Serving DNS over OVN networks and accessing the instances from the hosts

LXD
, ,
61

I just did, first with the host’s own gateway (wrong?), then with the host’s own IP:

$ ip r
default via 10.130.40.2 dev lan0 proto static 
10.130.40.0/22 dev lan0 proto kernel scope link src 10.130.40.81 
10.138.38.0/24 dev lxd-provision proto kernel scope link src 10.138.38.2

First attempt:

$ lxc network show ovn-overlay
config:
  ipv4.gateway: 10.130.40.2/22
  ipv4.ovn.ranges: 10.130.40.100-10.130.40.110
  volatile.last_state.created: "false"

(and after reverting the supersede routers from dhclient.conf), I was not getting any routing. Then:

$ lxc network show ovn-overlayconfig:
  ipv4.gateway: 10.130.40.81/22
  ipv4.ovn.ranges: 10.130.40.100-10.130.40.110
  volatile.last_state.created: "false"

But still not routing. Not sure what’s missing now.

62

At least the new OVN networks’ switches do have an IP in the range now:

$ sudo ovn-nbctl show
switch 4184c690-fa7d-4e69-9188-95a630d29631 (lxd-net30-ls-int)
    port lxd-net30-instance-57df066e-7abb-448a-b7d8-0491c7756157-eth0
        addresses: ["00:16:3e:89:a2:d7 dynamic"]
    port lxd-net30-ls-int-lsp-router
        type: router
        router-port: lxd-net30-lr-lrp-int
switch 867302e9-bcfc-4ee3-b935-2b2dbb63a180 (lxd-net25-ls-int)
    port lxd-net25-instance-57df066e-7abb-448a-b7d8-0491c7756157-provision
        addresses: ["00:16:3e:13:a3:eb dynamic"]
    port lxd-net25-instance-57df066e-7abb-448a-b7d8-0491c7756157-ipmi
        addresses: ["00:16:3e:dc:2f:f4 dynamic"]
    port lxd-net25-ls-int-lsp-router
        type: router
        router-port: lxd-net25-lr-lrp-int
    port lxd-provision
        addresses: ["dynamic"]
switch 9e3acfd9-a8ef-4ae5-a84c-08b711ee624b (lxd-net30-ls-ext)
    port lxd-net30-ls-ext-lsp-router
        type: router
        router-port: lxd-net30-lr-lrp-ext
    port lxd-net30-ls-ext-lsp-provider
        type: localnet
        addresses: ["unknown"]
router 81a485b1-9d41-4db7-b316-d57b28ed1ea0 (lxd-net30-lr)
    port lxd-net30-lr-lrp-int
        mac: "00:16:3e:c9:f6:5f"
        networks: ["10.11.1.1/24", "fd42:e9e3:2598:5320::1/64"]
    port lxd-net30-lr-lrp-ext
        mac: "00:16:3e:c9:f6:5f"
        networks: ["10.130.40.100/22"]
    nat d650a0fe-9041-4f57-8ebc-ec2d4a1b6c8b
        external ip: "10.130.40.100"
        logical ip: "10.11.1.0/24"
        type: "snat"
router fc6149f6-1cf3-47ba-83ab-46ddc513c137 (lxd-net25-lr)
    port lxd-net25-lr-lrp-int
        mac: "00:16:3e:e9:5f:fc"
        networks: ["10.138.38.1/24", "fd42:d6a0:aebf:2a0::1/64"]

But the router for lxd-provision does not, only because I didn’t recreate it. I will, I just have to redo some stuff.

But this brings up another point: I need a free range of IPs on the hosts’ network so OVN can use it. I wonder why does OVN need that and can’t just use private IPs and rely on the host to do routing and NAT’ing.

Which also brings me to something you suggested several times:

[if you are] happy for outbound connections to take on the address of the LXD server its running on […] then you can just create a private LXD bridge network and then use that as the OVN uplink network. in that way outbound connections from the OVN networks will be NATted to the source address of the active LXD gateway

So instead of replacing the LXD bridge network I had before, I just put OVN on top of it?

10.130.40.2/22 <--> lan0:enp2s0:10.130.40.81 <-- [routing:NAT] lxd-bridge:random_IP <--> OVN router <--> OVN network <--> instances

Is that the complete picture?

Also:

I guess it’s these ones:

Can’t we just get rid of the OVN router and use the host as the router like a LXD bridge network does?