Note: This bug is displayed in read-only format because the product is no longer active in Red Hat Bugzilla.
The FDP team is no longer accepting new bugs in Bugzilla. Please report your issues under FDP project in Jira. Thanks.

Bug 2149021

Summary: SNAT commits every packet to CT
Product: Red Hat Enterprise Linux Fast Datapath Reporter: Ales Musil <amusil>
Component: ovn22.09Assignee: OVN Team <ovnteam>
Status: CLOSED WONTFIX QA Contact: Jianlin Shi <jishi>
Severity: medium Docs Contact:
Priority: medium    
Version: FDP 22.ECC: ctrautma, dcaratti, i.maximets, jiji, mleitner, mmichels, nusiddiq, wizhao
Target Milestone: ---   
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2024-02-14 21:15:20 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 2172622    

Description Ales Musil 2022-11-28 15:32:12 UTC 
Description of problem:
OVN commits every packet that goes through source nat.

We have an action in the router pipeline that deals with the SNAT:

table=3 (lr_out_snat        ), priority=161  , match=(ip && ip4.src == 192.168.10.10 && outport == "lr-ls1" && is_chassis_resident("cr-lr-ls1")), action=(ct_snat_in_czone(192.168.20.10);)

This action actually does not filter on ct_state so we don't know if the traffic
was commited already or not which results in commiting every packet. 

The resulting OvS flows are as follow:

recirc_id(0x1),in_port(3),ct_mark(0/0x2),eth(src=00:00:00:00:20:00,dst=00:00:00:00:20:10),eth_type(0x0800),ipv4(dst=192.168.20.16/255.255.255.240,frag=no), packets:4, bytes:270, used:0.005s, flags:FP., actions:ct_clear,4
 
recirc_id(0),in_port(3),ct_mark(0/0x2),eth(src=00:00:00:00:10:10,dst=00:00:00:00:10:00),eth_type(0x0800),ipv4(src=192.168.10.10,dst=192.168.20.20,ttl=64,frag=no), packets:4, bytes:270, used:0.005s, flags:FP., actions:set(eth(src=00:00:00:00:20:00,dst=00:00:00:00:20:10)),set(ipv4(ttl=63)),ct(commit,zone=4,nat(src=192.168.20.10)),recirc(0x1)



The problem is that this might not work very well with HWOL.
Comment 4 OVN Bot 2024-02-14 21:15:18 UTC 
This issue is being closed as an automatic process due to the issue's age. If you wish to re-open this issue, please do so in Jira (https://issues.redhat.com) in the 'FDP' project. Please be sure to set the component to the latest OVN version where this issue is known to occur. If this is a feature request or improvement, please set the component to 'OVN'.