Bug 1414431 - [RFE] [ODL] Support for Neutron SNAT
Summary: [RFE] [ODL] Support for Neutron SNAT
Alias: None
Product: Red Hat OpenStack
Classification: Red Hat
Component: opendaylight
Version: 12.0 (Pike)
Hardware: Unspecified
OS: Unspecified
Target Milestone: ga
: 12.0 (Pike)
Assignee: Aswin Suryanarayanan
QA Contact: Itzik Brown
Depends On: 1472431 1515815
Blocks: Red Hat1442136 1469012 1528948
TreeView+ depends on / blocked
Reported: 2017-01-18 13:36 UTC by Nir Yechiel
Modified: 2018-10-18 07:18 UTC (History)
8 users (show)

Fixed In Version: opendaylight-6.1.0-1.el7
Doc Type: If docs needed, set a value
Doc Text:
The new conntrack-based SNAT implementation, enabled by default, uses the Linux netfilter framework to do the NAPT (Network Address Port Translation) and track the connection. The first packet in a traffic is passed to the netfilter to be translated with the external IP. The following packets will use the netfilter for further inbound and outbound translation. In the netfilter, the Router ID will be used as the Zone ID. Each zone tracks the connection in its own table. The rest of the implementation remains the same. The conntrack mode also enables the new High Availability logic that newly considers the weight associated with each switch. Also, the switch will always keep one designated NAPT port open, which improves the performance.
Clone Of:
: 1528948 (view as bug list)
Last Closed: 2017-12-13 21:02:08 UTC
Target Upstream Version:

Attachments (Terms of Use)

System ID Private Priority Status Summary Last Updated
OpenDaylight gerrit 65623 0 None None None 2017-11-23 10:56:50 UTC
Red Hat Product Errata RHEA-2017:3462 0 normal SHIPPED_LIVE Red Hat OpenStack Platform 12.0 Enhancement Advisory 2018-02-16 01:43:25 UTC

Description Nir Yechiel 2017-01-18 13:36:49 UTC
Description of problem:

In Source Network Address Translation (SNAT), the NAT router modifies the IP address of the sender in IP packets. SNAT is commonly used to enable VMs with private addresses to communicate with servers on the public Internet, when floating IPs (1:1 NAT) are not used.

Comment 2 Nir Yechiel 2017-01-18 14:11:46 UTC
Assuming we go with a conntrack-based solution (which is currently being developed for Crabon) - we need to pay attention for differences between OVS and OVS-DPDK (as the first uses the kernel based conttrack implementation, and second the DPDK/user-space one).

Comment 7 Itzik Brown 2017-10-26 21:54:25 UTC
It fails on HA setup

Comment 15 errata-xmlrpc 2017-12-13 21:02:08 UTC
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.


Note You need to log in before you can comment on or make changes to this bug.