dsundarraj/snat.txt

## snat.txt
Workflow:

- Assuming that you have a public network already setup

    - Enable that network to be External

        - neutron net-update public —router:external=True
- Create a test network

    - neutron net-create test
    - neutron subnet-create —name test-subnet test 4.4.4.0/24
- Create a neutron router

    - neutron router-create r1
    - neutron router-interface-add r1 test-subnet
- Set the external GW for the router

    - neutron router-gateway-set r1 public

Verification:

root@oblocknode04:~# ip link
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP mode DEFAULT group default qlen 1000
    link/ether 04:7d:7b:b2:8f:80 brd ff:ff:ff:ff:ff:ff
3: em1: <BROADCAST,MULTICAST,SLAVE,UP,LOWER_UP> mtu 1500 qdisc mq master bond0 state UP mode DEFAULT group default qlen 1000
    link/ether 08:9e:01:d9:28:26 brd ff:ff:ff:ff:ff:ff
4: eth2: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN mode DEFAULT group default qlen 1000
    link/ether 04:7d:7b:b2:8f:81 brd ff:ff:ff:ff:ff:ff
5: em2: <BROADCAST,MULTICAST,SLAVE,UP,LOWER_UP> mtu 1500 qdisc mq master bond0 state UP mode DEFAULT group default qlen 1000
    link/ether 08:9e:01:d9:28:26 brd ff:ff:ff:ff:ff:ff
6: bond0: <BROADCAST,MULTICAST,MASTER,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP mode DEFAULT group default
    link/ether 08:9e:01:d9:28:26 brd ff:ff:ff:ff:ff:ff
7: pkt1: <UP,LOWER_UP> mtu 65535 qdisc noqueue state UNKNOWN mode DEFAULT group default
    link/void 36:66:cb:92:8f:47 brd 00:00:00:00:00:00
8: pkt3: <UP,LOWER_UP> mtu 65535 qdisc noqueue state UNKNOWN mode DEFAULT group default
    link/void 7a:db:24:6c:33:2f brd 00:00:00:00:00:00
9: pkt2: <UP,LOWER_UP> mtu 65535 qdisc noqueue state UNKNOWN mode DEFAULT group default
    link/void 4e:1e:58:ff:82:40 brd 00:00:00:00:00:00
10: vhost0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UNKNOWN mode DEFAULT group default qlen 1000
    link/ether 08:9e:01:d9:28:26 brd ff:ff:ff:ff:ff:ff
11: pkt0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UNKNOWN mode DEFAULT group default qlen 500
    link/ether d2:a5:ef:aa:d9:9f brd ff:ff:ff:ff:ff:ff
12: virbr0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN mode DEFAULT group default
    link/ether 86:5b:be:ca:22:f5 brd ff:ff:ff:ff:ff:ff
14: tapa5fbf358-90: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 500
    link/ether 36:49:f3:26:5b:f8 brd ff:ff:ff:ff:ff:ff
15: veth62ec53ff-1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000
    link/ether 86:0a:af:28:29:5e brd ff:ff:ff:ff:ff:ff
16: vethc9da7b40-2: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000
    link/ether 86:28:fc:43:c1:ca brd ff:ff:ff:ff:ff:ff

*********************************************

root@oblocknode04:~# ip netns exec vrouter-884857f0-a961-4229-8653-8cb4ac56b965 iptables -t nat -L
Chain PREROUTING (policy ACCEPT)
target     prot opt source               destination

Chain INPUT (policy ACCEPT)
target     prot opt source               destination

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination

Chain POSTROUTING (policy ACCEPT)
target     prot opt source               destination
MASQUERADE  all  --  anywhere             anywhere
           all  --  anywhere             anywhere
           all  --  anywhere             anywhere
MASQUERADE  all  --  anywhere             anywhere

*********************************************

root@oblocknode04:~# ip netns exec vrouter-884857f0-a961-4229-8653-8cb4ac56b965 ip link list
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
2: int-62ec53ff-1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000
    link/ether 02:b3:95:f7:b7:cd brd ff:ff:ff:ff:ff:ff
3: gw-c9da7b40-22: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000
    link/ether 02:d4:4c:fa:49:cf brd ff:ff:ff:ff:ff:ff
root@oblocknode04:~#
root@oblocknode04:~#

**************************************************

root@oblocknode04:~# ip netns exec vrouter-884857f0-a961-4229-8653-8cb4ac56b965 ip route
default dev gw-c9da7b40-22  scope link
10.87.25.0/25 dev gw-c9da7b40-22  proto kernel  scope link  src 10.87.25.4
100.64.0.0/29 dev int-62ec53ff-1  proto kernel  scope link  src 100.64.0.4
root@oblocknode04:~#

***********************************************

Introspect:
http://10.87.25.250:8088/Snh_ServiceInstanceList?si_name=

SNAT Healthchecks

Healthcheck interval can be configured in contrail-svc-monitor.conf as

check_service_interval=<seconds>
	Workflow:

	- Assuming that you have a public network already setup

	- Enable that network to be External

	- neutron net-update public —router:external=True
	- Create a test network

	- neutron net-create test
	- neutron subnet-create —name test-subnet test 4.4.4.0/24
	- Create a neutron router

	- neutron router-create r1
	- neutron router-interface-add r1 test-subnet
	- Set the external GW for the router

	- neutron router-gateway-set r1 public

	Verification:

	root@oblocknode04:~# ip link
	1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default
	link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
	2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP mode DEFAULT group default qlen 1000
	link/ether 04:7d:7b:b2:8f:80 brd ff:ff:ff:ff:ff:ff
	3: em1: <BROADCAST,MULTICAST,SLAVE,UP,LOWER_UP> mtu 1500 qdisc mq master bond0 state UP mode DEFAULT group default qlen 1000
	link/ether 08:9e:01:d9:28:26 brd ff:ff:ff:ff:ff:ff
	4: eth2: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN mode DEFAULT group default qlen 1000
	link/ether 04:7d:7b:b2:8f:81 brd ff:ff:ff:ff:ff:ff
	5: em2: <BROADCAST,MULTICAST,SLAVE,UP,LOWER_UP> mtu 1500 qdisc mq master bond0 state UP mode DEFAULT group default qlen 1000
	link/ether 08:9e:01:d9:28:26 brd ff:ff:ff:ff:ff:ff
	6: bond0: <BROADCAST,MULTICAST,MASTER,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP mode DEFAULT group default
	link/ether 08:9e:01:d9:28:26 brd ff:ff:ff:ff:ff:ff
	7: pkt1: <UP,LOWER_UP> mtu 65535 qdisc noqueue state UNKNOWN mode DEFAULT group default
	link/void 36:66:cb:92:8f:47 brd 00:00:00:00:00:00
	8: pkt3: <UP,LOWER_UP> mtu 65535 qdisc noqueue state UNKNOWN mode DEFAULT group default
	link/void 7a:db:24:6c:33:2f brd 00:00:00:00:00:00
	9: pkt2: <UP,LOWER_UP> mtu 65535 qdisc noqueue state UNKNOWN mode DEFAULT group default
	link/void 4e:1e:58:ff:82:40 brd 00:00:00:00:00:00
	10: vhost0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UNKNOWN mode DEFAULT group default qlen 1000
	link/ether 08:9e:01:d9:28:26 brd ff:ff:ff:ff:ff:ff
	11: pkt0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UNKNOWN mode DEFAULT group default qlen 500
	link/ether d2:a5:ef:aa:d9:9f brd ff:ff:ff:ff:ff:ff
	12: virbr0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN mode DEFAULT group default
	link/ether 86:5b:be:ca:22:f5 brd ff:ff:ff:ff:ff:ff
	14: tapa5fbf358-90: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 500
	link/ether 36:49:f3:26:5b:f8 brd ff:ff:ff:ff:ff:ff
	15: veth62ec53ff-1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000
	link/ether 86:0a:af:28:29:5e brd ff:ff:ff:ff:ff:ff
	16: vethc9da7b40-2: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000
	link/ether 86:28:fc:43:c1:ca brd ff:ff:ff:ff:ff:ff

	*********************************************

	root@oblocknode04:~# ip netns exec vrouter-884857f0-a961-4229-8653-8cb4ac56b965 iptables -t nat -L
	Chain PREROUTING (policy ACCEPT)
	target prot opt source destination

	Chain INPUT (policy ACCEPT)
	target prot opt source destination

	Chain OUTPUT (policy ACCEPT)
	target prot opt source destination

	Chain POSTROUTING (policy ACCEPT)
	target prot opt source destination
	MASQUERADE all -- anywhere anywhere
	all -- anywhere anywhere
	all -- anywhere anywhere
	MASQUERADE all -- anywhere anywhere

	*********************************************

	root@oblocknode04:~# ip netns exec vrouter-884857f0-a961-4229-8653-8cb4ac56b965 ip link list
	1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default
	link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
	2: int-62ec53ff-1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000
	link/ether 02:b3:95:f7:b7:cd brd ff:ff:ff:ff:ff:ff
	3: gw-c9da7b40-22: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000
	link/ether 02:d4:4c:fa:49:cf brd ff:ff:ff:ff:ff:ff
	root@oblocknode04:~#
	root@oblocknode04:~#

	**************************************************

	root@oblocknode04:~# ip netns exec vrouter-884857f0-a961-4229-8653-8cb4ac56b965 ip route
	default dev gw-c9da7b40-22 scope link
	10.87.25.0/25 dev gw-c9da7b40-22 proto kernel scope link src 10.87.25.4
	100.64.0.0/29 dev int-62ec53ff-1 proto kernel scope link src 100.64.0.4
	root@oblocknode04:~#

	***********************************************

	Introspect:
	http://10.87.25.250:8088/Snh_ServiceInstanceList?si_name=

	SNAT Healthchecks

	Healthcheck interval can be configured in contrail-svc-monitor.conf as

	check_service_interval=<seconds>