On 6/2/25 6:28 PM, Han Zhou wrote:
> This reverts commit ffe267317c252b1aac864b6d18c89beebd4d3846.
>
> That commit removed the priority-120 flows that skipped unSNAT for
> traffic destined to VIPs. As a result, it broke hardware offload:
> packets would enter the SNAT zone but never be committed, and were
> always returned as ct.new.
>
> The follow-up commit 800fd0681579 ("northd: Add LR option to commit all
> traffic.") attempted to address the issue by committing to both DNAT and
> SNAT zones whenever stateful NATs are present. However, this approach
> does not fully resolve cases where a packet must be DNATed and then
> SNATed. It would require committing two entries in the SNAT zone to
> ensure that the connection is established during CT lookups both before
> and after DNAT.
>
> Further attempts to fix this became increasingly complex and risked
> breaking other scenarios, without a clearly proven solution. (See
> detailed discussions in [0].)
>
> Therefore, for the original issue [1] that ffe267317c25 aimed to fix, we
> now recommend avoiding port conflicts in ovn-kubernetes via
> configuration. This commit is being reverted to restore hardware offload
> support.
>
> [0] https://mail.openvswitch.org/pipermail/ovs-dev/2025-May/423389.html
> [1] https://issues.redhat.com/browse/FDP-291
>
> Discussed-at:
> https://mail.openvswitch.org/pipermail/ovs-dev/2025-May/423389.html
> Signed-off-by: Han Zhou <hz...@ovn.org>
> ---
Recheck-request: github-robot-_Build_and_Test
CI infra issue:
E: Failed to fetch
http://archive.ubuntu.com/ubuntu/pool/main/k/keyutils/libkeyutils1_1.6.3-3build1_amd64.deb
403 Forbidden [IP: 185.125.190.83 80]
_______________________________________________
dev mailing list
d...@openvswitch.org
https://mail.openvswitch.org/mailman/listinfo/ovs-dev
