Bug 1414431

Summary: [RFE] [ODL] Support for Neutron SNAT
Product: Red Hat OpenStack Reporter: Nir Yechiel <nyechiel>
Component: opendaylightAssignee: Aswin Suryanarayanan <asuryana>
Status: CLOSED ERRATA QA Contact: Itzik Brown <itbrown>
Severity: medium Docs Contact:
Priority: medium    
Version: 12.0 (Pike)CC: asuryana, jschluet, lpeer, lruzicka, mkolesni, nyechiel, oblaut, tvignaud
Target Milestone: gaKeywords: FutureFeature, TechPreview, Triaged
Target Release: 12.0 (Pike)   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: opendaylight-6.1.0-1.el7 Doc Type: If docs needed, set a value
Doc Text:
The new conntrack-based SNAT implementation, enabled by default, uses the Linux netfilter framework to do the NAPT (Network Address Port Translation) and track the connection. The first packet in a traffic is passed to the netfilter to be translated with the external IP. The following packets will use the netfilter for further inbound and outbound translation. In the netfilter, the Router ID will be used as the Zone ID. Each zone tracks the connection in its own table. The rest of the implementation remains the same. The conntrack mode also enables the new High Availability logic that newly considers the weight associated with each switch. Also, the switch will always keep one designated NAPT port open, which improves the performance.
 Story Points: ---
Clone Of:
: 1528948 (view as bug list) Environment:
N/A
Last Closed: 2017-12-13 21:02:08 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 1472431, 1515815    
Bug Blocks: 1442136, 1469012, 1528948    

Description Nir Yechiel 2017-01-18 13:36:49 UTC 
Description of problem:

In Source Network Address Translation (SNAT), the NAT router modifies the IP address of the sender in IP packets. SNAT is commonly used to enable VMs with private addresses to communicate with servers on the public Internet, when floating IPs (1:1 NAT) are not used.
Comment 1 Nir Yechiel 2017-01-18 13:42:35 UTC 
Upstream Trello: https://trello.com/c/DMLsrLfq/9-snat-decentralized-ovs-nat-based

NetVirt spec: https://git.opendaylight.org/gerrit/#/c/49029/
Comment 2 Nir Yechiel 2017-01-18 14:11:46 UTC 
Assuming we go with a conntrack-based solution (which is currently being developed for Crabon) - we need to pay attention for differences between OVS and OVS-DPDK (as the first uses the kernel based conttrack implementation, and second the DPDK/user-space one).
Comment 7 Itzik Brown 2017-10-26 21:54:25 UTC 
It fails on HA setup
https://bugzilla.redhat.com/show_bug.cgi?id=1505835
Comment 15 errata-xmlrpc 2017-12-13 21:02:08 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHEA-2017:3462