Bug 1472431 - Support for configuring the SNAT mode in Opendaylight
Summary: Support for configuring the SNAT mode in Opendaylight
Alias: None
Product: Red Hat OpenStack
Classification: Red Hat
Component: openstack-tripleo-heat-templates
Version: 12.0 (Pike)
Hardware: Unspecified
OS: Unspecified
Target Milestone: beta
: 12.0 (Pike)
Assignee: Janki
QA Contact: Itzik Brown
Depends On:
Blocks: 1414431 1528948
TreeView+ depends on / blocked
Reported: 2017-07-18 17:22 UTC by Sridhar Gaddam
Modified: 2018-10-18 07:21 UTC (History)
4 users (show)

Fixed In Version: openstack-tripleo-heat-templates-7.0.0-0.20170913050522.0d7373c.el7.centos
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Last Closed: 2017-12-13 21:42:20 UTC
Target Upstream Version:

Attachments (Terms of Use)

System ID Private Priority Status Summary Last Updated
Launchpad 1710614 0 None None None 2017-08-14 12:31:10 UTC
OpenDaylight Bug 8985 0 None None None 2017-08-14 12:25:57 UTC
OpenDaylight gerrit 61607 0 None None None 2017-08-14 12:27:04 UTC
OpenStack gerrit 493861 0 None None None 2017-08-15 12:51:47 UTC
Red Hat Product Errata RHEA-2017:3462 0 normal SHIPPED_LIVE Red Hat OpenStack Platform 12.0 Enhancement Advisory 2018-02-16 01:43:25 UTC

Description Sridhar Gaddam 2017-07-18 17:22:05 UTC
Description of problem:

OpenDaylight Carbon includes support for SNAT via Conntrack along with the existing mechanism which is Controller based.
However, SNAT conntrack is not enabled by default. 

Inorder to use SNAT Conntrack mode, one has to explicitly set "conntrack" (PSB) in "etc/opendaylight/datastore/initial/config/netvirt-natservice-config.xml" before starting karaf.

<natservice-config xmlns="urn:opendaylight:netvirt:natservice:config">

We have to expose this configuration in puppet-opendaylight and tripleo.

Comment 1 Nir Yechiel 2017-07-27 06:07:25 UTC
The plan for Pike is to expose both SNAT options (controller-based and conntrack-based) in TripleO, and set the conntrack-based as default. 

If further testing will reveal major issues with conntrack, we will reconsider this - but the current assumption is that the conntrack based solution should be our focus from now on and that the feature is stable enough.

Comment 3 Nir Yechiel 2017-08-02 23:29:33 UTC
This topic was discussed again today, and the consensus was that we should take advantage of the fact the we have different environment files for OVS and OVS-DPDK, and have separate default for each. 

OVS should default to conntrack and OVS-DPDK to controller-based. Reason for this is that the required conntrack support is not available in OVS 2.7, which is the version we are targeting for Pike/RHOSP 12.

Comment 4 Janki 2017-09-07 06:15:34 UTC
Stand-alone ODL will use controller to be default for both the cases. T-H-T will set default mechanism to conntrack for OVS and controller for OVS-DPDK.

Cherry pick to Pike: https://review.openstack.org/#/c/501228/
Cherry pick to Carbon: https://git.opendaylight.org/gerrit/#/c/61778/

Comment 5 Janki 2017-09-18 15:33:04 UTC
Fixed in version: puppet-opendaylight-4.2.0-0.20170905090706.7b618b1.el7.centos

Comment 7 Itzik Brown 2017-10-16 14:09:02 UTC
Checked with openstack-tripleo-heat-templates-7.0.1-0.20170927205938.el7ost.noarch

cat /opt/opendaylight/etc/opendaylight/datastore/initial/config/netvirt-natservice-config.xml                                                                                             
<natservice-config xmlns="urn:opendaylight:netvirt:natservice:config">

Adding OpenDaylightSNATMechanism: 'controller':

cat /opt/opendaylight/etc/opendaylight/datastore/initial/config/netvirt-natservice-config.xml             
<natservice-config xmlns="urn:opendaylight:netvirt:natservice:config">

Comment 10 errata-xmlrpc 2017-12-13 21:42:20 UTC
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.


Note You need to log in before you can comment on or make changes to this bug.