yahoo-eng-team team mailing list archive

Thread
Date

[Bug 2111899] [NEW] [RFE] Use stateless NAT rules for FIPs

To: yahoo-eng-team@xxxxxxxxxxxxxxxxxxx
From: Rodolfo Alonso <2111899@xxxxxxxxxxxxxxxxxx>
Date: Wed, 28 May 2025 08:50:44 -0000
Reply-to: Bug 2111899 <2111899@xxxxxxxxxxxxxxxxxx>
Sender: noreply@xxxxxxxxxxxxx

Public bug reported:

Using stateless NAT in OVN should always be a better choice for FIPs
because it allows to avoid hitting conntrack, potentially improving NAT
performance. In particular, a DPDK deployment could improve its
performance by avoiding the NAT rules to hit the conntrack table.

This functionality was added to core OVN in [1] and was released in
v20.03.0.

NOTE: this functionality was integrated in Neutron in [2] and reverted
in [3]. This functionality was impacting seriously in the HW offloaded
environments because it was impossible to fully offload all NAT rules.
This RFE instead proposes to implement the same feature but conditional
via config parameter in the Neutron API configuration file.

[1]https://github.com/ovn-org/ovn/commit/5b7cc608c0c7b4b862bcb208f57a3086af6cce8a
[2]https://review.opendev.org/c/openstack/neutron/+/804807
[3]https://review.opendev.org/c/openstack/neutron/+/838776

** Affects: neutron
     Importance: Wishlist
     Assignee: Rodolfo Alonso (rodolfo-alonso-hernandez)
         Status: New


** Tags: rfe

** Changed in: neutron
     Assignee: (unassigned) => Rodolfo Alonso (rodolfo-alonso-hernandez)

** Changed in: neutron
   Importance: Undecided => Wishlist

** Tags added: rfe

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to neutron.
https://bugs.launchpad.net/bugs/2111899

Title:
  [RFE] Use stateless NAT rules for FIPs

Status in neutron:
  New

Bug description:
  Using stateless NAT in OVN should always be a better choice for FIPs
  because it allows to avoid hitting conntrack, potentially improving
  NAT performance. In particular, a DPDK deployment could improve its
  performance by avoiding the NAT rules to hit the conntrack table.

  This functionality was added to core OVN in [1] and was released in
  v20.03.0.

  NOTE: this functionality was integrated in Neutron in [2] and reverted
  in [3]. This functionality was impacting seriously in the HW offloaded
  environments because it was impossible to fully offload all NAT rules.
  This RFE instead proposes to implement the same feature but
  conditional via config parameter in the Neutron API configuration
  file.

  [1]https://github.com/ovn-org/ovn/commit/5b7cc608c0c7b4b862bcb208f57a3086af6cce8a
  [2]https://review.opendev.org/c/openstack/neutron/+/804807
  [3]https://review.opendev.org/c/openstack/neutron/+/838776

To manage notifications about this bug go to:
https://bugs.launchpad.net/neutron/+bug/2111899/+subscriptions