[DVR config] Can we use drv_snat agent_mode in every compute node?

Slawomir Kaplonski skaplons at redhat.com
Thu May 16 10:01:22 UTC 2019


According to documentation which You cited even "‘dvr_snat’ - this enables centralized SNAT support in conjunction with DVR”. So yes, dvr_snat will do both, SNAT mode as well as DVR for E-W traffic.
We are using it like that in some CI jobs for sure and it works.
But I’m not 100% sure that this is “production ready” solution.

> On 16 May 2019, at 05:47, Yi Yang (杨燚)-云服务集团 <yangyi01 at inspur.com> wrote:
> Hi, folks
> I saw somebody discussed distributed SNAT, but finally they didn’t make agreement on how to implement distributed SNAT, my question is can we use dvr_snat agent_mode in compute node? I understand dvr_snat only does snat but doesn’t do east west routing, right? Can we set dvr_snat and dvr in one compute node at the same time? It is equivalent to distributed SNAT if we can set drv_snat in every compute node, isn’t right? I know Opendaylight can do SNAT in compute node in distributed way, but one external router only can run in one compute node.
> I also see https://wiki.openstack.org/wiki/Dragonflow is trying to implement distributed SNAT, what are technical road blocks for distributed SNAT in openstack dvr? Do we have any good way to remove these road blocks?
> Thank you in advance and look forward to getting your replies and insights.
> Also attached official drv configuration guide for your reference.
> https://docs.openstack.org/neutron/stein/configuration/l3-agent.html
> agent_mode¶
> Type
> string
> Default
> legacy
> Valid Values
> dvr, dvr_snat, legacy, dvr_no_external
> The working mode for the agent. Allowed modes are: ‘legacy’ - this preserves the existing behavior where the L3 agent is deployed on a centralized networking node to provide L3 services like DNAT, and SNAT. Use this mode if you do not want to adopt DVR. ‘dvr’ - this mode enables DVR functionality and must be used for an L3 agent that runs on a compute host. ‘dvr_snat’ - this enables centralized SNAT support in conjunction with DVR. This mode must be used for an L3 agent running on a centralized node (or in single-host deployments, e.g. devstack). ‘dvr_no_external’ - this mode enables only East/West DVR routing functionality for a L3 agent that runs on a compute host, the North/South functionality such as DNAT and SNAT will be provided by the centralized network node that is running in ‘dvr_snat’ mode. This mode should be used when there is no external network connectivity on the compute host.

Slawek Kaplonski
Senior software engineer
Red Hat

More information about the openstack-discuss mailing list