[neutron][ovn] support for stateless NAT for floating ip in ml2 ovn

Moshe Levi moshele at nvidia.com
Mon Sep 27 06:35:44 UTC 2021 

Thank Ihar 😊 

-----Original Message-----
From: Ihar Hrachyshka <ihrachys at redhat.com> 
Sent: Saturday, September 25, 2021 12:26 AM
To: Sean Mooney <smooney at redhat.com>
Cc: Moshe Levi <moshele at nvidia.com>; openstack-discuss at lists.openstack.org
Subject: Re: [neutron][ovn] support for stateless NAT for floating ip in ml2 ovn

External email: Use caution opening links or attachments


On 8/18/21 11:35 AM, Ihar Hrachyshka wrote:
> Not too hard to fallback; but on this note, do we maintain minimal OVN 
> version anywhere in neutron? I remember when I was adding support for 
> allow-stateless ACLs, I was told we don't track it (hence runtime 
> schema inspection in
> https://nam11.safelinks.protection.outlook.com/?url=https%3A%2F%2Frevi
> ew.opendev.org%2Fc%2Fopenstack%2Fneutron%2F%2B%2F789974&data=04%7C
> 01%7Cmoshele%40nvidia.com%7Ccb32ecd84e314d168dd208d97fa1eff7%7C43083d15727340c1b7db39efd9ccc17a%7C0%7C0%7C637681155759121363%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=OhrwxnPs8xcsB4b3PyautFbg3dfPJp6pblziGpRvoak%3D&reserved=0) Considering potential backports in downstream products, perhaps a runtime schema check is a better approach anyway.

To close the loop, the patch that uses stateless dnat_and_snat has merged in master. Including migration path for existing NAT objects in nbdb and runtime check for core OVN support. Probably not a backport material for upstream.

Ihar

More information about the openstack-discuss mailing list