Uploaded image for project: 'Fast Datapath Product'
  1. Fast Datapath Product
  2. FDP-877

Implement NAT Standalone Service

XMLWordPrintable

    • Icon: Task Task
    • Resolution: Unresolved
    • Icon: Normal Normal
    • FDP-25.B
    • None
    • OVN
    • 13
    • False
    • False
    • Hide

      Given a NAT service is defined as a standalone service in the OVN system with its corresponding configurations (NAT type, direction, etc.) set in the NAT_Service table in the database, 

      When the OVN northd creates logical flows for each entry in the NAT_Service table and the ovn-controller ensures that conntrack zones are assigned for each local NAT service, 

      Then:

      • The system should correctly rewrite logical flows based on NAT changes and conntrack zones should only be allocated for local NAT services.
      • Traffic passing through the NAT service should have its addresses altered as expected.
      • NAT types such as dnat_and_snat should be restricted to ensure that unsupported configurations do not proceed.
      Show
      Given a NAT service is defined as a standalone service in the OVN system with its corresponding configurations (NAT type, direction, etc.) set in the NAT_Service table in the database,  When the OVN northd creates logical flows for each entry in the NAT_Service table and the ovn-controller ensures that conntrack zones are assigned for each local NAT service,  Then: The system should correctly rewrite logical flows based on NAT changes and conntrack zones should only be allocated for local NAT services. Traffic passing through the NAT service should have its addresses altered as expected. NAT types such as dnat_and_snat should be restricted to ensure that unsupported configurations do not proceed.
    • None
    • rhel-net-ovn
    • ssg_networking
    • FDP 25.A, FDP 25.B, OVN FDP 25.C, OVN FDP 25.D, OVN FDP Sprint 16
    • 5

      For reference on OVN composable services, please see this document: https://docs.google.com/document/d/1GMyxUJbqTaCxCx3hbEGSu6xMRDriMWUK1dKNFpSWlXo/edit

      This is the first composable service that is going to be implemented in OVN. As such, this first composable service comes with some overhead that will not be necessary when implementing further composable services. This includes:

      • Database schema changes
        • Add Service_Chain table.
        • Add service_chain column to "Logical_Switch_Port" and "Logical_Router_Port" tables.
      • northd changes:
        • Create SB Port_Bindings linking the services in service chains together, as well as linking the LSP or LRP to the service chain.
      • ovn-controller changes:
        • Modify local-data to treat services attached to chassis-resident ports as local datapaths.
        • Modify physical.c as necessary to transition packets from service-to-service.
      • Documentation changes:
        • Update ovn-architecture document to include composable services as a type of datapath.

      For this task, you will implement NAT as a standalone service. Here is a basic rundown of the changes that are required:

      • Database schema changes
        • Add "NAT_Service" table
      • northd changes:
        • Create an engine node that will provide NB NAT_Services to en-datapath-sync so that NAT services can have tunnel keys allocated.
        • Create logical flows for each row in the NAT_Service table.
        • Use functions from FDP-856 to create southbound datapath bindings and port bindings for each row in NAT_Service
      • ovn-controller changes
        • Ensure that a conntrack zone is assigned for each local Datapath_Binding corresponding to a northd NAT_Service
      • Tests
        • Ensure that "dnat_and_snat" type is not allowed for NAT services.
        • Ensure that northd creates the expected logical flows for each NAT type/direction.
        • Ensure that changes to a configured NAT or NAT_Service results in logical flows being re-written.
        • Ensure that conntrack zones are allocated for local NAT services. Ensure that conntrack zones are not allocated if the NAT service is not local to the chassis.
        • Ensure that traffic that passes through NAT services have their addresses altered as expected.

              mmichelson Mark Michelson
              mmichelson Mark Michelson
              Jianlin Shi Jianlin Shi
              OVN
              Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

                Created:
                Updated: