git.net

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

答复: [DVR config] Can we use drv_snat agent_mode in every compute node?


Slawomir, thanks a lot.

-----é?®ä»¶å??件-----
å??件人: Slawomir Kaplonski [mailto:skaplons at redhat.com] 
å??é??æ?¶é?´: 2019å¹´5æ??16æ?¥ 18:01
æ?¶ä»¶äºº: Yi Yang (æ?¨ç??)-äº?æ??å?¡é??å?¢ <yangyi01 at inspur.com>
æ??é??: openstack-discuss at lists.openstack.org
主�: Re: [DVR config] Can we use drv_snat agent_mode in every compute node?
é??è¦?æ?§: é«?

Hi,

According to documentation which You cited even "â??dvr_snatâ?? - this enables centralized SNAT support in conjunction with DVRâ??. So yes, dvr_snat will do both, SNAT mode as well as DVR for E-W traffic.
We are using it like that in some CI jobs for sure and it works.
But Iâ??m not 100% sure that this is â??production readyâ?? solution.

> On 16 May 2019, at 05:47, Yi Yang (æ?¨ç??)-äº?æ??å?¡é??å?¢ <yangyi01 at inspur.com> wrote:
> 
> Hi, folks
>  
> I saw somebody discussed distributed SNAT, but finally they didnâ??t make agreement on how to implement distributed SNAT, my question is can we use dvr_snat agent_mode in compute node? I understand dvr_snat only does snat but doesnâ??t do east west routing, right? Can we set dvr_snat and dvr in one compute node at the same time? It is equivalent to distributed SNAT if we can set drv_snat in every compute node, isnâ??t right? I know Opendaylight can do SNAT in compute node in distributed way, but one external router only can run in one compute node.
>  
> I also see https://wiki.openstack.org/wiki/Dragonflow is trying to implement distributed SNAT, what are technical road blocks for distributed SNAT in openstack dvr? Do we have any good way to remove these road blocks?
>  
> Thank you in advance and look forward to getting your replies and insights.
>  
> Also attached official drv configuration guide for your reference.
>  
> https://docs.openstack.org/neutron/stein/configuration/l3-agent.html
>  
> agent_mode¶
> Type
> string
> 
> Default
> legacy
> 
> Valid Values
> dvr, dvr_snat, legacy, dvr_no_external
> 
> The working mode for the agent. Allowed modes are: â??legacyâ?? - this preserves the existing behavior where the L3 agent is deployed on a centralized networking node to provide L3 services like DNAT, and SNAT. Use this mode if you do not want to adopt DVR. â??dvrâ?? - this mode enables DVR functionality and must be used for an L3 agent that runs on a compute host. â??dvr_snatâ?? - this enables centralized SNAT support in conjunction with DVR. This mode must be used for an L3 agent running on a centralized node (or in single-host deployments, e.g. devstack). â??dvr_no_externalâ?? - this mode enables only East/West DVR routing functionality for a L3 agent that runs on a compute host, the North/South functionality such as DNAT and SNAT will be provided by the centralized network node that is running in â??dvr_snatâ?? mode. This mode should be used when there is no external network connectivity on the compute host.
> 

â?? 
Slawek Kaplonski
Senior software engineer
Red Hat

-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 3600 bytes
Desc: not available
URL: <http://lists.openstack.org/pipermail/openstack-discuss/attachments/20190517/cc336bbb/attachment-0001.bin>