Note: This bug is displayed in read-only format because the product is no longer active in Red Hat Bugzilla.
The FDP team is no longer accepting new bugs in Bugzilla. Please report your issues under FDP project in Jira. Thanks.

Bug 2125247

Summary: [RFE Request] Support conditional SNATs
Product: Red Hat Enterprise Linux Fast Datapath Reporter: Surya Seetharaman <surya>
Component: OVNAssignee: OVN Team <ovnteam>
Status: CLOSED WONTFIX QA Contact: Jianlin Shi <jishi>
Severity: unspecified Docs Contact:
Priority: medium    
Version: FDP 22.LCC: ctrautma, jiji, mmichels
Target Milestone: ---   
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2024-02-14 21:14:54 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 2078222    

Description Surya Seetharaman 2022-09-08 12:39:42 UTC 
Description of problem:

Currently there is no way to express conditional SNATs in OVN if the packets are coming from the same srcIP. Example:

TYPE             GATEWAY_PORT          EXTERNAL_IP        EXTERNAL_PORT    LOGICAL_IP          EXTERNAL_MAC         LOGICAL_PORT
snat                                   172.18.0.4                          10.244.2.5
snat                                   172.18.0.4                          10.244.2.4
snat                                   172.18.0.4                          10.244.2.3
snat                                   172.18.0.9                          10.244.2.3


Can we have a way to say when to use 0.9 versus when to use 0.4 ? Maybe based on pkt_mark-ing? That way say I mark a specific set of packets that match a policy:

101 ip4.src == $a12749576804119081385 && ip4.dst == $a11079093880111560446     allow         pkt_mark="1008"

Later if there are two SNATs that match on same srcIP can we give precedence based on pkt_mark?


Additional info:
An alternative to this is to implement pkt_marking also on switches, so that once I match on switch, I can take a decision based on the mark on routers to route traffic? Currently once I mark using a policy, there aren't many options to then match on this mark and take a decision or express that in OVNK via OVN.
Comment 2 OVN Bot 2024-02-14 21:14:53 UTC 
This issue is being closed as an automatic process due to the issue's age. If you wish to re-open this issue, please do so in Jira (https://issues.redhat.com) in the 'FDP' project. Please be sure to set the component to the latest OVN version where this issue is known to occur. If this is a feature request or improvement, please set the component to 'OVN'.