Reviewed: https://review.opendev.org/c/openstack/neutron/+/951511 Committed: https://opendev.org/openstack/neutron/commit/2145901d6f262f6014e3fc996309ce82881af0a4 Submitter: "Zuul (22348)" Branch: master
commit 2145901d6f262f6014e3fc996309ce82881af0a4 Author: Rodolfo Alonso Hernandez <[email protected]> Date: Mon Jun 2 09:48:35 2025 +0000 [OVN] Use stateless NAT rules for FIPs Using stateless NAT in OVN should always be a better choice for floating IPs in some deployments because it allows to avoid hitting conntrack, potentially improving NAT performance. The only limitation for using stateless NAT in OVN is that it requires 1:1 IP mapping; which is always the case for FIPs. This functionality was introduced in OVN in [1], provided in v20.03.0. Neutron implies this version is used and does not check it. This functionality is configurable via Neutron config file. The new option introduced is ``[ovn]stateless_nat_enabled``, disabled by default to keep the previous behaviour. NOTE: this patch is also reducing the cover rate to 78%. cover job only considers unit tests, not functional tests. [1]https://github.com/ovn-org/ovn/commit/cc87c4827f4705b423943b8a23cb90195326acee Closes-Bug: #2111899 Signed-off-by: Rodolfo Alonso Hernandez <[email protected]> Change-Id: I3551babe7986f1aef59080aba35a2a1586e40af5 ** Changed in: neutron Status: In Progress => Fix Released -- You received this bug notification because you are a member of Yahoo! Engineering Team, which is subscribed to neutron. https://bugs.launchpad.net/bugs/2111899 Title: [RFE] Use stateless NAT rules for FIPs Status in neutron: Fix Released Bug description: Using stateless NAT in OVN should always be a better choice for FIPs because it allows to avoid hitting conntrack, potentially improving NAT performance. In particular, a DPDK deployment could improve its performance by avoiding the NAT rules to hit the conntrack table. This functionality was added to core OVN in [1] and was released in v20.03.0. NOTE: this functionality was integrated in Neutron in [2] and reverted in [3]. This functionality was impacting seriously in the HW offloaded environments because it was impossible to fully offload all NAT rules. This RFE instead proposes to implement the same feature but conditional via config parameter in the Neutron API configuration file. [1]https://github.com/ovn-org/ovn/commit/5b7cc608c0c7b4b862bcb208f57a3086af6cce8a [2]https://review.opendev.org/c/openstack/neutron/+/804807 [3]https://review.opendev.org/c/openstack/neutron/+/838776 To manage notifications about this bug go to: https://bugs.launchpad.net/neutron/+bug/2111899/+subscriptions -- Mailing list: https://launchpad.net/~yahoo-eng-team Post to : [email protected] Unsubscribe : https://launchpad.net/~yahoo-eng-team More help : https://help.launchpad.net/ListHelp
