答复: [DVR config] Can we use drv_snat agent_mode in every compute node?

Yi Yang (杨燚)-云服务集团 yangyi01 at inspur.com
Fri May 17 00:26:08 UTC 2019


Slawomir, thanks a lot.

-----邮件原件-----
发件人: Slawomir Kaplonski [mailto:skaplons at redhat.com] 
发送时间: 2019年5月16日 18:01
收件人: Yi Yang (杨燚)-云服务集团 <yangyi01 at inspur.com>
抄送: openstack-discuss at lists.openstack.org
主题: Re: [DVR config] Can we use drv_snat agent_mode in every compute node?
重要性: 高

Hi,

According to documentation which You cited even "‘dvr_snat’ - this enables centralized SNAT support in conjunction with DVR”. So yes, dvr_snat will do both, SNAT mode as well as DVR for E-W traffic.
We are using it like that in some CI jobs for sure and it works.
But I’m not 100% sure that this is “production ready” solution.

> On 16 May 2019, at 05:47, Yi Yang (杨燚)-云服务集团 <yangyi01 at inspur.com> wrote:
> 
> Hi, folks
>  
> I saw somebody discussed distributed SNAT, but finally they didn’t make agreement on how to implement distributed SNAT, my question is can we use dvr_snat agent_mode in compute node? I understand dvr_snat only does snat but doesn’t do east west routing, right? Can we set dvr_snat and dvr in one compute node at the same time? It is equivalent to distributed SNAT if we can set drv_snat in every compute node, isn’t right? I know Opendaylight can do SNAT in compute node in distributed way, but one external router only can run in one compute node.
>  
> I also see https://wiki.openstack.org/wiki/Dragonflow is trying to implement distributed SNAT, what are technical road blocks for distributed SNAT in openstack dvr? Do we have any good way to remove these road blocks?
>  
> Thank you in advance and look forward to getting your replies and insights.
>  
> Also attached official drv configuration guide for your reference.
>  
> https://docs.openstack.org/neutron/stein/configuration/l3-agent.html
>  
> agent_mode¶
> Type
> string
> 
> Default
> legacy
> 
> Valid Values
> dvr, dvr_snat, legacy, dvr_no_external
> 
> The working mode for the agent. Allowed modes are: ‘legacy’ - this preserves the existing behavior where the L3 agent is deployed on a centralized networking node to provide L3 services like DNAT, and SNAT. Use this mode if you do not want to adopt DVR. ‘dvr’ - this mode enables DVR functionality and must be used for an L3 agent that runs on a compute host. ‘dvr_snat’ - this enables centralized SNAT support in conjunction with DVR. This mode must be used for an L3 agent running on a centralized node (or in single-host deployments, e.g. devstack). ‘dvr_no_external’ - this mode enables only East/West DVR routing functionality for a L3 agent that runs on a compute host, the North/South functionality such as DNAT and SNAT will be provided by the centralized network node that is running in ‘dvr_snat’ mode. This mode should be used when there is no external network connectivity on the compute host.
> 

— 
Slawek Kaplonski
Senior software engineer
Red Hat

-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 3600 bytes
Desc: not available
URL: <http://lists.openstack.org/pipermail/openstack-discuss/attachments/20190517/cc336bbb/attachment-0001.bin>


More information about the openstack-discuss mailing list