1414431 – [RFE] [ODL] Support for Neutron SNAT

Bug 1414431 - [RFE] [ODL] Support for Neutron SNAT

Summary: [RFE] [ODL] Support for Neutron SNAT

Keywords:
Status:	CLOSED ERRATA
Alias:	None
Product:	Red Hat OpenStack
Classification:	Red Hat
Component:	opendaylight
Sub Component:
Version:	12.0 (Pike)
Hardware:	Unspecified
OS:	Unspecified
Priority:	medium
Severity:	medium
Target Milestone:	ga
Target Release:	12.0 (Pike)
Assignee:	Aswin Suryanarayanan
QA Contact:	Itzik Brown
Docs Contact:
URL:
Whiteboard:
Depends On:	1472431 1515815
Blocks:	Red Hat1442136 1469012 1528948
TreeView+	depends on / blocked

Reported:	2017-01-18 13:36 UTC by Nir Yechiel
Modified:	2018-10-18 07:18 UTC (History)
CC List:	8 users (show)
Fixed In Version:	opendaylight-6.1.0-1.el7
Doc Type:	If docs needed, set a value
Doc Text:	The new conntrack-based SNAT implementation, enabled by default, uses the Linux netfilter framework to do the NAPT (Network Address Port Translation) and track the connection. The first packet in a traffic is passed to the netfilter to be translated with the external IP. The following packets will use the netfilter for further inbound and outbound translation. In the netfilter, the Router ID will be used as the Zone ID. Each zone tracks the connection in its own table. The rest of the implementation remains the same. The conntrack mode also enables the new High Availability logic that newly considers the weight associated with each switch. Also, the switch will always keep one designated NAPT port open, which improves the performance.
Clone Of:
Clones:	1528948 (view as bug list)
Environment:	N/A
Last Closed:	2017-12-13 21:02:08 UTC
Target Upstream Version:

Attachments	(Terms of Use)

Links
System	ID	Private	Priority	Status	Summary	Last Updated
OpenDaylight gerrit	65623	0	None	None	None	2017-11-23 10:56:50 UTC
Red Hat Product Errata	RHEA-2017:3462	0	normal	SHIPPED_LIVE	Red Hat OpenStack Platform 12.0 Enhancement Advisory	2018-02-16 01:43:25 UTC

Description Nir Yechiel 2017-01-18 13:36:49 UTC

Description of problem:

In Source Network Address Translation (SNAT), the NAT router modifies the IP address of the sender in IP packets. SNAT is commonly used to enable VMs with private addresses to communicate with servers on the public Internet, when floating IPs (1:1 NAT) are not used.

Comment 1 Nir Yechiel 2017-01-18 13:42:35 UTC

Upstream Trello: https://trello.com/c/DMLsrLfq/9-snat-decentralized-ovs-nat-based

NetVirt spec: https://git.opendaylight.org/gerrit/#/c/49029/

Comment 2 Nir Yechiel 2017-01-18 14:11:46 UTC

Assuming we go with a conntrack-based solution (which is currently being developed for Crabon) - we need to pay attention for differences between OVS and OVS-DPDK (as the first uses the kernel based conttrack implementation, and second the DPDK/user-space one).

Comment 7 Itzik Brown 2017-10-26 21:54:25 UTC

It fails on HA setup
https://bugzilla.redhat.com/show_bug.cgi?id=1505835

Comment 15 errata-xmlrpc 2017-12-13 21:02:08 UTC

Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHEA-2017:3462

Note You need to log in before you can comment on or make changes to this bug.