We need to make sure rules like "ct(commit,nat(src=0.0.0.0),table=30)" continue to be supported by OVS. This is related to the following: https://bugzilla.redhat.com/show_bug.cgi?id=1910378#c70 https://bugzilla.redhat.com/show_bug.cgi?id=1910378#c71
Sent patch upstream for review: https://mail.openvswitch.org/pipermail/ovs-dev/2021-March/381293.html
v2 sent March 30th: http://patchwork.ozlabs.org/project/openvswitch/patch/161710710690.181407.5749135681436588686.stgit@ebuild/
This is needed for an OVN Feature as per Dcbw. Eelco if this is truely in POST State, can you please help expedite the reviews and release into the FD build If the patches need another revision, please let me know if you want me to help you make a priority call. Thanks
(In reply to Rashid Khan from comment #3) > This is needed for an OVN Feature as per Dcbw. > Eelco if this is truely in POST State, can you please help expedite the > reviews and release into the FD build > If the patches need another revision, please let me know if you want me to > help you make a priority call. This BZ is for the kernel datapath, and for this to work OVS does not need any code change. It's already being used as-is for openshift-sdn. This change only adds documentation, and a test case, so the feature will not be broken in a later release of OVS. The real requirement is BZ1935666, which adds support for this feature to the userspace datapath. Paolo has a patch out, will ping him today as he was working on an additional change requested by Dumitru.
(In reply to Eelco Chaudron from comment #4) Discussed this with Dumitru and Paolo, but it looks like we might need some support from my side. i.e. a way to determine if all-zero SNAT is supported, as OVN can't determine this by datapath type. I will work on this as my first priority.
Sent v4 upstream to include feature check: https://patchwork.ozlabs.org/project/openvswitch/list/?series=246859
Created attachment 1791739 [details] reproducer
Verified with kernel-4.18.0-305.el8.x86_64 and openvswitch2.15-2.15.0-22.el8fdp.x86_64. Have put the reproducer to attachment. It should run under beaker environment. #ovs-appctl dpctl/dump-conntrack - L |grep 10.1.1.1 tcp,orig=(src=10.1.1.1,dst=10.1.1.2,sport=30000,dport=9443),reply=(src=10.1.1.2,dst=10.1.1.1,sport=9443,dport=5646),zone=1,protoinfo=(state=ESTABLISHED) tcp,orig=(src=10.1.1.1,dst=172.30.1.1,sport=30000,dport=9443),reply=(src=10.1.1.2,dst=10.1.1.1,sport=9443,dport=30000),zone=1,protoinfo=(state=ESTABLISHED) tcp,orig=(src=10.1.1.1,dst=10.1.1.2,sport=30001,dport=9443),reply=(src=10.1.1.2,dst=10.1.1.1,sport=9443,dport=30001),zone=1,protoinfo=(state=ESTABLISHED)
v5 on review upstream: https://patchwork.ozlabs.org/project/openvswitch/patch/162331699885.2208579.16546865084041166731.stgit@ebuild/
Got approved in master, and backported to 2.15. I will work on a manual backport to v2.13.
Manual backport to v2.13 submitted: https://patchwork.ozlabs.org/project/openvswitch/patch/162627384784.4124202.14289375042661435205.stgit@ebuild/