Re: 答复: [DVR config] Can we use drv_snat agent_mode in every compute node?
On 5/16/19 8:29 PM, Yi Yang (æ?¨ç??)-äº?æ??å?¡é??å?¢ wrote:
> Thanks Brian, your explanation clarified something, but I don't get the answer if we can have multiple compute nodes are configured to dvr_snat, for this case, SNAT IPs are obviously different. Why do we want to use network node if compute node can do everything?
There will only be one DVR SNAT IP allocated for a router on the
external network, and only one router scheduled using it, so having
dvr_snat mode on a compute node doesn't mean that North/South router
will be local, only the East/West portion might be.
Typically people choose to place these on separate systems since the
requirements of the role are different - network node could have fewer
cores and a 10G nic for higher bandwidth, compute node could have lots
of cores for instances but maybe a 1G nic. There's no reason you can't
run dvr_snat everywhere, I would just say it's not common.
> å??ä»¶äºº: Brian Haley [mailto:haleyb.dev at gmail.com]
> å??é??æ?¶é?´: 2019å¹´5æ??16æ?¥ 21:46
> æ?¶ä»¶äºº: Yi Yang (æ?¨ç??)-äº?æ??å?¡é??å?¢ <yangyi01 at inspur.com>
> æ??é??: openstack-discuss at lists.openstack.org
> ä¸»é¢?: Re: [DVR config] Can we use drv_snat agent_mode in every compute node?
> Hi Yi,
> I'm a little confused by the question, comments inline.
> On 5/15/19 11:47 PM, Yi Yang (æ?¨ç??)-äº?æ??å?¡é??å?¢ wrote:
>> Hi, folks
>> I saw somebody discussed distributed SNAT, but finally they didnâ??t
>> make agreement on how to implement distributed SNAT, my question is
>> can we use dvr_snat agent_mode in compute node? I understand dvr_snat
>> only does snat but doesnâ??t do east west routing, right? Can we set
>> dvr_snat and dvr in one compute node at the same time? It is
>> equivalent to distributed SNAT if we can set drv_snat in every compute
>> node, isnâ??t right? I know Opendaylight can do SNAT in compute node in
>> distributed way, but one external router only can run in one compute node.
> Distributed SNAT is not available in neutron, there was a spec proposed recently though, https://review.opendev.org/#/c/658414
> Regarding the agent_mode setting for L3, only one mode can be set at a time. Typically 'dvr_snat' is used on network nodes and 'dvr' on compute nodes because it leads to less resource usage (i.e. namespaces).
> The centralized part of the router hosting the default SNAT IP address will only be scheduled to one of the agents in 'dvr_snat' mode. All the DVR modes can do East/West routing when an instance is scheduled to the node, and two can do North/South - 'dvr_snat' using the default SNAT IP, and 'dvr' using a floating IP. 'dvr_no_external' can only do East/West.
> Hopefully that clarifies things.
>> I also see https://wiki.openstack.org/wiki/Dragonflow is trying to
>> implement distributed SNAT, what are technical road blocks for
>> distributed SNAT in openstack dvr? Do we have any good way to remove
>> these road blocks?
>> Thank you in advance and look forward to getting your replies and insights.
>> Also attached official drv configuration guide for your reference.
>> Valid Values
>> dvr, dvr_snat, legacy, dvr_no_external
>> The working mode for the agent. Allowed modes are: â??legacyâ?? - this
>> preserves the existing behavior where the L3 agent is deployed on a
>> centralized networking node to provide L3 services like DNAT, and SNAT.
>> Use this mode if you do not want to adopt DVR. â??dvrâ?? - this mode
>> enables DVR functionality and must be used for an L3 agent that runs
>> on a compute host. â??dvr_snatâ?? - this enables centralized SNAT support
>> in conjunction with DVR. This mode must be used for an L3 agent
>> running on a centralized node (or in single-host deployments, e.g. devstack).
>> â??dvr_no_externalâ?? - this mode enables only East/West DVR routing
>> functionality for a L3 agent that runs on a compute host, the
>> North/South functionality such as DNAT and SNAT will be provided by
>> the centralized network node that is running in â??dvr_snatâ?? mode. This
>> mode should be used when there is no external network connectivity on
>> the compute host.