Hi, Justin! Sorry, didn't notice your reply
I will review this
Regards,
Ildar, network engineer
On Wed, Jul 24, 2024 at 6:07 PM Ildar Isangulov <
ildarvildanovich...@gmail.com> wrote:
> Hi Numan, thanks for your reply, here more details as you requested
>
> This is a structure of NAT table in the OVN NB Database in my production
> environment
>
> # ovn-nbctl --no-l list nat <some rule>
> _uuid :
> allowed_ext_ips :
> exempted_ext_ips : []
> external_ids :
> external_ip :
> external_mac : []
> external_port_range : ""
> gateway_port : []
> logical_ip :
> logical_port : []
> options : {}
> type :
>
> OVN version
>
> # ovn-nbctl -V
> ovn-nbctl 24.03.2
> Open vSwitch Library 3.3.0
> DB Schema 7.3.0
>
> So, my use case is to be able to create DNAT rules like this (example):
>
> A user connects via public IP and some port, let's say 22222, and the
> gateway does DNAT translation and modifies headers:
> public IP -> private IP of VM
> external port (22222) -> ssh tcp port (22)
>
> But OVN can do only 1:1 DNAT translations, in other words port 22222 to
> port 22222, and this way we can expose only one VM using one public IP
> address
>
> Solution, as shown in a guide I shared demonstrates how to solve this
> using load balancers, but I want to try a more lightweight solution for
> comparison.
>
> Regards,
> Ildar, network engineer
>
> On Wed, Jul 24, 2024 at 5:33 PM Numan Siddique <num...@ovn.org> wrote:
>
>> On Wed, Jul 24, 2024 at 9:41 AM Justin Lamp via discuss
>> <ovs-discuss@openvswitch.org> wrote:
>> >
>> > Hey,
>> >
>> > we would be in favor of that as well. It was actually possible to do
>> > such a thing in the past, but only due to a bug, and we unfortunately
>> > rely on that as many customers need to have ports from the routers
>> > public ip forwarded to their VPN appliance.
>> >
>> > https://github.com/ovn-org/ovn/issues/233
>> >
>> > Thanks and best regards,
>> > Justin Lamp
>> >
>> > Am 24.07.24 um 13:18 schrieb Ildar Isangulov via discuss:
>> > > Hi everyone!
>> > >
>> > > I would like to ask the community about the implementation of DNAT in
>> > > OVN. A few months ago, I read this topic
>> > > (https://www.flaviof.com/blog2/post/main/openstack-port-forwarding/).
>> > > Author shows how to configure DNAT translations using implementation
>> > > with Load-balancer.
>> > >
>> > > My question is: is it the only one way to do DNAT in OVN? Maybe there
>> > > is some way to configure it using either native nat rules on
>> > > logical-router or OVS logical-flows?
>>
>> Hi,
>>
>> I'm a little confused here. OVN does support DNAT in the logical router.
>> Please see the NAT table in the OVN NB Database.
>>
>> Also note that OVN implements NAT and load balancer features using OVS
>> conntrack.
>> So its essentially the same underneath.
>>
>> Can you please explain your use case in more detail?
>>
>> Thanks
>> Numan
>>
>> > >
>> > > Regards,
>> > > Ildar, network engineer
>> > >
>> > > _______________________________________________
>> > > discuss mailing list
>> > > disc...@openvswitch.org
>> > > https://mail.openvswitch.org/mailman/listinfo/ovs-discuss
>> >
>> >
>> >
>> > --
>> > Justin Lamp
>> > Systems Engineer
>> >
>> > NETWAYS Managed Services GmbH | Deutschherrnstr. 15-19 | D-90429
>> Nuernberg
>> > Tel: +49 911 92885-0 | Fax: +49 911 92885-77
>> > CEO: Julian Hein, Bernd Erk, Sebastian Saemann | AG Nuernberg HRB25207
>> > https://www.netways.de | justin.l...@netways.de
>> >
>> > ** Meet us at it-sa - https://www.netways.de/it-sa-2024/ **
>> > ** OSMC 2024 - November | Nuremberg - https://osmc.de **
>> > ** stackconf 2025 - Stay Tuned for 2025 - https://stackconf.eu **
>> > ** NETWAYS Web Services - https://nws.netways.de **
>> > ** NETWAYS Trainings - https://netways.de/trainings **
>> > _______________________________________________
>> > discuss mailing list
>> > disc...@openvswitch.org
>> > https://mail.openvswitch.org/mailman/listinfo/ovs-discuss
>>
>
_______________________________________________
discuss mailing list
disc...@openvswitch.org
https://mail.openvswitch.org/mailman/listinfo/ovs-discuss
