Playing with ovn part 3

In this last post i will explain to create the snat&dnat or a.k.a floating ip,just like previous post let create the topology fist


  • 1 Controller as a gateway
  • 1 Logical router
  • 3 Logical switch
  • 2 Compute
  • 2 Client


red : physical network
blue : overlay network
light blue : virtual network
light green : virtual network
purple : floating ip network
yello : logical router

  • Controller :
  • Compute 1 :
  • Compute 2 :
  • vm2 :


Because the topology was same like part 2 so in here i’m just add steps to add fip

root@ubuntu-nested-1:~# ovs-vsctl set open_vswitch . external-ids:ovn-bridge-mappings=phyNet:br-ex
root@ubuntu-nested-1:~# ovs-vsctl add-br br-ex
root@ubuntu-nested-1:~# ovs-vsctl add-port br-ex enp7s0
root@ubuntu-nested-1:~# ifconfig enp7s0 up

Fist is set the bridge mapping for the outside,in here i’m use br-ex and the interface to connect with outside is enp7s0

root@ubuntu-nested-1:~# ovn-nbctl ls-add public
root@ubuntu-nested-1:~# ovn-nbctl lsp-add public ln-public
root@ubuntu-nested-1:~# ovn-nbctl lsp-set-type ln-public localnet
root@ubuntu-nested-1:~# ovn-nbctl lsp-set-addresses ln-public unknown
root@ubuntu-nested-1:~# ovn-nbctl lsp-set-options ln-public network_name=phyNet

After that create the logical switch for floating ip network,in here i was set the in-public port to address unknown and the network_name phyNet

root@ubuntu-nested-1:~# ovn-nbctl lrp-add router1 router1-public 00:00:00:00:00:fe
root@ubuntu-nested-1:~# ovn-nbctl lsp-add public public-router1
root@ubuntu-nested-1:~# ovn-nbctl lsp-set-type public-router1 router
root@ubuntu-nested-1:~# ovn-nbctl lsp-set-addresses public-router1 router
root@ubuntu-nested-1:~# ovn-nbctl lsp-set-options public-router1 router-port=router1-public

Now connecting the floating ip network to router1

root@ubuntu-nested-1:~# ovn-nbctl lrp-set-gateway-chassis router1-public host1 20
root@ubuntu-nested-1:~# ovn-sbctl show
Chassis host3
    hostname: ubuntu-nested-3
    Encap geneve
        ip: ""
        options: {csum="true"}
    Port_Binding vm2
Chassis host1
    hostname: ubuntu-nested-1
    Encap geneve
        ip: ""
        options: {csum="true"}
    Port_Binding cr-router1-public
Chassis host2
    hostname: ubuntu-nested-2
    Encap geneve
        ip: ""
        options: {csum="true"}
    Port_Binding vm1

After the fip network was connected with router1 it’s time to bind the port who connecting fip network to router into controller 1 as a gateway

root@ubuntu-nested-1:~# ovn-nbctl lr-nat-add router1 dnat_and_snat

the last is add the dnat&snat to ip vm2

╭─[403] as humanz in /mnt/Data/ on (master)
╰─(ノ˚Д˚)ノ ifconfig virbr1    
virbr1: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        inet  netmask  broadcast
        ether 52:54:00:75:b7:ae  txqueuelen 1000  (Ethernet)
        RX packets 79  bytes 6314 (6.1 KiB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 378  bytes 70598 (68.9 KiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

╭─[403] as humanz in /mnt/Data/ on (master)
╰─(ノ˚Д˚)ノ ping -c 3
PING ( 56(84) bytes of data.
64 bytes from icmp_seq=1 ttl=63 time=1.14 ms
64 bytes from icmp_seq=2 ttl=63 time=0.340 ms
64 bytes from icmp_seq=3 ttl=63 time=0.310 ms

--- ping statistics ---
3 packets transmitted, 3 received, 0% packet loss, time 2013ms
rtt min/avg/max/mdev = 0.310/0.597/1.143/0.385 ms

As you can see,my laptop can reach the vm2 ip address

root@ubuntu-nested-3:~# ip netns exec vm2-ns ping -c 2
PING ( 56(84) bytes of data.
64 bytes from icmp_seq=1 ttl=63 time=0.306 ms
64 bytes from icmp_seq=2 ttl=63 time=0.404 ms

--- ping statistics ---
2 packets transmitted, 2 received, 0% packet loss, time 1023ms
rtt min/avg/max/mdev = 0.306/0.355/0.404/0.049 ms
root@ubuntu-nested-3:~# ip netns exec vm2-ns nc -v 8118
Connection to 8118 port [tcp/*] succeeded!


╭─[403] as humanz in ~
╰──➤ nc -lp 8118                   

from vm2 to my laptop also fine.

all steps from part 1 until part 3 already on my github,if you have some question you can open a issues