zcq98
commented
8 months ago 当前配置 ovn 不知道要将 172.18.120.173 路由到哪,尝试在 vpc1 上添加静态路由:
kind: Vpc
apiVersion: kubeovn.io/v1
metadata:
annotations:
bs.network.io/cidrBlock: 10.50.0.0/16
bs.network.io/workspace: custom-vm
kubesphere.io/alias-name: vpc1
kubesphere.io/creator: sean
name: vpc1
spec:
namespaces:
- vpc1-ns
staticRoutes:
- cidr: 10.50.1.0/24
nextHopIP: 172.18.164.254
policy: policySrc
enableExternal: true将源地址为 10.50.1.0/24 的流量路由至网关,只有到网关节点的流量才会进行 snat
geniusxiong
bobz965
github-actions[bot]
Bug Report
v1.13.0 自定义VPC下,子网配置SNAT后,子网下的pod只能访问snat同网段的ip地址,不能访问其他网段的ip
Expected Behavior
能够访问可访问到的ip
Actual Behavior
Steps to Reproduce the Problem
[root@master-0 ovn]# cat provider-network.yaml apiVersion: kubeovn.io/v1 kind: ProviderNetwork metadata: name: external204 spec: defaultInterface: ens33
[root@master-0 ovn]# cat vlan.yaml apiVersion: kubeovn.io/v1 kind: Vlan metadata: name: vlan0 spec: id: 0 provider: external204
[root@master-0 ovn]# cat vlan-subnet.yaml apiVersion: kubeovn.io/v1 kind: Subnet metadata: name: external204 spec: protocol: IPv4 cidrBlock: 172.18.164.0/24 gateway: 172.18.164.254 vlan: vlan0 excludeIps:
[root@master-0 ovn]# cat ovn-subnet-snat.yaml kind: OvnSnatRule apiVersion: kubeovn.io/v1 metadata: name: snat-for-subnet-in-vpc spec: ovnEip: snat-for-subnet-in-vpc vpcSubnet: vpc1-subnet1 # eip 对应整个网段
[root@master-0 ovn]# kubectl ko nbctl show vpc1 router c87bf6bc-6dd4-4836-bc14-10b224a37dbe (vpc1) port vpc1-vpc1-subnet1 mac: "00:00:00:2C:8E:D1" networks: ["10.50.1.1/24"] port vpc1-external204 mac: "00:00:00:2F:90:BA" networks: ["172.18.164.60/24"] gateway chassis: [5449d348-3f4b-4c5e-ba0d-eb0fa987c3d0 b76a3e7e-9c42-41f3-ac4b-7d2235247a41] nat 54ed768f-963e-43c2-b85b-b9bc397a40e9 external ip: "172.18.164.58" logical ip: "10.50.1.0/24" type: "snat"
/ # ip addr 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 inet 127.0.0.1/8 scope host lo valid_lft forever preferred_lft forever 83: eth0@if84: <BROADCAST,MULTICAST,UP,LOWER_UP,M-DOWN> mtu 1400 qdisc noqueue state UP link/ether 00:00:00:1b:ab:b9 brd ff:ff:ff:ff:ff:ff inet 10.50.1.4/24 brd 10.50.1.255 scope global eth0 valid_lft forever preferred_lft forever
/ # ping -s 100 172.18.164.12 PING 172.18.164.12 (172.18.164.12): 100 data bytes 108 bytes from 172.18.164.12: seq=0 ttl=127 time=1.744 ms 108 bytes from 172.18.164.12: seq=1 ttl=127 time=1.440 ms 108 bytes from 172.18.164.12: seq=2 ttl=127 time=0.573 ms 108 bytes from 172.18.164.12: seq=3 ttl=127 time=0.438 ms 108 bytes from 172.18.164.12: seq=4 ttl=127 time=2.867 ms 108 bytes from 172.18.164.12: seq=5 ttl=127 time=0.655 ms 108 bytes from 172.18.164.12: seq=6 ttl=127 time=2.517 ms 108 bytes from 172.18.164.12: seq=7 ttl=127 time=1.195 ms 108 bytes from 172.18.164.12: seq=8 ttl=127 time=0.913 ms 108 bytes from 172.18.164.12: seq=9 ttl=127 time=0.558 ms 108 bytes from 172.18.164.12: seq=10 ttl=127 time=0.352 ms 108 bytes from 172.18.164.12: seq=11 ttl=127 time=0.359 ms 108 bytes from 172.18.164.12: seq=12 ttl=127 time=0.691 ms 108 bytes from 172.18.164.12: seq=13 ttl=127 time=0.440 ms 108 bytes from 172.18.164.12: seq=14 ttl=127 time=0.800 ms 108 bytes from 172.18.164.12: seq=15 ttl=127 time=0.421 ms ^C --- 172.18.164.12 ping statistics --- 16 packets transmitted, 16 packets received, 0% packet loss round-trip min/avg/max = 0.352/0.997/2.867 ms
/ # ping -s 100 172.18.120.173 PING 172.18.120.173 (172.18.120.173): 100 data bytes ^C --- 172.18.120.173 ping statistics --- 9 packets transmitted, 0 packets received, 100% packet loss
1.18.6
operation-system/kernel version:
Output of
awk -F '=' '/PRETTY_NAME/ { print $2 }' /etc/os-release: Output ofuname -r: