Skip to content

Added support in the kernel for fullcone 3-tuple unique nat.#100

Merged
rlhui merged 1 commit intosonic-net:masterfrom
kirankella:nat_changes_in_sonic
Jan 19, 2020
Merged

Added support in the kernel for fullcone 3-tuple unique nat.#100
rlhui merged 1 commit intosonic-net:masterfrom
kirankella:nat_changes_in_sonic

Conversation

@kirankella
Copy link
Copy Markdown
Contributor

@kirankella kirankella commented Sep 16, 2019

Changes done in the kernel to ensure 3-tuple uniqueness of the conntrack entries for the fullcone nat functionality.

  • Hashlist is maintained for the 3-tuple unique keys (Protocol/Source IP/Port) for all the conntrack entries.

  • When NAT table rules are created with the fullcone option, the SNAT/POSTROUTING stage ensures the ports from the pool are picked up in such a way that the 3-tuple is uniquely assigned.

  • In the DNAT/POSTROUTING stage, the fullcone behavior is ensured by checking and reusing the 3-tuple for the Source IP/Port in the original direction.

  • When the pool is exhausted of the 3-tuple assignments, the packets are dropped, else, they will be going out of the router they being 5-tuple unique (which is not intended).

  • Passing fullcone option using iptables is part of another PR (in sonic-buildimage repo).

The kernel changes mentioned above are done to counter the challenges explained in the section "3.4.2.1 Handling NAT model mismatch between the ASIC and the Kernel" in the NAT HLD.

Link to NAT HLD:
https://github.com/kirankella/SONiC/blob/nat_doc_changes/doc/nat/nat_design_spec.md

Signed-off-by: kiran.kella@broadcom.com

@lguohan
Copy link
Copy Markdown
Contributor

lguohan commented Sep 16, 2019

will this get into linux kernel main stream?

@AkhileshSamineni AkhileshSamineni mentioned this pull request Sep 20, 2019
Merged
This was referenced Sep 20, 2019
Merged
Merged
marian-pritsak
marian-pritsak previously approved these changes Oct 28, 2019
View reviewed changes
@AkhileshSamineni AkhileshSamineni mentioned this pull request Nov 11, 2019
Merged
AkhileshSamineni added a commit to AkhileshSamineni/sonic-swss that referenced this pull request Nov 11, 2019
@AkhileshSamineni
Natsyncd changes in sonic-swss submodule to support NAT feature.
583b07f 
 - Added natsyncd and warmboot related changes.

Link to NAT HLD : https://github.com/Azure/SONiC/blob/master/doc/nat/nat_design_spec.md

Depends on:
sonic-swss :
sonic-swss-common : sonic-net/sonic-swss-common#304
sonic-linux-kernel : sonic-net/sonic-linux-kernel#100
sonic-sairedis : sonic-net/sonic-sairedis#519
@AkhileshSamineni AkhileshSamineni mentioned this pull request Nov 11, 2019
Merged
@arlakshm arlakshm self-requested a review November 12, 2019 22:37
arlakshm
arlakshm previously approved these changes Nov 12, 2019
View reviewed changes
@kirankella
Copy link
Copy Markdown
Contributor Author

kirankella commented Nov 27, 2019

retest this please

stepanblyschak
stepanblyschak previously approved these changes Dec 2, 2019
View reviewed changes
AkhileshSamineni added a commit to AkhileshSamineni/sonic-swss that referenced this pull request Dec 10, 2019
@AkhileshSamineni
Natsyncd changes in sonic-swss submodule to support NAT feature.
72750ac 
 - Added natsyncd and warmboot related changes.

Link to NAT HLD : https://github.com/Azure/SONiC/blob/master/doc/nat/nat_design_spec.md

Depends on:
sonic-swss :
sonic-swss-common : sonic-net/sonic-swss-common#304
sonic-linux-kernel : sonic-net/sonic-linux-kernel#100
sonic-sairedis : sonic-net/sonic-sairedis#519
@arlakshm
Copy link
Copy Markdown
Contributor

arlakshm commented Dec 20, 2019

@AkhileshSamineni, @kirankella,
Please resolve the conflicts.

@kirankella
Added support in the kernel for fullcone 3-tuple unique nat.
918e6e7 
Signed-off-by: kiran.kella@broadcom.com
@rlhui rlhui merged commit 9ed8b17 into sonic-net:master Jan 19, 2020
@stephenxs stephenxs mentioned this pull request Feb 27, 2020
Merged
paulmenzel added a commit to paulmenzel/sonic-linux-kernel that referenced this pull request Nov 6, 2020
@paulmenzel
patch/Support-for-fullcone-nat: Add commit message body
e1b4104 
Copy the description (including Signed-off-by line) of merge/pull
request sonic-net#100 (Added support in the kernel for fullcone 3-tuple unique
nat.) [1].

[1]: sonic-net#100
paulmenzel added a commit to paulmenzel/sonic-linux-kernel that referenced this pull request Nov 6, 2020
@paulmenzel
patch/Support-for-fullcone-nat: Add commit message body
f645498 
Copy the description (including Signed-off-by line) of merge/pull
request sonic-net#100 (Added support in the kernel for fullcone 3-tuple unique
nat.) [1].

[1]: sonic-net#100
Kalimuthu-Velappan pushed a commit to Kalimuthu-Velappan/sonic-linux-kernel that referenced this pull request Dec 10, 2020
@paulmenzel @Kalimuthu-Velappan
patch/Support-for-fullcone-nat: Add commit message body
55c3ec0 
Copy the description (including Signed-off-by line) of merge/pull
request sonic-net#100 (Added support in the kernel for fullcone 3-tuple unique
nat.) [1].

[1]: sonic-net#100
paulmenzel added a commit to paulmenzel/sonic-linux-kernel that referenced this pull request Jan 18, 2021
@paulmenzel
patch/Support-for-fullcone-nat: Add commit message body
3676f0f 
Copy the description (including Signed-off-by line) of merge/pull
request sonic-net#100 (Added support in the kernel for fullcone 3-tuple unique
nat.) [1].

[1]: sonic-net#100
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@stepanblyschak stepanblyschak stepanblyschak approved these changes

@arlakshm arlakshm arlakshm approved these changes

@marian-pritsak marian-pritsak marian-pritsak left review comments

Assignees

No one assigned

Labels

Included in 201911 Branch Request for 201911 Branch

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

7 participants

@kirankella @lguohan @arlakshm @marian-pritsak @stepanblyschak @rlhui @abdosi