[ovs-dev,v2,0/3] Arbitrary match for NAT

Message ID	20240529155630.478992-1-amusil@redhat.com
Headers	show Return-Path: <ovs-dev-bounces@openvswitch.org> Received-SPF: Pass (mailfrom) identity=mailfrom; client-ip=170.10.129.124; helo=us-smtp-delivery-124.mimecast.com; envelope-from=amusil@redhat.com; receiver=<UNKNOWN> DMARC-Filter: OpenDMARC Filter v1.4.2 smtp2.osuosl.org 4643B4097E From: Ales Musil <amusil@redhat.com> To: dev@openvswitch.org Date: Wed, 29 May 2024 17:56:27 +0200 Message-ID: <20240529155630.478992-1-amusil@redhat.com> MIME-Version: 1.0 Subject: [ovs-dev] [PATCH ovn v2 0/3] Arbitrary match for NAT Precedence: list Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Errors-To: ovs-dev-bounces@openvswitch.org Sender: "dev" <ovs-dev-bounces@openvswitch.org>
Series	Arbitrary match for NAT \| expand [ovs-dev,v2,0/3] Arbitrary match for NAT [ovs-dev,v2,1/3] nothd: Unify the priority calculation for NAT flows. [ovs-dev,v2,2/3] nb: Add support for match and priority in NAT. [ovs-dev,v2,3/3] northd: Use the NAT match column.

Message ID

20240529155630.478992-1-amusil@redhat.com

Headers

Received-SPF: Pass (mailfrom) identity=mailfrom; client-ip=170.10.129.124;
 helo=us-smtp-delivery-124.mimecast.com; envelope-from=amusil@redhat.com;
 receiver=<UNKNOWN>
DMARC-Filter: OpenDMARC Filter v1.4.2 smtp2.osuosl.org 4643B4097E
From: Ales Musil <amusil@redhat.com>
To: dev@openvswitch.org
Date: Wed, 29 May 2024 17:56:27 +0200
Message-ID: <20240529155630.478992-1-amusil@redhat.com>
MIME-Version: 1.0
Subject: [ovs-dev] [PATCH ovn v2 0/3] Arbitrary match for NAT
Precedence: list
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: ovs-dev-bounces@openvswitch.org
Sender: "dev" <ovs-dev-bounces@openvswitch.org>

Series

Arbitrary match for NAT | expand

Message

Ales Musil May 29, 2024, 3:56 p.m. UTC

This series adds the ability to have extra match per NAT, this allows
the CMS to have more fine-grained control over the NAT action. At the
same time it allows to have "duplicate" NATs e.g. multiple SNATs for
the same logical_ip as well as multiple DNATs for the same external_ip.

There is also priority in addition to the match which controls the
evaluation order of the NAT with match, as the priority can be used
only in combination with match.

Ales Musil (3):
  nothd: Unify the priority calculation for NAT flows.
  nb: Add support for match and priority in NAT.
  northd: Use the NAT match column.

 northd/northd.c           |  97 +++++++-------
 northd/ovn-northd.8.xml   |  31 +++++
 ovn-nb.ovsschema          |   8 +-
 ovn-nb.xml                |  15 +++
 tests/ovn-nbctl.at        | 220 +++++++++++++++++++++---------
 tests/ovn-northd.at       |  79 +++++++++++
 tests/system-ovn.at       | 272 ++++++++++++++++++++++++++++++++++++++
 utilities/ovn-nbctl.8.xml |  14 +-
 utilities/ovn-nbctl.c     | 189 ++++++++++++++++----------
 9 files changed, 736 insertions(+), 189 deletions(-)

Comments

Mark Michelson May 29, 2024, 7:06 p.m. UTC | #1

Thanks for the updated series Ales.

After thinking about it more, I agree that we can do without the 
priority in the output of `ovn-nbctl lr-nat-list` on patch 2. Therefore, 
for the whole series:

Acked-by: Mark Michelson <mmichels@redhat.com>

On 5/29/24 11:56, Ales Musil wrote:
> This series adds the ability to have extra match per NAT, this allows
> the CMS to have more fine-grained control over the NAT action. At the
> same time it allows to have "duplicate" NATs e.g. multiple SNATs for
> the same logical_ip as well as multiple DNATs for the same external_ip.
> 
> There is also priority in addition to the match which controls the
> evaluation order of the NAT with match, as the priority can be used
> only in combination with match.
> 
> Ales Musil (3):
>    nothd: Unify the priority calculation for NAT flows.
>    nb: Add support for match and priority in NAT.
>    northd: Use the NAT match column.
> 
>   northd/northd.c           |  97 +++++++-------
>   northd/ovn-northd.8.xml   |  31 +++++
>   ovn-nb.ovsschema          |   8 +-
>   ovn-nb.xml                |  15 +++
>   tests/ovn-nbctl.at        | 220 +++++++++++++++++++++---------
>   tests/ovn-northd.at       |  79 +++++++++++
>   tests/system-ovn.at       | 272 ++++++++++++++++++++++++++++++++++++++
>   utilities/ovn-nbctl.8.xml |  14 +-
>   utilities/ovn-nbctl.c     | 189 ++++++++++++++++----------
>   9 files changed, 736 insertions(+), 189 deletions(-)
>

Mark Michelson June 17, 2024, 6:23 p.m. UTC | #2

I pushed this series to main.

I also added a fourth commit that adds a note to NEWS about conditional NAT.

On 5/29/24 11:56, Ales Musil wrote:
> This series adds the ability to have extra match per NAT, this allows
> the CMS to have more fine-grained control over the NAT action. At the
> same time it allows to have "duplicate" NATs e.g. multiple SNATs for
> the same logical_ip as well as multiple DNATs for the same external_ip.
> 
> There is also priority in addition to the match which controls the
> evaluation order of the NAT with match, as the priority can be used
> only in combination with match.
> 
> Ales Musil (3):
>    nothd: Unify the priority calculation for NAT flows.
>    nb: Add support for match and priority in NAT.
>    northd: Use the NAT match column.
> 
>   northd/northd.c           |  97 +++++++-------
>   northd/ovn-northd.8.xml   |  31 +++++
>   ovn-nb.ovsschema          |   8 +-
>   ovn-nb.xml                |  15 +++
>   tests/ovn-nbctl.at        | 220 +++++++++++++++++++++---------
>   tests/ovn-northd.at       |  79 +++++++++++
>   tests/system-ovn.at       | 272 ++++++++++++++++++++++++++++++++++++++
>   utilities/ovn-nbctl.8.xml |  14 +-
>   utilities/ovn-nbctl.c     | 189 ++++++++++++++++----------
>   9 files changed, 736 insertions(+), 189 deletions(-)
>