis: [0527de7d-76e2-44c3-a35a-23f92336b662] > port lrp-edceb0d3-7c8d-427f-a0ea-fd3712fc6c4d > mac: "fa:16:3e:d9:b4:58" > networks: ["10.0.2.1/24"] > port lrp-941a8243-afa0-4f2d-abb1-2eddadd2a47a > mac: "fa:16:3e:29:b4:65" > networks: ["172.16.20.185/24"] > gateway chassis: [0527de7d-76e2-44c3-a35a-23f92336b662] > nat 6032cda0-5d42-406c-b3ba-c6a06727f02e > external ip: "172.16.20.185" > logical ip: "10.0.2.0/24" > type: "snat" > > From vm-1 with ip 10.0.1.188, i should ping the outside gateway 172.16.10.1 > (with a snat applied) and vm-2 on DC-2 10.0.2.195 via a geneve tunnel > > The original question was about the colocalization of port bingings > lrp-941a8243-afa0-4f2d-abb1-2eddadd2a47a and to-sw-ts on the same chassis ... > I'd like them to be tight together on the same chassis in case of a failure > > But as I tried to reproduce this case for you, I realise that no snat occurs > when vm-1 or vm-2 try to contact their external router (respectively > 172.16.10.1 and 172.16.20.1). I can see pacquets outgoing but without nat !!! > On the other hand, vm-1 is able to contact vm-2 > > 1 - Why snat is not applied ???
From the topology you shared, snat should have been applied. Maybe there is a static route or a router policy you've configured on lr-1/lr-2 ? You can perhaps run ovn-trace to figure out what's going on something like on DC-1 #ovn-trace --detailed net-1 'inport == "8b0fa59b-962d-4848-96e8-6b64bb483a56" && ip4.src == 10.0.1.188 && ip4.dst == 172.16.10.1 && eth.src == fa:16:3e:70:82:6e && eth.dst == fa:16:3e:52:95:fd && ip.ttl == 63' > 2 - In case of a failure, is it possible for the two ports to change of > chassis together ? (whis an older infrastrucuture, it seems that if port > lrp-a96d7d78-c3a6-487e-91bc-10e97ccb3d9d is bind to a chassis and port > to-sw-ts to an other, it will failed) If you make sure that the 2 gateway chassis you configured have the same priorities, then I think both the ports should be bound on the same chassis. Another alternative you can do is create a HA Chassis Group and use the same ha chassis group for both the logical ports. Note that if you use the HA chassis group, you cannot use gateway_chassis (see the commands below) Eg. ovn-nbctl ha-chassis-group-add hagrp1 ovn-nbctl ha-chassis-group-add-chassis hagrp1 ovn-chassis-1 50 ovn-nbctl ha-chassis-group-add-chassis hagrp1 ovn-chassis-2 40 hagrp1_uuid=$(ovn-nbctl --bare --columns _uuid list ha_chassis_group hagrp1) ovn-nbctl clear logical_router_port to-sw-ts gateway_chassis ovn-nbctl clear logical_router_port lrp-a96d7d78-c3a6-487e-91bc-10e97ccb3d9d gateway_chassis ovn-nbctl set logical_router_port to-sw-ts ha_chassis_group=$(hagrp1_uuid) ovn-nbctl set logical_router_port lrp-a96d7d78-c3a6-487e-91bc-10e97ccb3d9d ha_chassis_group=$(hagrp1_uuid) Hope this helps. Thanks Numan > > Vincent > _______________________________________________ > discuss mailing list > [email protected] > https://mail.openvswitch.org/mailman/listinfo/ovs-discuss _______________________________________________ discuss mailing list [email protected] https://mail.openvswitch.org/mailman/listinfo/ovs-discuss
