Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

incusd/network/ovn/nb: Port DeleteLogicalRouter and LogicalRouterSNAT (WIP) #809

Merged
merged 3 commits into from
May 1, 2024
Merged

incusd/network/ovn/nb: Port DeleteLogicalRouter and LogicalRouterSNAT (WIP) #809

merged 3 commits into from
May 1, 2024

Conversation

Abhiram824
Copy link
Contributor

No description provided.

@Abhiram824 Abhiram824 mentioned this pull request Apr 30, 2024
Closed
@stgraber
Copy link
Member

stgraber commented May 1, 2024

Did a few changes:

  • Merged both commits together
  • Split the two functions into separate commits
  • Added check for logical router being already removed
  • Removed the old LogicalRouterDelete and CreateLogicalRouterSNAT functions
  • Added a commit to update usage of the old functions

@stgraber
Copy link
Member

stgraber commented May 1, 2024

The NAT logic looks wrong.

The way things are stored in OVN is that each NAT rule belongs in the NAT table (ovnNB.NAT) and is referenced by its UUID from the LogicalRouter table. The logic you've added seems to assume that the external IP is directly part of the NAT field.

I'll take a quick stab at rewriting the logic. Basically I expect we need to:

  • Get the LogicalRouter (that part is already there)
  • Iterate over logicalRouter.NAT and fetch those entries from the DB
  • Check if a matching entry already exists, if it does and mayExist is set, return, if it does and mayExist isn't set, return an error
  • Create a new NAT table entry, add it to the DB and add a reference to it to the LogicalRouter

@stgraber
Copy link
Member

stgraber commented May 1, 2024

Confirmed our test suite caught the bad logic, so at least I can use that to confirm my implementation works :)

Error: Failed adding router IPv4 SNAT rule: Wrong parameter type (*ovsmodel.LogicalRouter): Expected pointer to slice of valid Models

@stgraber
Copy link
Member

stgraber commented May 1, 2024

Updated the SNAT function to do what I described above. I've got the testsuite running now to make sure it didn't regress anything.

@stgraber stgraber marked this pull request as ready for review May 1, 2024 02:37
@Abhiram824
Copy link
Contributor Author

The NAT logic looks wrong.

The way things are stored in OVN is that each NAT rule belongs in the NAT table (ovnNB.NAT) and is referenced by its UUID from the LogicalRouter table. The logic you've added seems to assume that the external IP is directly part of the NAT field.

I'll take a quick stab at rewriting the logic. Basically I expect we need to:

  • Get the LogicalRouter (that part is already there)
  • Iterate over logicalRouter.NAT and fetch those entries from the DB
  • Check if a matching entry already exists, if it does and mayExist is set, return, if it does and mayExist isn't set, return an error
  • Create a new NAT table entry, add it to the DB and add a reference to it to the LogicalRouter

I see this makes sense, apologies for the confusion. Assuming this works I will go ahead and update the NAT related functions using a similar logic

@stgraber stgraber merged commit 410ecc8 into lxc:main May 1, 2024
24 of 25 checks passed
@DhruvNistala
Copy link
Contributor

Hi, we made a few more changes to the CreateLogicalRouterNAT with additional arguments to determine whether it is SNAT or DNAT, and then create the record accordingly. I also deleted the LogicalRouterDNATAdd function.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@stgraber stgraber stgraber approved these changes

Assignees
No one assigned
Labels
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@Abhiram824 @stgraber @DhruvNistala