Nested routers do not SNAT external network traffic #274
Description
ovn-nbctl ls-add outside
ovn-nbctl lsp-add outside outside-localnet
ovn-nbctl lsp-set-addresses outside-localnet unknown
ovn-nbctl lsp-set-type outside-localnet localnet
ovn-nbctl lsp-set-options outside-localnet network_name=phyNet
ovs-vsctl set Open_vSwitch . external-ids:ovn-bridge-mappings=phyNet:br-external
ovn-nbctl lsp-add outside outside-router0
ovn-nbctl lsp-set-type outside-router0 router
ovn-nbctl lsp-set-addresses outside-router0 02:0a:7f:18:01:02
ovn-nbctl lsp-set-options outside-router0 router-port=gateway1-router0-outside
ovn-nbctl lr-add gateway1-router0
ovn-nbctl lrp-add gateway1-router0 gateway1-router0-outside 02:0a:7f:18:01:02 192.168.209.199/24
ovn-nbctl lr-route-add gateway1-router0 0.0.0.0/0 192.168.209.1
ovn-nbctl lrp-set-gateway-chassis gateway1-router0-outside 75e17cc9-72ea-4688-8bb6-96c31443a1f9
ovn-nbctl lrp-add gateway1-router0 gateway1-router0_gateway1-switch0 00:00:00:00:00:01 192.168.35.1/24
ovn-nbctl lr-nat-add gateway1-router0 snat 192.168.209.199 0.0.0.0/0
ovn-nbctl ls-add gateway1-switch0
ovn-nbctl lsp-add gateway1-switch0 gateway1-switch0_gateway1-router0
ovn-nbctl lsp-set-type gateway1-switch0_gateway1-router0 router
ovn-nbctl lsp-set-addresses gateway1-switch0_gateway1-router0 00:00:00:00:00:01
ovn-nbctl lsp-set-options gateway1-switch0_gateway1-router0 router-port=gateway1-router0_gateway1-switch0
ovn-nbctl lsp-add gateway1-switch0 gateway1-switch0-router0
ovn-nbctl lsp-set-type gateway1-switch0-router0 router
ovn-nbctl lsp-set-addresses gateway1-switch0-router0 02:0a:7f:18:01:05
ovn-nbctl lsp-set-options gateway1-switch0-router0 router-port=router0-outside
ovn-nbctl lr-add vRouter_01
ovn-nbctl lrp-add vRouter_01 router0-outside 02:0a:7f:18:01:05 192.168.35.2/24
ovn-nbctl lr-route-add vRouter_01 0.0.0.0/0 192.168.35.1
ovn-nbctl lrp-add vRouter_01 vRouter_01_vSwitch_01 00:00:00:00:00:01 100.10.10.1/24
ovn-nbctl lr-nat-add vRouter_01 snat 192.168.35.2 100.10.10.0/24
ovn-nbctl ls-add vSwitch_01
ovn-nbctl lsp-add vSwitch_01 vSwitch_01_vRouter_01
ovn-nbctl lsp-set-type vSwitch_01_vRouter_01 router
ovn-nbctl lsp-set-addresses vSwitch_01_vRouter_01 00:00:00:00:00:01
ovn-nbctl lsp-set-options vSwitch_01_vRouter_01 router-port=vRouter_01_vSwitch_01
ovn-nbctl lsp-add vSwitch_01 vSwitch_01-vm2
ovn-nbctl lsp-set-addresses vSwitch_01-vm2 "00:00:00:00:00:04 100.10.10.3"
ovn-nbctl lsp-set-port-security vSwitch_01-vm2 "00:00:00:00:00:04 100.10.10.3"
The above is my configuration command. Currently, the user-side router cannot access the external network through the snat rule of vRouter_01. It can only route 100.10.10.0/24 in gateway1-router0. However, if there are multiple vRouter_0.., and 100.10.10.0/24 exists in all the unreachable vRouter_0.., what should I do? Can anyone explain? When snat is nested, how can the lower-level vRouter also be used?