I have read through this topic and I can create a network forward over an OVN network but I’m not sure about the following.
The network forward must listen on the address specified in volatile.network.ipv4.address, does this mean that the same port cannot be reused multiple times?
I have two twin services: one running on c1 (on cluster node lxd01) and another running on c2 (on cluster node lxd02), listening on the same port. If I could use the address of the cluster node as listening forward address, I could define two network forwards and this is what I’m currently doing with a FAN network.
You cannot have multiple forwards setup on the same combination of IP and port - how would the network know where to send the packets (unless you wanted to load balancer the same port to multiple backend instances)?
However you can setup multiple forwards using the same IP, but with different listen ports, or you can setup multiple forwards using different listen IPs and the same port.
To do this you need to make additional IPs available to the virtual OVN router by specifying them on the LXD uplink network being used.
E.g.
lxc network set <uplink network> ipv4.routes=<CIDR>
For example:
lxc network set <uplink network> ipv4.routes=192.168.1.10/32,10.1.1.0/24
You also need to make sure those IPs are routed to the OVN network’s volatile.network.ipv4.address address.
You cannot have multiple forwards setup on the same combination of IP and port - how would the network know where to send the packets (unless you wanted to load balancer the same port to multiple backend instances)?
True. Probably my wording is not the best… what I’m trying to do is to have on OVN the same behaviour as in a FAN, where I define the forwards on the cluster nodes IPs.
Trying to follow your instructions, let me try to settle it in an example.
Let’s say I want to define network forwards on two different IPs and the same port. Both addresses are in 10.1.1.0/24, they are 10.1.1.20 and 10.1.1.30. So I set:
$ lxc network set uplink ipv4.routes=10.1.1.0/24
$ lxc network get my-ovn volatile.network.ipv4.address
10.1.1.10
I have found out that the listening network forwards must be in the range defined by ipv4.ovn.ranges in the uplink definition. In this case no further modification of routes is needed.
While doing some tests I found out that for very wide ranges (20000 ports) defined on a ovn-backed network forward throws the error:
/snap/lxd/27037/bin/ovn-nbctl: argument list too long
this is something was also happening on “normal” network forward, is it a known limitation for ovn-backed network forwards? I’m using LXD 5.0.3 and the use case is a WebRTC-based application.
The ipv4.ovn.ranges is used when creating OVN networks connected to that uplink to pick a free address for the OVN network’s virtual router address on the uplink (indicated by volatile.network.ipv4.address).
However if you set ipv4.routes to address(es) in the same subnet as the uplink network then OVN should respond to ARP requests for those IPs without needing to setup a route the network’s volatile.network.ipv4.address address.
This is probably a bug/limitation even in LXD wrt to the way it interacts with OVN or in the OVN tooling, please can you create an issue here https://github.com/canonical/lxd/issues
