[lxc-devel] [lxd/master] network: Adds OVN ipv4.nat and ipv6.nat keys

tomponline on Github lxc-bot at linuxcontainers.org
Thu Oct 15 16:31:26 UTC 2020


A non-text attachment was scrubbed...
Name: not available
Type: text/x-mailbox
Size: 501 bytes
Desc: not available
URL: <http://lists.linuxcontainers.org/pipermail/lxc-devel/attachments/20201015/de84c796/attachment.bin>
-------------- next part --------------
From e67455914b5fe60c4a16c7a102518f3358df7ebf Mon Sep 17 00:00:00 2001
From: Thomas Parrott <thomas.parrott at canonical.com>
Date: Thu, 15 Oct 2020 17:29:57 +0100
Subject: [PATCH 1/3] api: Adds network_ovn_nat extension

Signed-off-by: Thomas Parrott <thomas.parrott at canonical.com>
---
 doc/api-extensions.md | 8 ++++++++
 shared/version/api.go | 1 +
 2 files changed, 9 insertions(+)

diff --git a/doc/api-extensions.md b/doc/api-extensions.md
index 06d84d4570..aac2f59bcf 100644
--- a/doc/api-extensions.md
+++ b/doc/api-extensions.md
@@ -1200,3 +1200,11 @@ allowed to be used in child OVN networks in their `ipv4.routes.external` and `ip
 
 Introduces the `restricted.networks.subnets` project setting that specifies which external subnets are allowed to
 be used by OVN networks inside the project (if not set then all routes defined on the uplink network are allowed).
+
+## network\_ovn\_nat
+Adds support for `ipv4.nat` and `ipv6.nat` settings on `ovn` networks.
+
+When creating the network if these settings are unspecified, and an equivalent IP address is being generated for
+the subnet, then the appropriate NAT setting will added set to `true`.
+
+If the setting is missing then the value is taken as `false`.
diff --git a/shared/version/api.go b/shared/version/api.go
index 9d9da206d9..b0bada4a3f 100644
--- a/shared/version/api.go
+++ b/shared/version/api.go
@@ -231,6 +231,7 @@ var APIExtensions = []string{
 	"storage_rsync_compression",
 	"network_type_physical",
 	"network_ovn_external_subnets",
+	"network_ovn_nat",
 }
 
 // APIExtensionsCount returns the number of available API extensions.

From 69e1cdff5f9b5e64db04ff731863b51c23f69251 Mon Sep 17 00:00:00 2001
From: Thomas Parrott <thomas.parrott at canonical.com>
Date: Thu, 15 Oct 2020 16:48:03 +0100
Subject: [PATCH 2/3] doc/networks: Adds ipv4.nat and ipv6.nat to OVN networks

Signed-off-by: Thomas Parrott <thomas.parrott at canonical.com>
---
 doc/networks.md | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/doc/networks.md b/doc/networks.md
index 3d972ddf72..6fb54fec4d 100644
--- a/doc/networks.md
+++ b/doc/networks.md
@@ -317,9 +317,11 @@ mtu                             | integer   | -                     | -
 parent                          | string    | -                     | -                         | Parent interface to create sriov NICs on
 vlan                            | integer   | -                     | -                         | The VLAN ID to attach to
 ipv4.gateway                    | string    | standard mode         | -                         | IPv4 address for the gateway and network (CIDR notation)
+ipv4.nat                        | boolean   | ipv4 address          | false                     | Whether to NAT (will default to true if unset and a random ipv4.address is generated)
 ipv4.ovn.ranges                 | string    | -                     | none                      | Comma separate list of IPv4 ranges to use for child OVN network routers (FIRST-LAST format)
 ipv4.routes                     | string    | ipv4 address          | -                         | Comma separated list of additional IPv4 CIDR subnets that can be used with child OVN networks ipv4.routes.external setting
 ipv6.gateway                    | string    | standard mode         | -                         | IPv6 address for the gateway and network  (CIDR notation)
+ipv6.nat                        | boolean   | ipv6 address          | false                     | Whether to NAT (will default to true if unset and a random ipv6.address is generated)
 ipv6.ovn.ranges                 | string    | -                     | none                      | Comma separate list of IPv6 ranges to use for child OVN network routers (FIRST-LAST format)
 ipv6.routes                     | string    | ipv6 address          | -                         | Comma separated list of additional IPv6 CIDR subnets that can be used with child OVN networks ipv6.routes.external setting
 dns.nameservers                 | string    | standard mode         | -                         | List of DNS server IPs on physical network

From 9d52d2f6597aa76df8dc7deb95903d2294cf3a21 Mon Sep 17 00:00:00 2001
From: Thomas Parrott <thomas.parrott at canonical.com>
Date: Thu, 15 Oct 2020 17:13:00 +0100
Subject: [PATCH 3/3] lxd/network/driver/ovn: Adds ipv4.nat and ipv6.nat
 support

NAT defaults to disabled if these settings are unset.

Signed-off-by: Thomas Parrott <thomas.parrott at canonical.com>
---
 lxd/network/driver_ovn.go | 14 ++++++++++++--
 1 file changed, 12 insertions(+), 2 deletions(-)

diff --git a/lxd/network/driver_ovn.go b/lxd/network/driver_ovn.go
index 0755b02580..a6dc816a7a 100644
--- a/lxd/network/driver_ovn.go
+++ b/lxd/network/driver_ovn.go
@@ -101,6 +101,8 @@ func (n *ovn) Validate(config map[string]string) error {
 		"ipv6.dhcp.stateful":   validate.Optional(validate.IsBool),
 		"ipv4.routes.external": validate.Optional(validate.IsNetworkV4List),
 		"ipv6.routes.external": validate.Optional(validate.IsNetworkV6List),
+		"ipv4.nat":             validate.Optional(validate.IsBool),
+		"ipv6.nat":             validate.Optional(validate.IsBool),
 		"dns.domain":           validate.IsAny,
 		"dns.search":           validate.IsAny,
 
@@ -1112,6 +1114,10 @@ func (n *ovn) FillConfig(config map[string]string) error {
 		}
 
 		config["ipv4.address"] = subnet
+
+		if config["ipv4.nat"] == "" {
+			config["ipv4.nat"] = "true"
+		}
 	}
 
 	if config["ipv6.address"] == "auto" {
@@ -1121,6 +1127,10 @@ func (n *ovn) FillConfig(config map[string]string) error {
 		}
 
 		config["ipv6.address"] = subnet
+
+		if config["ipv6.nat"] == "" {
+			config["ipv6.nat"] = "true"
+		}
 	}
 
 	return nil
@@ -1373,14 +1383,14 @@ func (n *ovn) setup(update bool) error {
 	}
 
 	// Add SNAT rules.
-	if routerIntPortIPv4Net != nil && routerExtPortIPv4 != nil {
+	if shared.IsTrue(n.config["ipv4.nat"]) && routerIntPortIPv4Net != nil && routerExtPortIPv4 != nil {
 		err = client.LogicalRouterSNATAdd(n.getRouterName(), routerIntPortIPv4Net, routerExtPortIPv4)
 		if err != nil {
 			return err
 		}
 	}
 
-	if routerIntPortIPv6Net != nil && routerExtPortIPv6 != nil {
+	if shared.IsTrue(n.config["ipv6.nat"]) && routerIntPortIPv6Net != nil && routerExtPortIPv6 != nil {
 		err = client.LogicalRouterSNATAdd(n.getRouterName(), routerIntPortIPv6Net, routerExtPortIPv6)
 		if err != nil {
 			return err


More information about the lxc-devel mailing list