Bug 2125247

Summary: [RFE Request] Support conditional SNATs
Product: Red Hat Enterprise Linux Fast Datapath Reporter: Surya Seetharaman <surya>
Component: OVNAssignee: OVN Team <ovnteam>
Status: NEW --- QA Contact: Jianlin Shi <jishi>
Severity: unspecified Docs Contact:
Priority: medium    
Version: FDP 22.LCC: ctrautma, jiji, mmichels
Target Milestone: ---   
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 2078222    

Description Surya Seetharaman 2022-09-08 12:39:42 UTC 
Description of problem:

Currently there is no way to express conditional SNATs in OVN if the packets are coming from the same srcIP. Example:

TYPE             GATEWAY_PORT          EXTERNAL_IP        EXTERNAL_PORT    LOGICAL_IP          EXTERNAL_MAC         LOGICAL_PORT
snat                                   172.18.0.4                          10.244.2.5
snat                                   172.18.0.4                          10.244.2.4
snat                                   172.18.0.4                          10.244.2.3
snat                                   172.18.0.9                          10.244.2.3


Can we have a way to say when to use 0.9 versus when to use 0.4 ? Maybe based on pkt_mark-ing? That way say I mark a specific set of packets that match a policy:

101 ip4.src == $a12749576804119081385 && ip4.dst == $a11079093880111560446     allow         pkt_mark="1008"

Later if there are two SNATs that match on same srcIP can we give precedence based on pkt_mark?


Additional info:
An alternative to this is to implement pkt_marking also on switches, so that once I match on switch, I can take a decision based on the mark on routers to route traffic? Currently once I mark using a policy, there aren't many options to then match on this mark and take a decision or express that in OVNK via OVN.