yahoo-eng-team team mailing list archive

Thread
Date

[Bug 2111899] Re: [RFE] Use stateless NAT rules for FIPs

To: yahoo-eng-team@xxxxxxxxxxxxxxxxxxx
From: OpenStack Infra <2111899@xxxxxxxxxxxxxxxxxx>
Date: Mon, 14 Jul 2025 19:18:29 -0000
Reply-to: Bug 2111899 <2111899@xxxxxxxxxxxxxxxxxx>
Sender: noreply@xxxxxxxxxxxxx

Reviewed:  https://review.opendev.org/c/openstack/neutron/+/951511
Committed: https://opendev.org/openstack/neutron/commit/2145901d6f262f6014e3fc996309ce82881af0a4
Submitter: "Zuul (22348)"
Branch:    master

commit 2145901d6f262f6014e3fc996309ce82881af0a4
Author: Rodolfo Alonso Hernandez <ralonsoh@xxxxxxxxxx>
Date:   Mon Jun 2 09:48:35 2025 +0000

    [OVN] Use stateless NAT rules for FIPs
    
    Using stateless NAT in OVN should always be a better choice for
    floating IPs in some deployments because it allows to avoid hitting
    conntrack, potentially improving NAT performance.
    
    The only limitation for using stateless NAT in OVN is that it requires
    1:1 IP mapping; which is always the case for FIPs.
    
    This functionality was introduced in OVN in [1], provided in v20.03.0.
    Neutron implies this version is used and does not check it.
    
    This functionality is configurable via Neutron config file. The new
    option introduced is ``[ovn]stateless_nat_enabled``, disabled by
    default to keep the previous behaviour.
    
    NOTE: this patch is also reducing the cover rate to 78%. cover job only
    considers unit tests, not functional tests.
    
    [1]https://github.com/ovn-org/ovn/commit/cc87c4827f4705b423943b8a23cb90195326acee
    
    Closes-Bug: #2111899
    Signed-off-by: Rodolfo Alonso Hernandez <ralonsoh@xxxxxxxxxx>
    Change-Id: I3551babe7986f1aef59080aba35a2a1586e40af5


** Changed in: neutron
       Status: In Progress => Fix Released

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to neutron.
https://bugs.launchpad.net/bugs/2111899

Title:
  [RFE] Use stateless NAT rules for FIPs

Status in neutron:
  Fix Released

Bug description:
  Using stateless NAT in OVN should always be a better choice for FIPs
  because it allows to avoid hitting conntrack, potentially improving
  NAT performance. In particular, a DPDK deployment could improve its
  performance by avoiding the NAT rules to hit the conntrack table.

  This functionality was added to core OVN in [1] and was released in
  v20.03.0.

  NOTE: this functionality was integrated in Neutron in [2] and reverted
  in [3]. This functionality was impacting seriously in the HW offloaded
  environments because it was impossible to fully offload all NAT rules.
  This RFE instead proposes to implement the same feature but
  conditional via config parameter in the Neutron API configuration
  file.

  [1]https://github.com/ovn-org/ovn/commit/5b7cc608c0c7b4b862bcb208f57a3086af6cce8a
  [2]https://review.opendev.org/c/openstack/neutron/+/804807
  [3]https://review.opendev.org/c/openstack/neutron/+/838776

To manage notifications about this bug go to:
https://bugs.launchpad.net/neutron/+bug/2111899/+subscriptions

References

[Bug 2111899] [NEW] [RFE] Use stateless NAT rules for FIPs
From: Rodolfo Alonso, 2025-05-28