Thank you very much Numan !
I will try with HA Chassis Group
For the snat problem, let me give you more informations :
on lr-1 :
root@dc-1-hyp01:~# ovn-nbctl lr-route-list
neutron-d3cbe671-46a9-4596-a3d3-95882ed318b7
IPv4 Routes
Route Table <main>:
10.0.2.0/24 169.254.100.2 dst-ip
0.0.0.0/0 172.16.10.1 dst-ip
root@dc-1-hyp01:~# ovn-nbctl lr-nat-list
neutron-d3cbe671-46a9-4596-a3d3-95882ed318b7
TYPE EXTERNAL_IP EXTERNAL_PORT LOGICAL_IP
EXTERNAL_MAC LOGICAL_PORT
snat 172.16.10.181 10.0.1.0/24
on lr-2 :
root@dc-2-hyp01:~# ovn-nbctl lr-route-list
neutron-b761e5e4-7327-4cdf-b1d0-97c267fd52d7
IPv4 Routes
Route Table <main>:
10.0.1.0/24 169.254.100.1 dst-ip
0.0.0.0/0 172.16.20.1 dst-ip
If i trace a icmp echo from the vm-1 (10.0.1.188) to the external gateway
(172.16.10.1)
root@dc-1-hyp01:~# ovn-trace --detail
neutron-8d388975-101b-4c6f-8ae4-1f6f429c22f6 'inport ==
"8b0fa59b-962d-4848-96e8-6b64bb483a56" && eth.src == fa:16:3e:c4:b1:69 &&
eth.dst == fa:16:3e:52:95:fd && ip4.src == 10.0.1.188 && ip4.dst ==
172.16.10.1 && ip.ttl == 32 && icmp4.type == 8'
#
icmp,reg14=0x3,vlan_tci=0x0000,dl_src=fa:16:3e:c4:b1:69,dl_dst=fa:16:3e:52:95:fd,nw_src=10.0.1.188,nw_dst=172.16.10.1,nw_tos=0,nw_ecn=0,nw_ttl=32,nw_frag=no,icmp_type=8,icmp_code=0
ingress(dp="net-1", inport="8b0fa5")
------------------------------------
0. ls_in_port_sec_l2 (northd.c:5652): inport == "8b0fa5" && eth.src ==
{fa:16:3e:c4:b1:69}, priority 50, uuid 6b1602aa
next;
1. ls_in_port_sec_ip (northd.c:5285): inport == "8b0fa5" && eth.src ==
fa:16:3e:c4:b1:69 && ip4.src == {10.0.1.188}, priority 90, uuid 95750115
next;
5. ls_in_pre_acl (northd.c:5915): ip, priority 100, uuid 95d1a153
reg0[0] = 1;
next;
7. ls_in_pre_stateful (northd.c:6095): reg0[0] == 1, priority 100, uuid
c49352e8
ct_next;
ct_next(ct_state=est|trk /* default (use --ct to customize) */)
---------------------------------------------------------------
8. ls_in_acl_hint (northd.c:6183): !ct.new && ct.est && !ct.rpl &&
ct_label.blocked == 0, priority 4, uuid 5ca5c0f2
reg0[8] = 1;
reg0[10] = 1;
next;
9. ls_in_acl (northd.c:6425): reg0[8] == 1 && (inport ==
@pg_b607165d_a4f0_4e04_adf3_20e37b08d39b && ip4 && ip4.dst == 0.0.0.0/0),
priority 2002, uuid 140ab284
next;
24. ls_in_l2_lkup (northd.c:8697): eth.dst == fa:16:3e:52:95:fd, priority
50, uuid aff910da
outport = "4eac4d";
output;
egress(dp="net-1", inport="8b0fa5", outport="4eac4d")
-----------------------------------------------------
0. ls_out_pre_acl (northd.c:5802): ip && outport == "4eac4d", priority
110, uuid f40a6c28
next;
1. ls_out_pre_lb (northd.c:5802): ip && outport == "4eac4d", priority 110,
uuid 62d9a6b5
next;
3. ls_out_acl_hint (northd.c:6183): !ct.new && ct.est && !ct.rpl &&
ct_label.blocked == 0, priority 4, uuid e20482b0
reg0[8] = 1;
reg0[10] = 1;
next;
9. ls_out_port_sec_l2 (northd.c:5749): outport == "4eac4d", priority 50,
uuid 2a82f83d
output;
/* output to "4eac4d", type "patch" */
ingress(dp="lr-1", inport="lrp-4eac4d")
---------------------------------------
0. lr_in_admission (northd.c:10984): eth.dst == fa:16:3e:52:95:fd &&
inport == "lrp-4eac4d", priority 50, uuid 980d0e4c
xreg0[0..47] = fa:16:3e:52:95:fd;
next;
1. lr_in_lookup_neighbor (northd.c:11147): 1, priority 0, uuid 9a8072c7
reg9[2] = 1;
next;
2. lr_in_learn_neighbor (northd.c:11156): reg9[2] == 1 || reg9[3] == 0,
priority 100, uuid 00d01e41
next;
10. lr_in_ip_routing_pre (northd.c:11382): 1, priority 0, uuid ea5d4e99
reg7 = 0;
next;
11. lr_in_ip_routing (northd.c:9861): ip4.dst == 172.16.10.0/24, priority
74, uuid d7f6b4a7
ip.ttl--;
reg8[0..15] = 0;
reg0 = ip4.dst;
reg1 = 172.16.10.181;
eth.src = fa:16:3e:38:56:0b;
outport = "lrp-a96d7d";
flags.loopback = 1;
next;
12. lr_in_ip_routing_ecmp (northd.c:11458): reg8[0..15] == 0, priority 150,
uuid c21651eb
next;
13. lr_in_policy (northd.c:11592): 1, priority 0, uuid 9f549b6b
reg8[0..15] = 0;
next;
14. lr_in_policy_ecmp (northd.c:11594): reg8[0..15] == 0, priority 150,
uuid e4edbcc2
next;
15. lr_in_arp_resolve (northd.c:11628): ip4, priority 0, uuid 9f8d9d70
get_arp(outport, reg0);
/* MAC binding to 52:54:00:7c:33:5f. */
next;
18. lr_in_gw_redirect (northd.c:12195): outport == "lrp-a96d7d", priority
50, uuid e44a4ccc
outport = "cr-lrp-a96d7d";
next;
19. lr_in_arp_request (northd.c:12312): 1, priority 0, uuid 42bc76bc
output;
/* Replacing type "chassisredirect" outport "cr-lrp-a96d7d" with
distributed port "lrp-a96d7d". */
egress(dp="lr-1", inport="lrp-4eac4d", outport="lrp-a96d7d")
------------------------------------------------------------
0. lr_out_chk_dnat_local (northd.c:13552): 1, priority 0, uuid a357b242
reg9[4] = 0;
next;
6. lr_out_delivery (northd.c:12359): outport == "lrp-a96d7d", priority
100, uuid 4e4c0628
output;
/* output to "lrp-a96d7d", type "patch" */
ingress(dp="provider-1", inport="a96d7d")
-----------------------------------------
0. ls_in_port_sec_l2 (northd.c:5652): inport == "a96d7d", priority 50,
uuid 864a69e7
next;
6. ls_in_pre_lb (northd.c:5799): ip && inport == "a96d7d", priority 110,
uuid db7797ba
next;
24. ls_in_l2_lkup (northd.c:7895): 1, priority 0, uuid d363bed8
outport = get_fdb(eth.dst);
next;
25. ls_in_l2_unknown (northd.c:7899): outport == "none", priority 50, uuid
b38c4866
outport = "_MC_unknown";
output;
multicast(dp="provider-1", mcgroup="_MC_unknown")
-------------------------------------------------
egress(dp="provider-1", inport="a96d7d", outport="provnet-a384e5")
------------------------------------------------------------------
1. ls_out_pre_lb (northd.c:5802): ip && outport ==
"provnet-a384e5", priority 110, uuid 54759c1d
next;
9. ls_out_port_sec_l2 (northd.c:5749): outport ==
"provnet-a384e5", priority 50, uuid 7ddf1120
output;
/* output to "provnet-a384e5", type "localnet" */
The paquet is well send to the external interface but no snat applied !
Vincent
_______________________________________________
discuss mailing list
disc...@openvswitch.org
https://mail.openvswitch.org/mailman/listinfo/ovs-discuss
