Ok, as I was asked about the case of 3 nested routers (i.e. a network on
a private subnet behind 3 total routers, 2 nested on their own private
networks), I've tested that as well. Same results - shows a clear
regression from ML2/OVS to OVN.
Again, I used devstack, this was the latest commit in the neutron tree
as these deployments were already running from last try:
$ git log -1
commit a8fe0cb369da7312cff2abb8f3e5902d359a6642
Merge: 2d74a93d68 d55c591ecd
Author: Zuul <z...@review.opendev.org>
Date: Wed Feb 14 15:59:24 2024 +0000
Merge "[OVN] A LRP in an external tunnelled network has no chassis"
# Create nested network
$ openstack network create private-network-nested
$ openstack subnet create --subnet-pool shared-default-subnetpool-v4 --network
private-network-nested private-subnet-nested
$ openstack router create router-nested
$ openstack router add subnet router-nested private-subnet-nested
$ openstack port create --network private --fixed-ip
subnet=private-subnet,ip-address=10.0.0.62 private-port
$ openstack router add port router-nested private-port
$ openstack router add route --route destination=10.0.0.64/26,gateway=10.0.0.62
router1
$ openstack router add route --route destination=0.0.0.0/0,gateway=10.0.0.1
router-nested
# Create nested network, 3-layers deep
$ openstack network create private-network-nested-3
$ openstack subnet create --subnet-pool shared-default-subnetpool-v4 --network
private-network-nested-3 private-subnet-nested-3
$ openstack router create router-nested-3
$ openstack router add subnet router-nested-3 private-subnet-nested-3
$ openstack port create --network private-network-nested --fixed-ip
subnet=private-subnet-nested,ip-address=10.0.0.126 private-port-2
$ openstack router add port router-nested-3 private-port-2
$ openstack router add route --route destination=0.0.0.0/0,gateway=10.0.0.65
router-nested-3
$ openstack router add route --route
destination=10.0.0.128/26,gateway=10.0.0.62 router1
$ openstack router add route --route
destination=10.0.0.128/26,gateway=10.0.0.126 router-nested
# Launch an instance on doubly-nested network
$ openstack server create --flavor 1 --image cirros-0.6.2-x86_64-disk
--key-name devstackkeypair --network private-network-nested-3
test_server1
# Open console of test_server1
# ping 8.8.8.8 (fail)
# Does not work with OVN
$ sudo ovn-nbctl lr-nat-list neutron-034efa05-5717-4e77-b131-b79920ec2a24
TYPE EXTERNAL_IP EXTERNAL_PORT LOGICAL_IP
EXTERNAL_MAC LOGICAL_PORT
snat 172.24.4.122 10.0.0.0/26
# Does work with OVN with the proposed patch
# ping 8.8.8.8 (success)
$ sudo ovn-nbctl lr-nat-list neutron-034efa05-5717-4e77-b131-b79920ec2a24
TYPE EXTERNAL_IP EXTERNAL_PORT LOGICAL_IP
EXTERNAL_MAC LOGICAL_PORT
snat 172.24.4.122 10.0.0.0/26
snat 172.24.4.122 10.0.0.128/26
snat 172.24.4.122 10.0.0.64/26
# Does work with ML2/OVS, running same exact commands as above.
# ping 8.8.8.8 (success)
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/2051935
Title:
[OVN] SNAT only happens for subnets directly connected to a router
To manage notifications about this bug go to:
https://bugs.launchpad.net/neutron/+bug/2051935/+subscriptions
--
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
