I have setup a OVN cluster of 3 servers and created containers using one of the network in ovn.
Now containers can connect with each other and works fine.
But I cannot find a simple way to access containers from host directly. Is there a simple way it can be done or need to manually create a route for it?
Ok I was able to fix the issue by just creating a route through the ovn gateway for the created network. It might be useful for others so documenting the steps (Name UPLINK is my own you can choose any name for this network connected to br0 bridge) :
incus network create UPLINK --type=physical parent=br0 --target=pc1
incus network create UPLINK --type=physical parent=br0 --target=pc2
incus network create UPLINK --type=physical parent=br0 --target=pc3
incus network create UPLINK --type=physical \
ipv4.ovn.ranges=192.168.1.198-192.168.1.218 \
ipv4.gateway=192.168.1.1/24 \
dns.nameservers=1.1.1.1,1.1.2.2 \
ovn.ingress_mode=routed \
ipv4.routes=192.168.1.0/24,172.21.8.0/24
incus network create test-ovn --type=ovn
incus launch images:ubuntu/22.04 c1 --network test-ovn
incus list
+------+---------+-------------------+-----------------------------------------------+-----------+-----------+----------+
| NAME | STATE | IPV4 | IPV6 | TYPE | SNAPSHOTS | LOCATION |
+------+---------+-------------------+-----------------------------------------------+-----------+-----------+----------+
| c1 | RUNNING | 10.156.8.2 (eth0) | fd42:c2cb:34e0:607a:216:3eff:fe3d:ea00 (eth0) | CONTAINER | 0 | pc2 |
+------+---------+-------------------+-----------------------------------------------+-----------+-----------+----------+
incus exec c1 -- bash
root@c1:~# ping www.google.com
PING www.google.com (142.250.4.104) 56(84) bytes of data.
64 bytes from sm-in-f104.1e100.net (142.250.4.104): icmp_seq=1 ttl=106 time=7.80 ms
64 bytes from sm-in-f104.1e100.net (142.250.4.104): icmp_seq=2 ttl=106 time=5.35 ms
^C
--- www.google.com ping statistics ---
2 packets transmitted, 2 received, 0% packet loss, time 1002ms
rtt min/avg/max/mdev = 5.353/6.576/7.799/1.223 ms
So the network is creating and container can access internet. Now the issue is need to access the container from host. The easiest way to do it is by setting up the route as follows:
incus network show test-ovn
config:
bridge.mtu: "1442"
ipv4.address: 10.156.8.1/24
ipv4.nat: "true"
ipv6.address: fd42:c2cb:34e0:607a::1/64
ipv6.nat: "true"
network: UPLINK
volatile.network.ipv4.address: 192.168.1.198
description: ""
name: test-ovn
type: ovn
used_by:
- /1.0/instances/c1
managed: true
status: Created
locations:
- pc1
- pc2
- pc3
sudo ip route add 10.156.8.0/24 via 192.168.1.198
ip r show
default via 192.168.1.1 dev br0 proto static
10.156.8.0/24 via 192.168.1.198 dev br0
172.21.8.0/24 dev br0 proto kernel scope link src 172.21.8.1
192.168.1.0/24 dev br0 proto kernel scope link src 192.168.1.168
ping 10.156.8.2
PING 10.156.8.2 (10.156.8.2) 56(84) bytes of data.
64 bytes from 10.156.8.2: icmp_seq=1 ttl=63 time=2.23 ms
64 bytes from 10.156.8.2: icmp_seq=2 ttl=63 time=2.72 ms
64 bytes from 10.156.8.2: icmp_seq=3 ttl=63 time=1.84 ms
64 bytes from 10.156.8.2: icmp_seq=4 ttl=63 time=2.00 ms
64 bytes from 10.156.8.2: icmp_seq=5 ttl=63 time=2.41 ms
^C
--- 10.156.8.2 ping statistics ---
5 packets transmitted, 5 received, 0% packet loss, time 4007ms
rtt min/avg/max/mdev = 1.836/2.238/2.716/0.308 ms
So things works now but still need to experiment on how to make use of another subnet 172.21.8.0/24 to use as UPLINK physical network.