OVN: do not distribute traffic for local FIP

Do not send traffic for local FIP through the overlay tunnels but
manage it in the local hypervisor

Acked-by: Numan Siddique <nusiddiq@redhat.com>
Signed-off-by: Lorenzo Bianconi <lorenzo.bianconi@redhat.com>
Signed-off-by: Ben Pfaff <blp@ovn.org>

2 files changed, 20 insertions, 0 deletions

diff --git a/ovn/northd/ovn-northd.8.xml b/ovn/northd/ovn-northd.8.xml
index e6417220f..193aa210f 100644
--- a/ovn/northd/ovn-northd.8.xml
+++ b/ovn/northd/ovn-northd.8.xml
@@ -1890,6 +1890,13 @@ reg1 = <var>EIP1</var>;
 outport = <code>redirect-chassis-port</code>;
 <code>REGBIT_DISTRIBUTED_NAT = 1; next;</code>.
         </pre>
+
+        <p>
+            Morover a priority-400 logical flow is configured for each
+            <code>dnat_and_snat</code> NAT rule configured in order to
+            not send traffic for local FIP through the overlay tunnels
+            but manage it in the local hypervisor
+        </p>
       </li>
 
       <li>
diff --git a/ovn/northd/ovn-northd.c b/ovn/northd/ovn-northd.c
index e8cbc3534..ba2719321 100644
--- a/ovn/northd/ovn-northd.c
+++ b/ovn/northd/ovn-northd.c
@@ -5277,6 +5277,19 @@ add_distributed_nat_routes(struct hmap *lflows, const struct ovn_port *op)
             continue;
         }
 
+        ds_put_format(&match, "inport == %s && "
+                      "ip4.src == %s && ip4.dst == %s",
+                       op->json_key, nat->logical_ip, nat->external_ip);
+        ds_put_format(&actions, "outport = %s; eth.dst = %s; "
+                      REGBIT_DISTRIBUTED_NAT" = 1; "
+                      REGBIT_NAT_REDIRECT" = 0; next;",
+                      op->od->l3dgw_port->json_key,
+                      nat->external_mac);
+        ovn_lflow_add(lflows, op->od, S_ROUTER_IN_IP_ROUTING, 400,
+                      ds_cstr(&match), ds_cstr(&actions));
+        ds_clear(&match);
+        ds_clear(&actions);
+
         for (size_t j = 0; j < op->od->nbr->n_nat; j++) {
             const struct nbrec_nat *nat2 = op->od->nbr->nat[j];