1472431 – Support for configuring the SNAT mode in Opendaylight

Bug 1472431 - Support for configuring the SNAT mode in Opendaylight

Summary: Support for configuring the SNAT mode in Opendaylight

Keywords:
Status:	CLOSED ERRATA
Alias:	None
Product:	Red Hat OpenStack
Classification:	Red Hat
Component:	openstack-tripleo-heat-templates
Sub Component:
Version:	12.0 (Pike)
Hardware:	Unspecified
OS:	Unspecified
Priority:	high
Severity:	high
Target Milestone:	beta
Target Release:	12.0 (Pike)
Assignee:	Janki
QA Contact:	Itzik Brown
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:	1414431 1528948
TreeView+	depends on / blocked

Reported:	2017-07-18 17:22 UTC by Sridhar Gaddam
Modified:	2018-10-18 07:21 UTC (History)
CC List:	4 users (show)
Fixed In Version:	openstack-tripleo-heat-templates-7.0.0-0.20170913050522.0d7373c.el7.centos
Doc Type:	If docs needed, set a value
Doc Text:
Clone Of:
Environment:	N/A
Last Closed:	2017-12-13 21:42:20 UTC
Target Upstream Version:

Attachments	(Terms of Use)

Links
System	ID	Priority	Status	Summary	Last Updated
Launchpad	1710614	None	None	None	2017-08-14 12:31:10 UTC
OpenDaylight Bug	8985	None	None	None	2017-08-14 12:25:57 UTC
OpenDaylight gerrit	61607	None	None	None	2017-08-14 12:27:04 UTC
OpenStack gerrit	493861	None	None	None	2017-08-15 12:51:47 UTC
Red Hat Product Errata	RHEA-2017:3462	normal	SHIPPED_LIVE	Red Hat OpenStack Platform 12.0 Enhancement Advisory	2018-02-16 01:43:25 UTC

Description Sridhar Gaddam 2017-07-18 17:22:05 UTC

Description of problem:

OpenDaylight Carbon includes support for SNAT via Conntrack along with the existing mechanism which is Controller based.
However, SNAT conntrack is not enabled by default. 

Inorder to use SNAT Conntrack mode, one has to explicitly set "conntrack" (PSB) in "etc/opendaylight/datastore/initial/config/netvirt-natservice-config.xml" before starting karaf.

<natservice-config xmlns="urn:opendaylight:netvirt:natservice:config">
  <nat-mode>conntrack</nat-mode>                                                                                                                                                              
</natservice-config>

We have to expose this configuration in puppet-opendaylight and tripleo.

Comment 1 Nir Yechiel 2017-07-27 06:07:25 UTC

The plan for Pike is to expose both SNAT options (controller-based and conntrack-based) in TripleO, and set the conntrack-based as default. 

If further testing will reveal major issues with conntrack, we will reconsider this - but the current assumption is that the conntrack based solution should be our focus from now on and that the feature is stable enough.

Comment 3 Nir Yechiel 2017-08-02 23:29:33 UTC

This topic was discussed again today, and the consensus was that we should take advantage of the fact the we have different environment files for OVS and OVS-DPDK, and have separate default for each. 

OVS should default to conntrack and OVS-DPDK to controller-based. Reason for this is that the required conntrack support is not available in OVS 2.7, which is the version we are targeting for Pike/RHOSP 12.

Comment 4 Janki 2017-09-07 06:15:34 UTC

Stand-alone ODL will use controller to be default for both the cases. T-H-T will set default mechanism to conntrack for OVS and controller for OVS-DPDK.

Cherry pick to Pike: https://review.openstack.org/#/c/501228/
Cherry pick to Carbon: https://git.opendaylight.org/gerrit/#/c/61778/

Comment 5 Janki 2017-09-18 15:33:04 UTC

Fixed in version: puppet-opendaylight-4.2.0-0.20170905090706.7b618b1.el7.centos

Comment 7 Itzik Brown 2017-10-16 14:09:02 UTC

Checked with openstack-tripleo-heat-templates-7.0.1-0.20170927205938.el7ost.noarch

Default:
cat /opt/opendaylight/etc/opendaylight/datastore/initial/config/netvirt-natservice-config.xml                                                                                             
<natservice-config xmlns="urn:opendaylight:netvirt:natservice:config">
  <nat-mode>conntrack</nat-mode>

Adding OpenDaylightSNATMechanism: 'controller':

cat /opt/opendaylight/etc/opendaylight/datastore/initial/config/netvirt-natservice-config.xml             
<natservice-config xmlns="urn:opendaylight:netvirt:natservice:config">
  <nat-mode>controller</nat-mode>

Comment 10 errata-xmlrpc 2017-12-13 21:42:20 UTC

Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHEA-2017:3462

Note You need to log in before you can comment on or make changes to this bug.