Slawomir, thanks a lot. -----邮件原件----- 发件人: Slawomir Kaplonski [mailto:skaplons@redhat.com] 发送时间: 2019年5月16日 18:01 收件人: Yi Yang (杨燚)-云服务集团 <yangyi01@inspur.com> 抄送: openstack-discuss@lists.openstack.org 主题: Re: [DVR config] Can we use drv_snat agent_mode in every compute node? 重要性: 高 Hi, According to documentation which You cited even "‘dvr_snat’ - this enables centralized SNAT support in conjunction with DVR”. So yes, dvr_snat will do both, SNAT mode as well as DVR for E-W traffic. We are using it like that in some CI jobs for sure and it works. But I’m not 100% sure that this is “production ready” solution.
On 16 May 2019, at 05:47, Yi Yang (杨燚)-云服务集团 <yangyi01@inspur.com> wrote:
Hi, folks
I saw somebody discussed distributed SNAT, but finally they didn’t make agreement on how to implement distributed SNAT, my question is can we use dvr_snat agent_mode in compute node? I understand dvr_snat only does snat but doesn’t do east west routing, right? Can we set dvr_snat and dvr in one compute node at the same time? It is equivalent to distributed SNAT if we can set drv_snat in every compute node, isn’t right? I know Opendaylight can do SNAT in compute node in distributed way, but one external router only can run in one compute node.
I also see https://wiki.openstack.org/wiki/Dragonflow is trying to implement distributed SNAT, what are technical road blocks for distributed SNAT in openstack dvr? Do we have any good way to remove these road blocks?
Thank you in advance and look forward to getting your replies and insights.
Also attached official drv configuration guide for your reference.
https://docs.openstack.org/neutron/stein/configuration/l3-agent.html
agent_mode¶ Type string
Default legacy
Valid Values dvr, dvr_snat, legacy, dvr_no_external
The working mode for the agent. Allowed modes are: ‘legacy’ - this preserves the existing behavior where the L3 agent is deployed on a centralized networking node to provide L3 services like DNAT, and SNAT. Use this mode if you do not want to adopt DVR. ‘dvr’ - this mode enables DVR functionality and must be used for an L3 agent that runs on a compute host. ‘dvr_snat’ - this enables centralized SNAT support in conjunction with DVR. This mode must be used for an L3 agent running on a centralized node (or in single-host deployments, e.g. devstack). ‘dvr_no_external’ - this mode enables only East/West DVR routing functionality for a L3 agent that runs on a compute host, the North/South functionality such as DNAT and SNAT will be provided by the centralized network node that is running in ‘dvr_snat’ mode. This mode should be used when there is no external network connectivity on the compute host.
— Slawek Kaplonski Senior software engineer Red Hat