)]}'
{"specs/xena/node-local-ip.rst":[{"author":{"_account_id":11975,"name":"Slawek Kaplonski","email":"skaplons@redhat.com","username":"slaweq"},"change_message_id":"670324e100b5451bacbb25e60d7a4ee060d800ce","unresolved":true,"context_lines":[{"line_number":60,"context_line":""},{"line_number":61,"context_line":"* New DB/OVO models and REST API endpoints for NLVIP CRUD:"},{"line_number":62,"context_line":"** Creating NLVIP will trigger creation of an underlying Neutron port to"},{"line_number":63,"context_line":"handle IPAM, network boundaries and permission checks"},{"line_number":64,"context_line":"** TODO(ivc|obondarev): describe how to handle manual underlying port"},{"line_number":65,"context_line":"updates (e.g. fixed-ip changes)"},{"line_number":66,"context_line":"** Deleting NLVIP should be prohibited if NLVIP has associated local ports;"}],"source_content_type":"text/x-rst","patch_set":4,"id":"0047b72c_1426f95a","line":63,"updated":"2021-07-01 06:53:55.000000000","message":"similar like it\u0027s not for FIPs, right?","commit_id":"1870b6a3f102a6eb4a0697825d8eb72544775b0c"},{"author":{"_account_id":5948,"name":"Oleg Bondarev","email":"obondarev@mirantis.com","username":"obondarev"},"change_message_id":"f698286cbedaff709dd0338513938092c44b51b6","unresolved":true,"context_lines":[{"line_number":60,"context_line":""},{"line_number":61,"context_line":"* New DB/OVO models and REST API endpoints for NLVIP CRUD:"},{"line_number":62,"context_line":"** Creating NLVIP will trigger creation of an underlying Neutron port to"},{"line_number":63,"context_line":"handle IPAM, network boundaries and permission checks"},{"line_number":64,"context_line":"** TODO(ivc|obondarev): describe how to handle manual underlying port"},{"line_number":65,"context_line":"updates (e.g. fixed-ip changes)"},{"line_number":66,"context_line":"** Deleting NLVIP should be prohibited if NLVIP has associated local ports;"}],"source_content_type":"text/x-rst","patch_set":4,"id":"3c76a2df_85b4170a","line":63,"in_reply_to":"0047b72c_1426f95a","updated":"2021-07-06 09:17:55.000000000","message":"Did you mean \".. now for FIPs\"? Yeah, it will be same as for FIPs","commit_id":"1870b6a3f102a6eb4a0697825d8eb72544775b0c"},{"author":{"_account_id":11975,"name":"Slawek Kaplonski","email":"skaplons@redhat.com","username":"slaweq"},"change_message_id":"670324e100b5451bacbb25e60d7a4ee060d800ce","unresolved":true,"context_lines":[{"line_number":62,"context_line":"** Creating NLVIP will trigger creation of an underlying Neutron port to"},{"line_number":63,"context_line":"handle IPAM, network boundaries and permission checks"},{"line_number":64,"context_line":"** TODO(ivc|obondarev): describe how to handle manual underlying port"},{"line_number":65,"context_line":"updates (e.g. fixed-ip changes)"},{"line_number":66,"context_line":"** Deleting NLVIP should be prohibited if NLVIP has associated local ports;"},{"line_number":67,"context_line":"\u0027force\u0027 option may be provided to trigger local port disassociation on"},{"line_number":68,"context_line":"deletion; deleting NLVIP should also delete the underlying Neutron port"}],"source_content_type":"text/x-rst","patch_set":4,"id":"c43cd3ab_226228fb","line":65,"updated":"2021-07-01 06:53:55.000000000","message":"can\u0027t we simply forbid manual changes of ports with such device_owner?","commit_id":"1870b6a3f102a6eb4a0697825d8eb72544775b0c"},{"author":{"_account_id":5948,"name":"Oleg Bondarev","email":"obondarev@mirantis.com","username":"obondarev"},"change_message_id":"f698286cbedaff709dd0338513938092c44b51b6","unresolved":true,"context_lines":[{"line_number":62,"context_line":"** Creating NLVIP will trigger creation of an underlying Neutron port to"},{"line_number":63,"context_line":"handle IPAM, network boundaries and permission checks"},{"line_number":64,"context_line":"** TODO(ivc|obondarev): describe how to handle manual underlying port"},{"line_number":65,"context_line":"updates (e.g. fixed-ip changes)"},{"line_number":66,"context_line":"** Deleting NLVIP should be prohibited if NLVIP has associated local ports;"},{"line_number":67,"context_line":"\u0027force\u0027 option may be provided to trigger local port disassociation on"},{"line_number":68,"context_line":"deletion; deleting NLVIP should also delete the underlying Neutron port"}],"source_content_type":"text/x-rst","patch_set":4,"id":"7b6c4309_e046385f","line":65,"in_reply_to":"c43cd3ab_226228fb","updated":"2021-07-06 09:17:55.000000000","message":"The idea was to do same behavior here as for FIPs, but I checked and see underlying FIP ports can be updated, even fixed IPs. I think this better be forbidden","commit_id":"1870b6a3f102a6eb4a0697825d8eb72544775b0c"},{"author":{"_account_id":9531,"name":"liuyulong","display_name":"LIU Yulong","email":"i@liuyulong.me","username":"LIU-Yulong"},"change_message_id":"13fb09298fedc613705ad0e15912af5fc22298c7","unresolved":true,"context_lines":[{"line_number":13,"context_line":"This spec proposes a new type of shared virtual IP address that can be used to"},{"line_number":14,"context_line":"access distributed and/or multi-node services and applications running in the"},{"line_number":15,"context_line":"cloud. The feature is primarily focused on high efficiency and performance of"},{"line_number":16,"context_line":"the networking data plane for very large scale clouds and/or clouds with high"},{"line_number":17,"context_line":"network throughput demands."},{"line_number":18,"context_line":""},{"line_number":19,"context_line":""},{"line_number":20,"context_line":"Problem Description"}],"source_content_type":"text/x-rst","patch_set":5,"id":"06863700_79d4ff21","line":17,"range":{"start_line":16,"start_character":73,"end_line":17,"end_character":27},"updated":"2021-07-07 08:29:12.000000000","message":"Why it can achive a high work throughput? It\u0027s better to add some topologies with details of packets running path to elaborate.","commit_id":"e0107dbedb066813764e1fa2be3c5c6111b66eea"},{"author":{"_account_id":5948,"name":"Oleg Bondarev","email":"obondarev@mirantis.com","username":"obondarev"},"change_message_id":"3faf9172b300c6f81a0524d0b5d769149eb2398a","unresolved":true,"context_lines":[{"line_number":13,"context_line":"This spec proposes a new type of shared virtual IP address that can be used to"},{"line_number":14,"context_line":"access distributed and/or multi-node services and applications running in the"},{"line_number":15,"context_line":"cloud. The feature is primarily focused on high efficiency and performance of"},{"line_number":16,"context_line":"the networking data plane for very large scale clouds and/or clouds with high"},{"line_number":17,"context_line":"network throughput demands."},{"line_number":18,"context_line":""},{"line_number":19,"context_line":""},{"line_number":20,"context_line":"Problem Description"}],"source_content_type":"text/x-rst","patch_set":5,"id":"217e4bc6_f3204e5a","line":17,"range":{"start_line":16,"start_character":73,"end_line":17,"end_character":27},"in_reply_to":"06863700_79d4ff21","updated":"2021-07-08 07:38:09.000000000","message":"All the benefit comes from serving data locally, not involving physical network at all. I\u0027ll add a picture","commit_id":"e0107dbedb066813764e1fa2be3c5c6111b66eea"},{"author":{"_account_id":21273,"name":"Ilya Chukhnakov","email":"Ilya.chukhnakov@gmail.com","username":"ichukhnakov"},"change_message_id":"2edf22823afa025e0858c28cb653bfd56e19be1a","unresolved":true,"context_lines":[{"line_number":87,"context_line":"  * \u0027drop\u0027 - packets will be dropped if no Local IP assigned port is available"},{"line_number":88,"context_line":"    on the physical node - out of scope for now"},{"line_number":89,"context_line":""},{"line_number":90,"context_line":"  * \u0027reject\u0027 (default) - similar to iptables\u0027 \u0027reject\u0027 policy to help clients"},{"line_number":91,"context_line":"    fail fast if no Local IP assigned port is available on the physical node -"},{"line_number":92,"context_line":"    out of scope for now"},{"line_number":93,"context_line":""}],"source_content_type":"text/x-rst","patch_set":8,"id":"f6d67703_03891e54","line":90,"updated":"2021-07-24 11:10:05.000000000","message":"nit: remove \u0027default\u0027 (dup: forward)","commit_id":"3eca9d126ae9956703c68a8b0a0db02df0b5b8d9"},{"author":{"_account_id":5948,"name":"Oleg Bondarev","email":"obondarev@mirantis.com","username":"obondarev"},"change_message_id":"1c2922acfda25aa6d982bbfcbe54640bcbda887b","unresolved":false,"context_lines":[{"line_number":87,"context_line":"  * \u0027drop\u0027 - packets will be dropped if no Local IP assigned port is available"},{"line_number":88,"context_line":"    on the physical node - out of scope for now"},{"line_number":89,"context_line":""},{"line_number":90,"context_line":"  * \u0027reject\u0027 (default) - similar to iptables\u0027 \u0027reject\u0027 policy to help clients"},{"line_number":91,"context_line":"    fail fast if no Local IP assigned port is available on the physical node -"},{"line_number":92,"context_line":"    out of scope for now"},{"line_number":93,"context_line":""}],"source_content_type":"text/x-rst","patch_set":8,"id":"cd83c081_2d077544","line":90,"in_reply_to":"f6d67703_03891e54","updated":"2021-07-26 07:19:39.000000000","message":"Done, thanks","commit_id":"3eca9d126ae9956703c68a8b0a0db02df0b5b8d9"},{"author":{"_account_id":21273,"name":"Ilya Chukhnakov","email":"Ilya.chukhnakov@gmail.com","username":"ichukhnakov"},"change_message_id":"2edf22823afa025e0858c28cb653bfd56e19be1a","unresolved":true,"context_lines":[{"line_number":112,"context_line":"+-------------------+---------+-------+------+---------------------------------------+"},{"line_number":113,"context_line":"| project_id        | uuid-str| No    | CR   | Owner of the Local IP.                |"},{"line_number":114,"context_line":"+-------------------+---------+-------+------+---------------------------------------+"},{"line_number":115,"context_line":"| local_ip          | String  | Yes   | CR   | Local IP CIDR (virtual) that will be  |"},{"line_number":116,"context_line":"|                   |         |       |      | reachable within the same physical    |"},{"line_number":117,"context_line":"|                   |         |       |      | server/node.                          |"},{"line_number":118,"context_line":"+-------------------+---------+-------+------+---------------------------------------+"}],"source_content_type":"text/x-rst","patch_set":8,"id":"9520803f_aabaeca4","line":115,"updated":"2021-07-24 11:10:05.000000000","message":"\u0027local_ip\u0027 should only be \"R\" for \"CRUD\" and not \"Req\" as creation of Local IP with known IP is handled by \u0027local_port_id\u0027. We also need \u0027network_id\u0027 (Req:yes, CRUD:CR) for when the IP/port is not known and has to be generated.","commit_id":"3eca9d126ae9956703c68a8b0a0db02df0b5b8d9"},{"author":{"_account_id":5948,"name":"Oleg Bondarev","email":"obondarev@mirantis.com","username":"obondarev"},"change_message_id":"1c2922acfda25aa6d982bbfcbe54640bcbda887b","unresolved":true,"context_lines":[{"line_number":112,"context_line":"+-------------------+---------+-------+------+---------------------------------------+"},{"line_number":113,"context_line":"| project_id        | uuid-str| No    | CR   | Owner of the Local IP.                |"},{"line_number":114,"context_line":"+-------------------+---------+-------+------+---------------------------------------+"},{"line_number":115,"context_line":"| local_ip          | String  | Yes   | CR   | Local IP CIDR (virtual) that will be  |"},{"line_number":116,"context_line":"|                   |         |       |      | reachable within the same physical    |"},{"line_number":117,"context_line":"|                   |         |       |      | server/node.                          |"},{"line_number":118,"context_line":"+-------------------+---------+-------+------+---------------------------------------+"}],"source_content_type":"text/x-rst","patch_set":8,"id":"bfb75664_d1cd7700","line":115,"in_reply_to":"9520803f_aabaeca4","updated":"2021-07-26 07:19:39.000000000","message":"port@local_port_id could have several fixed IPs, in this case user would need to explicitly specify with IP to use, but agree that it should not be required. WDYT?\n\nIndeed I missed network_id, will add.","commit_id":"3eca9d126ae9956703c68a8b0a0db02df0b5b8d9"},{"author":{"_account_id":21273,"name":"Ilya Chukhnakov","email":"Ilya.chukhnakov@gmail.com","username":"ichukhnakov"},"change_message_id":"2edf22823afa025e0858c28cb653bfd56e19be1a","unresolved":true,"context_lines":[{"line_number":116,"context_line":"|                   |         |       |      | reachable within the same physical    |"},{"line_number":117,"context_line":"|                   |         |       |      | server/node.                          |"},{"line_number":118,"context_line":"+-------------------+---------+-------+------+---------------------------------------+"},{"line_number":119,"context_line":"| local_port_id     | uuid-str| Yes   | CR   | Underlying (backup) Neutron port ID   |"},{"line_number":120,"context_line":"|                   |         |       |      | used by Local IP object to get actual |"},{"line_number":121,"context_line":"|                   |         |       |      | IP address for local translation      |"},{"line_number":122,"context_line":"+-------------------+---------+-------+------+---------------------------------------+"}],"source_content_type":"text/x-rst","patch_set":8,"id":"9e3752d2_9c660977","line":119,"updated":"2021-07-24 11:10:05.000000000","message":"We need to highlight it somehow that only one of \u0027network_id\u0027 (see \u0027local_ip\u0027 comment above) and \u0027local_port_id\u0027 attributes is required.","commit_id":"3eca9d126ae9956703c68a8b0a0db02df0b5b8d9"},{"author":{"_account_id":5948,"name":"Oleg Bondarev","email":"obondarev@mirantis.com","username":"obondarev"},"change_message_id":"1c2922acfda25aa6d982bbfcbe54640bcbda887b","unresolved":true,"context_lines":[{"line_number":116,"context_line":"|                   |         |       |      | reachable within the same physical    |"},{"line_number":117,"context_line":"|                   |         |       |      | server/node.                          |"},{"line_number":118,"context_line":"+-------------------+---------+-------+------+---------------------------------------+"},{"line_number":119,"context_line":"| local_port_id     | uuid-str| Yes   | CR   | Underlying (backup) Neutron port ID   |"},{"line_number":120,"context_line":"|                   |         |       |      | used by Local IP object to get actual |"},{"line_number":121,"context_line":"|                   |         |       |      | IP address for local translation      |"},{"line_number":122,"context_line":"+-------------------+---------+-------+------+---------------------------------------+"}],"source_content_type":"text/x-rst","patch_set":8,"id":"334f82f1_936a8f0b","line":119,"in_reply_to":"9e3752d2_9c660977","updated":"2021-07-26 07:19:39.000000000","message":"Will be handled in \u0027Description\u0027 and in API extension","commit_id":"3eca9d126ae9956703c68a8b0a0db02df0b5b8d9"},{"author":{"_account_id":21273,"name":"Ilya Chukhnakov","email":"Ilya.chukhnakov@gmail.com","username":"ichukhnakov"},"change_message_id":"2edf22823afa025e0858c28cb653bfd56e19be1a","unresolved":true,"context_lines":[{"line_number":120,"context_line":"|                   |         |       |      | used by Local IP object to get actual |"},{"line_number":121,"context_line":"|                   |         |       |      | IP address for local translation      |"},{"line_number":122,"context_line":"+-------------------+---------+-------+------+---------------------------------------+"},{"line_number":123,"context_line":"| associated_ports  | List    | No    | CRU  | List of fixed port IDs that are       |"},{"line_number":124,"context_line":"|                   |         |       |      | associated with current Local IP obj  |"},{"line_number":125,"context_line":"+-------------------+---------+-------+------+---------------------------------------+"},{"line_number":126,"context_line":"| associated_ips    | List    | No    | R    | List of fixed IP addresses that are   |"}],"source_content_type":"text/x-rst","patch_set":8,"id":"04c06323_a585c597","line":123,"updated":"2021-07-24 11:10:05.000000000","message":"All \u0027List\u0027-type attributes here can hold large number of elements (as many as there are nodes in the cloud). Instead of embedding these lists into the Local IP API, let\u0027s add \u0027local-ip-associations\u0027 sub-resource with [local_ip_id, port_id, ip, host_id] attributes (\u0027port_id\u0027 can serve as PK/unique-id for that resource). Otherwise the API requests could become unnecessarily heavy.","commit_id":"3eca9d126ae9956703c68a8b0a0db02df0b5b8d9"},{"author":{"_account_id":5948,"name":"Oleg Bondarev","email":"obondarev@mirantis.com","username":"obondarev"},"change_message_id":"1c2922acfda25aa6d982bbfcbe54640bcbda887b","unresolved":true,"context_lines":[{"line_number":120,"context_line":"|                   |         |       |      | used by Local IP object to get actual |"},{"line_number":121,"context_line":"|                   |         |       |      | IP address for local translation      |"},{"line_number":122,"context_line":"+-------------------+---------+-------+------+---------------------------------------+"},{"line_number":123,"context_line":"| associated_ports  | List    | No    | CRU  | List of fixed port IDs that are       |"},{"line_number":124,"context_line":"|                   |         |       |      | associated with current Local IP obj  |"},{"line_number":125,"context_line":"+-------------------+---------+-------+------+---------------------------------------+"},{"line_number":126,"context_line":"| associated_ips    | List    | No    | R    | List of fixed IP addresses that are   |"}],"source_content_type":"text/x-rst","patch_set":8,"id":"850e995c_8f8eb70a","line":123,"in_reply_to":"04c06323_a585c597","updated":"2021-07-26 07:19:39.000000000","message":"Agree","commit_id":"3eca9d126ae9956703c68a8b0a0db02df0b5b8d9"},{"author":{"_account_id":5948,"name":"Oleg Bondarev","email":"obondarev@mirantis.com","username":"obondarev"},"change_message_id":"fbdaec69ff6a8218ac698417c99079b2ecc399b1","unresolved":true,"context_lines":[{"line_number":120,"context_line":"|                   |         |       |      | used by Local IP object to get actual |"},{"line_number":121,"context_line":"|                   |         |       |      | IP address for local translation      |"},{"line_number":122,"context_line":"+-------------------+---------+-------+------+---------------------------------------+"},{"line_number":123,"context_line":"| associated_ports  | List    | No    | CRU  | List of fixed port IDs that are       |"},{"line_number":124,"context_line":"|                   |         |       |      | associated with current Local IP obj  |"},{"line_number":125,"context_line":"+-------------------+---------+-------+------+---------------------------------------+"},{"line_number":126,"context_line":"| associated_ips    | List    | No    | R    | List of fixed IP addresses that are   |"}],"source_content_type":"text/x-rst","patch_set":8,"id":"04bd1f99_65cc105e","line":123,"in_reply_to":"850e995c_8f8eb70a","updated":"2021-07-26 08:53:02.000000000","message":"\u003e\u003e \u0027port_id\u0027 can serve as PK/unique-id for that resource\n\nWe could associate single port with several Local IPs, so I believe PK should be local_ip_id + port_id, wdyt?","commit_id":"3eca9d126ae9956703c68a8b0a0db02df0b5b8d9"},{"author":{"_account_id":21273,"name":"Ilya Chukhnakov","email":"Ilya.chukhnakov@gmail.com","username":"ichukhnakov"},"change_message_id":"2edf22823afa025e0858c28cb653bfd56e19be1a","unresolved":true,"context_lines":[{"line_number":129,"context_line":"| associated_hosts  | List    | No    | R    | List of hosts where current Local IP  |"},{"line_number":130,"context_line":"|                   |         |       |      | has associated fixed ports            |"},{"line_number":131,"context_line":"+-------------------+---------+-------+------+---------------------------------------+"},{"line_number":132,"context_line":"| ip_mode           | String  | Yes   | CRU  | One of \u0027translate\u0027 (for DNAT) or      |"},{"line_number":133,"context_line":"|                   |         |       |      | \u0027passthrough\u0027 (no NAT) modes described|"},{"line_number":134,"context_line":"|                   |         |       |      | above. Default: \u0027translate\u0027           |"},{"line_number":135,"context_line":"+-------------------+---------+-------+------+---------------------------------------+"}],"source_content_type":"text/x-rst","patch_set":8,"id":"04a2737e_eb95be65","line":132,"updated":"2021-07-24 11:10:05.000000000","message":"This shoud be \"Req: No\" since we have \"Default: translate\"","commit_id":"3eca9d126ae9956703c68a8b0a0db02df0b5b8d9"},{"author":{"_account_id":5948,"name":"Oleg Bondarev","email":"obondarev@mirantis.com","username":"obondarev"},"change_message_id":"1c2922acfda25aa6d982bbfcbe54640bcbda887b","unresolved":false,"context_lines":[{"line_number":129,"context_line":"| associated_hosts  | List    | No    | R    | List of hosts where current Local IP  |"},{"line_number":130,"context_line":"|                   |         |       |      | has associated fixed ports            |"},{"line_number":131,"context_line":"+-------------------+---------+-------+------+---------------------------------------+"},{"line_number":132,"context_line":"| ip_mode           | String  | Yes   | CRU  | One of \u0027translate\u0027 (for DNAT) or      |"},{"line_number":133,"context_line":"|                   |         |       |      | \u0027passthrough\u0027 (no NAT) modes described|"},{"line_number":134,"context_line":"|                   |         |       |      | above. Default: \u0027translate\u0027           |"},{"line_number":135,"context_line":"+-------------------+---------+-------+------+---------------------------------------+"}],"source_content_type":"text/x-rst","patch_set":8,"id":"1040e616_5ca20783","line":132,"in_reply_to":"04a2737e_eb95be65","updated":"2021-07-26 07:19:39.000000000","message":"Done","commit_id":"3eca9d126ae9956703c68a8b0a0db02df0b5b8d9"},{"author":{"_account_id":21273,"name":"Ilya Chukhnakov","email":"Ilya.chukhnakov@gmail.com","username":"ichukhnakov"},"change_message_id":"2edf22823afa025e0858c28cb653bfd56e19be1a","unresolved":true,"context_lines":[{"line_number":193,"context_line":"|                   |         |       | users can specify a project identifier|"},{"line_number":194,"context_line":"|                   |         |       | other than their own.                 |"},{"line_number":195,"context_line":"+-------------------+---------+-------+---------------------------------------+"},{"line_number":196,"context_line":"| local_ip          | string  | Yes   | Local IP CIDR (virtual) that will be  |"},{"line_number":197,"context_line":"|                   |         |       | reachable within the same physical    |"},{"line_number":198,"context_line":"|                   |         |       | server/node.                          |"},{"line_number":199,"context_line":"+-------------------+---------+-------+---------------------------------------+"}],"source_content_type":"text/x-rst","patch_set":8,"id":"387db7cb_544df6f3","line":196,"updated":"2021-07-24 11:10:05.000000000","message":"This attribute is a duplicate of port@local_port_id-\u003efixed_ip. OVO can fetch it from the underlying port. Do we need it as part of the DB model for optimization purposes?\nOr do we want to use it as a constraint (local_ip+local_port_id) to prevent modification of the underlying port\u0027s fixed_ip?","commit_id":"3eca9d126ae9956703c68a8b0a0db02df0b5b8d9"},{"author":{"_account_id":5948,"name":"Oleg Bondarev","email":"obondarev@mirantis.com","username":"obondarev"},"change_message_id":"1c2922acfda25aa6d982bbfcbe54640bcbda887b","unresolved":true,"context_lines":[{"line_number":193,"context_line":"|                   |         |       | users can specify a project identifier|"},{"line_number":194,"context_line":"|                   |         |       | other than their own.                 |"},{"line_number":195,"context_line":"+-------------------+---------+-------+---------------------------------------+"},{"line_number":196,"context_line":"| local_ip          | string  | Yes   | Local IP CIDR (virtual) that will be  |"},{"line_number":197,"context_line":"|                   |         |       | reachable within the same physical    |"},{"line_number":198,"context_line":"|                   |         |       | server/node.                          |"},{"line_number":199,"context_line":"+-------------------+---------+-------+---------------------------------------+"}],"source_content_type":"text/x-rst","patch_set":8,"id":"586f5079_a86dd129","line":196,"in_reply_to":"387db7cb_544df6f3","updated":"2021-07-26 07:19:39.000000000","message":"For optimization purposes but mostly because underlying port may have (at the point of Local IP creation, or in future) several fixed IPs. So we need to record which exact IP to use.","commit_id":"3eca9d126ae9956703c68a8b0a0db02df0b5b8d9"},{"author":{"_account_id":21273,"name":"Ilya Chukhnakov","email":"Ilya.chukhnakov@gmail.com","username":"ichukhnakov"},"change_message_id":"2edf22823afa025e0858c28cb653bfd56e19be1a","unresolved":true,"context_lines":[{"line_number":201,"context_line":"|                   |         |       | used by Local IP object to get actual |"},{"line_number":202,"context_line":"|                   |         |       | IP address for local NATting          |"},{"line_number":203,"context_line":"+-------------------+---------+-------+---------------------------------------+"},{"line_number":204,"context_line":"| ip_mode           | string  | Yes   | One of \u0027translate\u0027 (for DNAT) or      |"},{"line_number":205,"context_line":"|                   |         |       | \u0027passthrough\u0027 (no NAT) modes described|"},{"line_number":206,"context_line":"|                   |         |       | above. Default: \u0027translate\u0027           |"},{"line_number":207,"context_line":"+-------------------+---------+-------+---------------------------------------+"}],"source_content_type":"text/x-rst","patch_set":8,"id":"30fe9290_2ffe3abc","line":204,"updated":"2021-07-24 11:10:05.000000000","message":"Should it be \"Req: No\" granted we have \"Default: \u0027translate\u0027\"?","commit_id":"3eca9d126ae9956703c68a8b0a0db02df0b5b8d9"},{"author":{"_account_id":5948,"name":"Oleg Bondarev","email":"obondarev@mirantis.com","username":"obondarev"},"change_message_id":"1c2922acfda25aa6d982bbfcbe54640bcbda887b","unresolved":true,"context_lines":[{"line_number":201,"context_line":"|                   |         |       | used by Local IP object to get actual |"},{"line_number":202,"context_line":"|                   |         |       | IP address for local NATting          |"},{"line_number":203,"context_line":"+-------------------+---------+-------+---------------------------------------+"},{"line_number":204,"context_line":"| ip_mode           | string  | Yes   | One of \u0027translate\u0027 (for DNAT) or      |"},{"line_number":205,"context_line":"|                   |         |       | \u0027passthrough\u0027 (no NAT) modes described|"},{"line_number":206,"context_line":"|                   |         |       | above. Default: \u0027translate\u0027           |"},{"line_number":207,"context_line":"+-------------------+---------+-------+---------------------------------------+"}],"source_content_type":"text/x-rst","patch_set":8,"id":"74a3c6f8_ed521b1f","line":204,"in_reply_to":"30fe9290_2ffe3abc","updated":"2021-07-26 07:19:39.000000000","message":"yes, absolutely, thanks","commit_id":"3eca9d126ae9956703c68a8b0a0db02df0b5b8d9"},{"author":{"_account_id":9531,"name":"liuyulong","display_name":"LIU Yulong","email":"i@liuyulong.me","username":"LIU-Yulong"},"change_message_id":"5dad2bb950598e4c11f3e256544de3c836644293","unresolved":true,"context_lines":[{"line_number":253,"context_line":"about Local IPs associated with agent\u0027s ports. Server will update port_details"},{"line_number":254,"context_line":"with this info."},{"line_number":255,"context_line":""},{"line_number":256,"context_line":"OVS agent will perform following flow updates based on Local IPs info:"},{"line_number":257,"context_line":""},{"line_number":258,"context_line":"* update ARP spoofing flow for associated port"},{"line_number":259,"context_line":"  (like done for allowed address pairs)"}],"source_content_type":"text/x-rst","patch_set":9,"id":"8fb9603b_a204d44e","line":256,"range":{"start_line":256,"start_character":0,"end_line":256,"end_character":70},"updated":"2021-08-13 16:37:06.000000000","message":"Could you add some packet details before the following flows, then we can align related data. Such as a port with fixed IP 192.168.1.10 and MAC fa:16:3e:5c:3b:4b.\nIt\u0027s associted local_ip is 10.0.0.10.","commit_id":"8a9dfd75f3b60cfe1e3980cd2678bc6d932192cc"},{"author":{"_account_id":5948,"name":"Oleg Bondarev","email":"obondarev@mirantis.com","username":"obondarev"},"change_message_id":"7bfc4c8a8a3ad8dd0461debde3da0a40cee3ea7c","unresolved":true,"context_lines":[{"line_number":253,"context_line":"about Local IPs associated with agent\u0027s ports. Server will update port_details"},{"line_number":254,"context_line":"with this info."},{"line_number":255,"context_line":""},{"line_number":256,"context_line":"OVS agent will perform following flow updates based on Local IPs info:"},{"line_number":257,"context_line":""},{"line_number":258,"context_line":"* update ARP spoofing flow for associated port"},{"line_number":259,"context_line":"  (like done for allowed address pairs)"}],"source_content_type":"text/x-rst","patch_set":9,"id":"3e807aef_871fe8a3","line":256,"range":{"start_line":256,"start_character":0,"end_line":256,"end_character":70},"in_reply_to":"8fb9603b_a204d44e","updated":"2021-08-16 07:58:12.000000000","message":"Good point, thanks, will do","commit_id":"8a9dfd75f3b60cfe1e3980cd2678bc6d932192cc"},{"author":{"_account_id":9531,"name":"liuyulong","display_name":"LIU Yulong","email":"i@liuyulong.me","username":"LIU-Yulong"},"change_message_id":"5dad2bb950598e4c11f3e256544de3c836644293","unresolved":true,"context_lines":[{"line_number":255,"context_line":""},{"line_number":256,"context_line":"OVS agent will perform following flow updates based on Local IPs info:"},{"line_number":257,"context_line":""},{"line_number":258,"context_line":"* update ARP spoofing flow for associated port"},{"line_number":259,"context_line":"  (like done for allowed address pairs)"},{"line_number":260,"context_line":"* identify network/local vlan of associated port"},{"line_number":261,"context_line":"* for each port from this network - redirect packets from table 0 or"},{"line_number":262,"context_line":"  24(ARP_SPOOF)/25(MAC_SPOOF) to a new table - 50 (LOCAL_IP_PRE)"},{"line_number":263,"context_line":""},{"line_number":264,"context_line":"::"},{"line_number":265,"context_line":""}],"source_content_type":"text/x-rst","patch_set":9,"id":"2292bf59_0a4bf0eb","line":262,"range":{"start_line":258,"start_character":0,"end_line":262,"end_character":64},"updated":"2021-08-13 16:37:06.000000000","message":"Please consider that ovs openflow based security group implementation will have its own ARP_SPOOF and MAC_SPOOF. So table 24 and table 25 will be empty and not go into.","commit_id":"8a9dfd75f3b60cfe1e3980cd2678bc6d932192cc"},{"author":{"_account_id":5948,"name":"Oleg Bondarev","email":"obondarev@mirantis.com","username":"obondarev"},"change_message_id":"7bfc4c8a8a3ad8dd0461debde3da0a40cee3ea7c","unresolved":true,"context_lines":[{"line_number":255,"context_line":""},{"line_number":256,"context_line":"OVS agent will perform following flow updates based on Local IPs info:"},{"line_number":257,"context_line":""},{"line_number":258,"context_line":"* update ARP spoofing flow for associated port"},{"line_number":259,"context_line":"  (like done for allowed address pairs)"},{"line_number":260,"context_line":"* identify network/local vlan of associated port"},{"line_number":261,"context_line":"* for each port from this network - redirect packets from table 0 or"},{"line_number":262,"context_line":"  24(ARP_SPOOF)/25(MAC_SPOOF) to a new table - 50 (LOCAL_IP_PRE)"},{"line_number":263,"context_line":""},{"line_number":264,"context_line":"::"},{"line_number":265,"context_line":""}],"source_content_type":"text/x-rst","patch_set":9,"id":"1174af5b_4f2bea5f","line":262,"range":{"start_line":258,"start_character":0,"end_line":262,"end_character":64},"in_reply_to":"2292bf59_0a4bf0eb","updated":"2021-08-16 07:58:12.000000000","message":"Yep, that\u0027s why table 0 is also in this list","commit_id":"8a9dfd75f3b60cfe1e3980cd2678bc6d932192cc"},{"author":{"_account_id":9531,"name":"liuyulong","display_name":"LIU Yulong","email":"i@liuyulong.me","username":"LIU-Yulong"},"change_message_id":"5dad2bb950598e4c11f3e256544de3c836644293","unresolved":true,"context_lines":[{"line_number":263,"context_line":""},{"line_number":264,"context_line":"::"},{"line_number":265,"context_line":""},{"line_number":266,"context_line":"  table\u003d25, n_packets\u003d0, n_bytes\u003d0, priority\u003d2,in_port\u003d\"tap56fbc1e7-2c\","},{"line_number":267,"context_line":"  dl_src\u003dfa:16:3e:5c:3b:4b actions\u003dresubmit(,50)"},{"line_number":268,"context_line":""},{"line_number":269,"context_line":"* table 50(LOCAL_IP_PRE) serves for memorizing local vlans to later"},{"line_number":270,"context_line":"  distinguish Local IP traffic from different nets and redirect packets further"}],"source_content_type":"text/x-rst","patch_set":9,"id":"c6df3d55_cf668b74","line":267,"range":{"start_line":266,"start_character":0,"end_line":267,"end_character":48},"updated":"2021-08-13 16:37:06.000000000","message":"This is a bit robust. This now means all packets from this tap-device will be resubmit to table 50 without checking the dest IP.","commit_id":"8a9dfd75f3b60cfe1e3980cd2678bc6d932192cc"},{"author":{"_account_id":5948,"name":"Oleg Bondarev","email":"obondarev@mirantis.com","username":"obondarev"},"change_message_id":"7bfc4c8a8a3ad8dd0461debde3da0a40cee3ea7c","unresolved":true,"context_lines":[{"line_number":263,"context_line":""},{"line_number":264,"context_line":"::"},{"line_number":265,"context_line":""},{"line_number":266,"context_line":"  table\u003d25, n_packets\u003d0, n_bytes\u003d0, priority\u003d2,in_port\u003d\"tap56fbc1e7-2c\","},{"line_number":267,"context_line":"  dl_src\u003dfa:16:3e:5c:3b:4b actions\u003dresubmit(,50)"},{"line_number":268,"context_line":""},{"line_number":269,"context_line":"* table 50(LOCAL_IP_PRE) serves for memorizing local vlans to later"},{"line_number":270,"context_line":"  distinguish Local IP traffic from different nets and redirect packets further"}],"source_content_type":"text/x-rst","patch_set":9,"id":"f9c5772f_624a618d","line":267,"range":{"start_line":266,"start_character":0,"end_line":267,"end_character":48},"in_reply_to":"c6df3d55_cf668b74","updated":"2021-08-16 07:58:12.000000000","message":"Do you see any problem with it? I think it\u0027s better than add separate flow for each local port for each local IP (quadratic)","commit_id":"8a9dfd75f3b60cfe1e3980cd2678bc6d932192cc"},{"author":{"_account_id":9531,"name":"liuyulong","display_name":"LIU Yulong","email":"i@liuyulong.me","username":"LIU-Yulong"},"change_message_id":"5dad2bb950598e4c11f3e256544de3c836644293","unresolved":true,"context_lines":[{"line_number":277,"context_line":""},{"line_number":278,"context_line":"* table 51(LOCAL_IP_HANDLE) has actual flows for Local IP handling"},{"line_number":279,"context_line":""},{"line_number":280,"context_line":"  * ARP responder flow to handle Local IP ARP requests from same subnet ports"},{"line_number":281,"context_line":""},{"line_number":282,"context_line":"    ::"},{"line_number":283,"context_line":""}],"source_content_type":"text/x-rst","patch_set":9,"id":"151dbf9f_106a3081","line":280,"range":{"start_line":280,"start_character":60,"end_line":280,"end_character":71},"updated":"2021-08-13 16:37:06.000000000","message":"Which subnets?","commit_id":"8a9dfd75f3b60cfe1e3980cd2678bc6d932192cc"},{"author":{"_account_id":5948,"name":"Oleg Bondarev","email":"obondarev@mirantis.com","username":"obondarev"},"change_message_id":"7bfc4c8a8a3ad8dd0461debde3da0a40cee3ea7c","unresolved":true,"context_lines":[{"line_number":277,"context_line":""},{"line_number":278,"context_line":"* table 51(LOCAL_IP_HANDLE) has actual flows for Local IP handling"},{"line_number":279,"context_line":""},{"line_number":280,"context_line":"  * ARP responder flow to handle Local IP ARP requests from same subnet ports"},{"line_number":281,"context_line":""},{"line_number":282,"context_line":"    ::"},{"line_number":283,"context_line":""}],"source_content_type":"text/x-rst","patch_set":9,"id":"6ddd447d_bbaeb7ff","line":280,"range":{"start_line":280,"start_character":60,"end_line":280,"end_character":71},"in_reply_to":"151dbf9f_106a3081","updated":"2021-08-16 07:58:12.000000000","message":"Local ARP responder is needed when both VM port IP an local IP assigned to it belong to same subnet. I will update to make it more clear","commit_id":"8a9dfd75f3b60cfe1e3980cd2678bc6d932192cc"},{"author":{"_account_id":11975,"name":"Slawek Kaplonski","email":"skaplons@redhat.com","username":"slaweq"},"change_message_id":"748176ffab519ae04cf75060e1503b88cf1cf0f1","unresolved":true,"context_lines":[{"line_number":205,"context_line":"|                   |         |       | to be unique.                         |"},{"line_number":206,"context_line":"+-------------------+---------+-------+---------------------------------------+"},{"line_number":207,"context_line":"| description       | string  | No    | Human readable description for the    |"},{"line_number":208,"context_line":"|                   |         |       | Local IP (255 characters limit).      |"},{"line_number":209,"context_line":"+-------------------+---------+-------+---------------------------------------+"},{"line_number":210,"context_line":"| project_id        | uuid-str| No    | Owner of the Local IP. Only admin     |"},{"line_number":211,"context_line":"|                   |         |       | users can specify a project identifier|"}],"source_content_type":"text/x-rst","patch_set":10,"id":"5fe55605_7ad459db","line":208,"updated":"2021-08-16 10:33:33.000000000","message":"isn\u0027t description in the standardattributes table already?","commit_id":"646f9ef73efbde6fc774542c59f1727b98ac64bb"},{"author":{"_account_id":5948,"name":"Oleg Bondarev","email":"obondarev@mirantis.com","username":"obondarev"},"change_message_id":"1292f3e9f4425f50ecde436eead044b4ac4375f4","unresolved":true,"context_lines":[{"line_number":205,"context_line":"|                   |         |       | to be unique.                         |"},{"line_number":206,"context_line":"+-------------------+---------+-------+---------------------------------------+"},{"line_number":207,"context_line":"| description       | string  | No    | Human readable description for the    |"},{"line_number":208,"context_line":"|                   |         |       | Local IP (255 characters limit).      |"},{"line_number":209,"context_line":"+-------------------+---------+-------+---------------------------------------+"},{"line_number":210,"context_line":"| project_id        | uuid-str| No    | Owner of the Local IP. Only admin     |"},{"line_number":211,"context_line":"|                   |         |       | users can specify a project identifier|"}],"source_content_type":"text/x-rst","patch_set":10,"id":"989865ad_8c4c0c94","line":208,"in_reply_to":"5fe55605_7ad459db","updated":"2021-08-16 11:05:39.000000000","message":"Right, I should remove it from here, thanks","commit_id":"646f9ef73efbde6fc774542c59f1727b98ac64bb"},{"author":{"_account_id":9531,"name":"liuyulong","display_name":"LIU Yulong","email":"i@liuyulong.me","username":"LIU-Yulong"},"change_message_id":"1a3e579f95f8b64d84e0b666b555413a3d2901df","unresolved":true,"context_lines":[{"line_number":290,"context_line":"      actions\u003dload:0x2-\u003eNXM_OF_ARP_OP[],"},{"line_number":291,"context_line":"      move:NXM_NX_ARP_SHA[]-\u003eNXM_NX_ARP_THA[],"},{"line_number":292,"context_line":"      move:NXM_OF_ARP_SPA[]-\u003eNXM_OF_ARP_TPA[],"},{"line_number":293,"context_line":"      load:0xfa163e9a1ade-\u003eNXM_NX_ARP_SHA[],"},{"line_number":294,"context_line":"      load:0x1010102-\u003eNXM_OF_ARP_SPA[],"},{"line_number":295,"context_line":"      move:NXM_OF_ETH_SRC[]-\u003eNXM_OF_ETH_DST[],"},{"line_number":296,"context_line":"      mod_dl_src:fa:16:3e:9a:1a:de,IN_PORT"}],"source_content_type":"text/x-rst","patch_set":10,"id":"5d79b677_30028044","line":293,"range":{"start_line":293,"start_character":11,"end_line":293,"end_character":25},"updated":"2021-08-16 11:09:24.000000000","message":"I\u0027m confused, should this MAC be \"fa:16:3e:5c:3b:4b\" ?\n\n\"\"\"\nBelow flow examples are for the case when fixed port (id\u003d56fbc1e7-2c..,\nMAC\u003dfa:16:3e:5c:3b:4b, IP\u003d10.0.0.51) is associated with Local IP 10.0.0.10\n\"\"\"","commit_id":"646f9ef73efbde6fc774542c59f1727b98ac64bb"},{"author":{"_account_id":5948,"name":"Oleg Bondarev","email":"obondarev@mirantis.com","username":"obondarev"},"change_message_id":"4c7783f4ad27e894d3e5e9dc5a21ef967ad44c3c","unresolved":true,"context_lines":[{"line_number":290,"context_line":"      actions\u003dload:0x2-\u003eNXM_OF_ARP_OP[],"},{"line_number":291,"context_line":"      move:NXM_NX_ARP_SHA[]-\u003eNXM_NX_ARP_THA[],"},{"line_number":292,"context_line":"      move:NXM_OF_ARP_SPA[]-\u003eNXM_OF_ARP_TPA[],"},{"line_number":293,"context_line":"      load:0xfa163e9a1ade-\u003eNXM_NX_ARP_SHA[],"},{"line_number":294,"context_line":"      load:0x1010102-\u003eNXM_OF_ARP_SPA[],"},{"line_number":295,"context_line":"      move:NXM_OF_ETH_SRC[]-\u003eNXM_OF_ETH_DST[],"},{"line_number":296,"context_line":"      mod_dl_src:fa:16:3e:9a:1a:de,IN_PORT"}],"source_content_type":"text/x-rst","patch_set":10,"id":"eee5dff3_ea6e0595","line":293,"range":{"start_line":293,"start_character":11,"end_line":293,"end_character":25},"in_reply_to":"5d79b677_30028044","updated":"2021-08-16 11:49:01.000000000","message":"Right, I copied it from wrong place it seems","commit_id":"646f9ef73efbde6fc774542c59f1727b98ac64bb"},{"author":{"_account_id":9531,"name":"liuyulong","display_name":"LIU Yulong","email":"i@liuyulong.me","username":"LIU-Yulong"},"change_message_id":"1a3e579f95f8b64d84e0b666b555413a3d2901df","unresolved":true,"context_lines":[{"line_number":293,"context_line":"      load:0xfa163e9a1ade-\u003eNXM_NX_ARP_SHA[],"},{"line_number":294,"context_line":"      load:0x1010102-\u003eNXM_OF_ARP_SPA[],"},{"line_number":295,"context_line":"      move:NXM_OF_ETH_SRC[]-\u003eNXM_OF_ETH_DST[],"},{"line_number":296,"context_line":"      mod_dl_src:fa:16:3e:9a:1a:de,IN_PORT"},{"line_number":297,"context_line":""},{"line_number":298,"context_line":"  * NAT flows to do actual Local IP address translation"},{"line_number":299,"context_line":""}],"source_content_type":"text/x-rst","patch_set":10,"id":"08cf8c1a_35415e76","line":296,"range":{"start_line":296,"start_character":17,"end_line":296,"end_character":34},"updated":"2021-08-16 11:09:24.000000000","message":"ditto","commit_id":"646f9ef73efbde6fc774542c59f1727b98ac64bb"},{"author":{"_account_id":5948,"name":"Oleg Bondarev","email":"obondarev@mirantis.com","username":"obondarev"},"change_message_id":"4c7783f4ad27e894d3e5e9dc5a21ef967ad44c3c","unresolved":false,"context_lines":[{"line_number":293,"context_line":"      load:0xfa163e9a1ade-\u003eNXM_NX_ARP_SHA[],"},{"line_number":294,"context_line":"      load:0x1010102-\u003eNXM_OF_ARP_SPA[],"},{"line_number":295,"context_line":"      move:NXM_OF_ETH_SRC[]-\u003eNXM_OF_ETH_DST[],"},{"line_number":296,"context_line":"      mod_dl_src:fa:16:3e:9a:1a:de,IN_PORT"},{"line_number":297,"context_line":""},{"line_number":298,"context_line":"  * NAT flows to do actual Local IP address translation"},{"line_number":299,"context_line":""}],"source_content_type":"text/x-rst","patch_set":10,"id":"eb88b3de_fb4ac888","line":296,"range":{"start_line":296,"start_character":17,"end_line":296,"end_character":34},"in_reply_to":"08cf8c1a_35415e76","updated":"2021-08-16 11:49:01.000000000","message":"Done","commit_id":"646f9ef73efbde6fc774542c59f1727b98ac64bb"},{"author":{"_account_id":9531,"name":"liuyulong","display_name":"LIU Yulong","email":"i@liuyulong.me","username":"LIU-Yulong"},"change_message_id":"1a3e579f95f8b64d84e0b666b555413a3d2901df","unresolved":true,"context_lines":[{"line_number":301,"context_line":""},{"line_number":302,"context_line":"      table\u003d51, n_packets\u003d0, n_bytes\u003d0, priority\u003d10,ip,reg6\u003d0x4,"},{"line_number":303,"context_line":"      nw_dst\u003d10.0.0.10"},{"line_number":304,"context_line":"      actions\u003dct(commit,table\u003d60,zone\u003d4,nat(dst\u003d10.0.0.51))"},{"line_number":305,"context_line":""},{"line_number":306,"context_line":"      table\u003d51, n_packets\u003d0, n_bytes\u003d0, priority\u003d10,ct_state\u003d-trk,ip,reg6\u003d0x4,"},{"line_number":307,"context_line":"      dl_src\u003dfa:16:3e:9a:1a:de,nw_src\u003d10.0.0.51 actions\u003dct(table\u003d60,zone\u003d4,nat)"}],"source_content_type":"text/x-rst","patch_set":10,"id":"d01a3575_06117527","line":304,"range":{"start_line":304,"start_character":14,"end_line":304,"end_character":59},"updated":"2021-08-16 11:09:24.000000000","message":"Could we use static IP translation with 5 tuple (src_mac, dest_mac, src_ip, dest_ip, protocol_port) to do NATing without involved with kernel ct? ct may not be supported well with smart-NIC. But static NATing can be offloaded smoothly. So firstly we need some data change, Local IP should add a protocol port attributed.\n\nThen this will be:\n1. packet from \u003cfa:16:3e:5c:3b:XX, 10.0.0.X, TCP_10000\u003e to \u003c10.0.0.10 TCP: 80\u003e\n2. change packet from\n\u003c dest_mac: fa:16:3e:5c:3b:4b  dest_IP: 10.0.0.10\u003e\nto \u003c dest_mac: fa:16:3e:5c:3b:4b  dest_IP: 10.0.0.51 \u003e\nand learn flows: \n(from \u003csrc_mac: fa:16:3e:5c:3b:4b src_IP: 10.0.0.51 TCP_src: 80  dest_MAC: fa:16:3e:5c:3b:XX + 10.0.0.XX, TCP_dest 10000\u003e to \u003csrc_MAC: fa:16:3e:5c:3b:4b src_IP: 10.0.0.10 \u003e output: tap56fbc1e7-2c )","commit_id":"646f9ef73efbde6fc774542c59f1727b98ac64bb"},{"author":{"_account_id":9531,"name":"liuyulong","display_name":"LIU Yulong","email":"i@liuyulong.me","username":"LIU-Yulong"},"change_message_id":"7c0fefba615c8dc661a8f545ee6b2f0faad4ea56","unresolved":true,"context_lines":[{"line_number":301,"context_line":""},{"line_number":302,"context_line":"      table\u003d51, n_packets\u003d0, n_bytes\u003d0, priority\u003d10,ip,reg6\u003d0x4,"},{"line_number":303,"context_line":"      nw_dst\u003d10.0.0.10"},{"line_number":304,"context_line":"      actions\u003dct(commit,table\u003d60,zone\u003d4,nat(dst\u003d10.0.0.51))"},{"line_number":305,"context_line":""},{"line_number":306,"context_line":"      table\u003d51, n_packets\u003d0, n_bytes\u003d0, priority\u003d10,ct_state\u003d-trk,ip,reg6\u003d0x4,"},{"line_number":307,"context_line":"      dl_src\u003dfa:16:3e:9a:1a:de,nw_src\u003d10.0.0.51 actions\u003dct(table\u003d60,zone\u003d4,nat)"}],"source_content_type":"text/x-rst","patch_set":10,"id":"7ad15ac4_2f62df7b","line":304,"range":{"start_line":304,"start_character":14,"end_line":304,"end_character":59},"in_reply_to":"14b8e255_aed322bb","updated":"2021-08-17 02:19:38.000000000","message":"Learn back flows with 7 tuple (src_mac, dest_mac, src_ip, dest_ip, protocol, src_protocol_port, dest_protocol_port), protocol can be limitted to TCP and UDP only. Some flows can be:\nmatch dest_mac + dest_ip + TCP/UDP, action: set dest_ip -\u003e 10.0.0.51, learn (match \u003csrc_mac, dest_mac, src_ip, dest_ip, protocol, src_protocol_port, dest_protocol_port\u003e ... output:XXX)\n\nI\u0027ve not tested this yet, will feedback after some tests.","commit_id":"646f9ef73efbde6fc774542c59f1727b98ac64bb"},{"author":{"_account_id":5948,"name":"Oleg Bondarev","email":"obondarev@mirantis.com","username":"obondarev"},"change_message_id":"89aa604d16fef0a1f825ad64423d2c2400b31d53","unresolved":true,"context_lines":[{"line_number":301,"context_line":""},{"line_number":302,"context_line":"      table\u003d51, n_packets\u003d0, n_bytes\u003d0, priority\u003d10,ip,reg6\u003d0x4,"},{"line_number":303,"context_line":"      nw_dst\u003d10.0.0.10"},{"line_number":304,"context_line":"      actions\u003dct(commit,table\u003d60,zone\u003d4,nat(dst\u003d10.0.0.51))"},{"line_number":305,"context_line":""},{"line_number":306,"context_line":"      table\u003d51, n_packets\u003d0, n_bytes\u003d0, priority\u003d10,ct_state\u003d-trk,ip,reg6\u003d0x4,"},{"line_number":307,"context_line":"      dl_src\u003dfa:16:3e:9a:1a:de,nw_src\u003d10.0.0.51 actions\u003dct(table\u003d60,zone\u003d4,nat)"}],"source_content_type":"text/x-rst","patch_set":10,"id":"faaa5500_baf864a9","line":304,"range":{"start_line":304,"start_character":14,"end_line":304,"end_character":59},"in_reply_to":"5e188e84_d7142c6e","updated":"2021-08-17 08:31:56.000000000","message":"Thanks LIU, I think this is a valid alternative, I will add it to the spec. Given that both options have downsides I suggest to make it configurable on agent side: who cares about flow table size and stateful NAT chooses CT, who cares about offloading chooses static NAT. What do you think?","commit_id":"646f9ef73efbde6fc774542c59f1727b98ac64bb"},{"author":{"_account_id":9531,"name":"liuyulong","display_name":"LIU Yulong","email":"i@liuyulong.me","username":"LIU-Yulong"},"change_message_id":"d57f41a3f7d922a1f3d7038b21fdc86f51273197","unresolved":true,"context_lines":[{"line_number":301,"context_line":""},{"line_number":302,"context_line":"      table\u003d51, n_packets\u003d0, n_bytes\u003d0, priority\u003d10,ip,reg6\u003d0x4,"},{"line_number":303,"context_line":"      nw_dst\u003d10.0.0.10"},{"line_number":304,"context_line":"      actions\u003dct(commit,table\u003d60,zone\u003d4,nat(dst\u003d10.0.0.51))"},{"line_number":305,"context_line":""},{"line_number":306,"context_line":"      table\u003d51, n_packets\u003d0, n_bytes\u003d0, priority\u003d10,ct_state\u003d-trk,ip,reg6\u003d0x4,"},{"line_number":307,"context_line":"      dl_src\u003dfa:16:3e:9a:1a:de,nw_src\u003d10.0.0.51 actions\u003dct(table\u003d60,zone\u003d4,nat)"}],"source_content_type":"text/x-rst","patch_set":10,"id":"5e188e84_d7142c6e","line":304,"range":{"start_line":304,"start_character":14,"end_line":304,"end_character":59},"in_reply_to":"7ad15ac4_2f62df7b","updated":"2021-08-17 08:20:11.000000000","message":"The following command should works:\n\nsudo ovs-ofctl add-flow -O OPENFLOW13 br-int \"table\u003d51, priority\u003d30,tcp,dl_vlan\u003d1,dl_dst\u003dfa:16:3e:5c:3b:4b,dl_src\u003dfa:16:3e:4f:26:fd,nw_src\u003d10.0.0.100,nw_dst\u003d10.0.0.10,tp_dst\u003d0x8000/0x8000 actions\u003dlearn(table\u003d62,idle_timeout\u003d30,hard_timeout\u003d1800,priority\u003d90,eth_type\u003d0x800,nw_proto\u003d6,NXM_OF_ETH_SRC[]\u003dNXM_OF_ETH_DST[],NXM_OF_ETH_DST[]\u003dNXM_OF_ETH_SRC[],NXM_OF_IP_SRC[]\u003dNXM_OF_IP_DST[],NXM_OF_IP_DST[]\u003dNXM_OF_IP_SRC[],NXM_OF_TCP_DST[]\u003dNXM_OF_TCP_SRC[],NXM_OF_TCP_SRC[]\u003dNXM_OF_TCP_DST[],NXM_OF_VLAN_TCI[0..11],load:NXM_NX_REG0[0..11]-\u003eNXM_OF_VLAN_TCI[0..11],output:NXM_OF_IN_PORT[]),set_field:10.0.0.10-\u003eip_dst,goto_table:60\"\n\nTest ovs-agent config:\n\n[agent]\nexplicitly_egress_direct \u003d True\n\n[securitygroup]\nfirewall_driver \u003d noop\nenable_security_group \u003d False","commit_id":"646f9ef73efbde6fc774542c59f1727b98ac64bb"},{"author":{"_account_id":5948,"name":"Oleg Bondarev","email":"obondarev@mirantis.com","username":"obondarev"},"change_message_id":"4c7783f4ad27e894d3e5e9dc5a21ef967ad44c3c","unresolved":true,"context_lines":[{"line_number":301,"context_line":""},{"line_number":302,"context_line":"      table\u003d51, n_packets\u003d0, n_bytes\u003d0, priority\u003d10,ip,reg6\u003d0x4,"},{"line_number":303,"context_line":"      nw_dst\u003d10.0.0.10"},{"line_number":304,"context_line":"      actions\u003dct(commit,table\u003d60,zone\u003d4,nat(dst\u003d10.0.0.51))"},{"line_number":305,"context_line":""},{"line_number":306,"context_line":"      table\u003d51, n_packets\u003d0, n_bytes\u003d0, priority\u003d10,ct_state\u003d-trk,ip,reg6\u003d0x4,"},{"line_number":307,"context_line":"      dl_src\u003dfa:16:3e:9a:1a:de,nw_src\u003d10.0.0.51 actions\u003dct(table\u003d60,zone\u003d4,nat)"}],"source_content_type":"text/x-rst","patch_set":10,"id":"14b8e255_aed322bb","line":304,"range":{"start_line":304,"start_character":14,"end_line":304,"end_character":59},"in_reply_to":"d01a3575_06117527","updated":"2021-08-16 11:49:01.000000000","message":"I see several downsides:\n - 2 additional fields: protocol and port\n - increases complexity of both implementation and usage\n - more OVS flows badly affects flow setup time [1]\n\nGiven above I\u0027d stay with currently suggested approach and consider SmartNIC support on later iterations of the feature.\n\nDo you see a way to avoid adding protocol into the model?\n\n[1] http://www.openvswitch.org/support/ovscon2014/17/1030-conntrack_nat.pdf","commit_id":"646f9ef73efbde6fc774542c59f1727b98ac64bb"},{"author":{"_account_id":9531,"name":"liuyulong","display_name":"LIU Yulong","email":"i@liuyulong.me","username":"LIU-Yulong"},"change_message_id":"c8d6f3e94028e5f3dd4989b552839b885ee40b2d","unresolved":true,"context_lines":[{"line_number":301,"context_line":""},{"line_number":302,"context_line":"      table\u003d51, n_packets\u003d0, n_bytes\u003d0, priority\u003d10,ip,reg6\u003d0x4,"},{"line_number":303,"context_line":"      nw_dst\u003d10.0.0.10"},{"line_number":304,"context_line":"      actions\u003dct(commit,table\u003d60,zone\u003d4,nat(dst\u003d10.0.0.51))"},{"line_number":305,"context_line":""},{"line_number":306,"context_line":"      table\u003d51, n_packets\u003d0, n_bytes\u003d0, priority\u003d10,ct_state\u003d-trk,ip,reg6\u003d0x4,"},{"line_number":307,"context_line":"      dl_src\u003dfa:16:3e:9a:1a:de,nw_src\u003d10.0.0.51 actions\u003dct(table\u003d60,zone\u003d4,nat)"}],"source_content_type":"text/x-rst","patch_set":10,"id":"fff4170e_fb7914b0","line":304,"range":{"start_line":304,"start_character":14,"end_line":304,"end_character":59},"in_reply_to":"faaa5500_baf864a9","updated":"2021-08-18 00:32:45.000000000","message":"Cool, configurable options make sense to me.","commit_id":"646f9ef73efbde6fc774542c59f1727b98ac64bb"},{"author":{"_account_id":9531,"name":"liuyulong","display_name":"LIU Yulong","email":"i@liuyulong.me","username":"LIU-Yulong"},"change_message_id":"1a3e579f95f8b64d84e0b666b555413a3d2901df","unresolved":true,"context_lines":[{"line_number":304,"context_line":"      actions\u003dct(commit,table\u003d60,zone\u003d4,nat(dst\u003d10.0.0.51))"},{"line_number":305,"context_line":""},{"line_number":306,"context_line":"      table\u003d51, n_packets\u003d0, n_bytes\u003d0, priority\u003d10,ct_state\u003d-trk,ip,reg6\u003d0x4,"},{"line_number":307,"context_line":"      dl_src\u003dfa:16:3e:9a:1a:de,nw_src\u003d10.0.0.51 actions\u003dct(table\u003d60,zone\u003d4,nat)"},{"line_number":308,"context_line":""},{"line_number":309,"context_line":"    After translation packets are resubmitted further to TRANSIENT_TABLE (60)"},{"line_number":310,"context_line":""}],"source_content_type":"text/x-rst","patch_set":10,"id":"245c992e_8fe0ff8e","line":307,"range":{"start_line":307,"start_character":13,"end_line":307,"end_character":30},"updated":"2021-08-16 11:09:24.000000000","message":"ditto:  \"fa:16:3e:5c:3b:4b\"","commit_id":"646f9ef73efbde6fc774542c59f1727b98ac64bb"},{"author":{"_account_id":5948,"name":"Oleg Bondarev","email":"obondarev@mirantis.com","username":"obondarev"},"change_message_id":"4c7783f4ad27e894d3e5e9dc5a21ef967ad44c3c","unresolved":false,"context_lines":[{"line_number":304,"context_line":"      actions\u003dct(commit,table\u003d60,zone\u003d4,nat(dst\u003d10.0.0.51))"},{"line_number":305,"context_line":""},{"line_number":306,"context_line":"      table\u003d51, n_packets\u003d0, n_bytes\u003d0, priority\u003d10,ct_state\u003d-trk,ip,reg6\u003d0x4,"},{"line_number":307,"context_line":"      dl_src\u003dfa:16:3e:9a:1a:de,nw_src\u003d10.0.0.51 actions\u003dct(table\u003d60,zone\u003d4,nat)"},{"line_number":308,"context_line":""},{"line_number":309,"context_line":"    After translation packets are resubmitted further to TRANSIENT_TABLE (60)"},{"line_number":310,"context_line":""}],"source_content_type":"text/x-rst","patch_set":10,"id":"161ea1fa_f1867415","line":307,"range":{"start_line":307,"start_character":13,"end_line":307,"end_character":30},"in_reply_to":"245c992e_8fe0ff8e","updated":"2021-08-16 11:49:01.000000000","message":"Done","commit_id":"646f9ef73efbde6fc774542c59f1727b98ac64bb"},{"author":{"_account_id":9531,"name":"liuyulong","display_name":"LIU Yulong","email":"i@liuyulong.me","username":"LIU-Yulong"},"change_message_id":"1a3e579f95f8b64d84e0b666b555413a3d2901df","unresolved":true,"context_lines":[{"line_number":313,"context_line":"    ::"},{"line_number":314,"context_line":""},{"line_number":315,"context_line":"      table\u003d51, n_packets\u003d0, n_bytes\u003d0, priority\u003d0 actions\u003dresubmit(,60)"},{"line_number":316,"context_line":""},{"line_number":317,"context_line":"Scheduling"},{"line_number":318,"context_line":"----------"},{"line_number":319,"context_line":""}],"source_content_type":"text/x-rst","patch_set":10,"id":"b09e2d18_0cb32172","line":316,"updated":"2021-08-16 11:09:24.000000000","message":"Cloud you add a section which describes the packet processing details? Something like this:\n\nVM1 \u003c10.0.0.100\u003e try to access 10.0.0.10, it will be direct to 10.0.0.51:\n\nARP:\nVM1 -\u003e ARP -\u003e 10.0.0.10 and response \u003c10.0.0.10 has MAC_2\u003e\n\negress:\n\u003cVM1_MAC_1 + 10.0.0.100\u003e to \u003cMAC_2 + 10.0.0.10\u003e\nct NAT\n\u003cVM1_MAC_1 + 10.0.0.100\u003e to \u003cMAC_2 + 10.0.0.51\u003e\n\n\nIngress(back):\n\u003cMAC_2 + 10.0.0.51\u003e to \u003c\u003cVM1_MAC_1 + 10.0.0.100\u003e\nct NAT\n\u003cMAC_2 + 10.0.0.10\u003e to \u003c\u003cVM1_MAC_1 + 10.0.0.100\u003e","commit_id":"646f9ef73efbde6fc774542c59f1727b98ac64bb"},{"author":{"_account_id":5948,"name":"Oleg Bondarev","email":"obondarev@mirantis.com","username":"obondarev"},"change_message_id":"4c7783f4ad27e894d3e5e9dc5a21ef967ad44c3c","unresolved":true,"context_lines":[{"line_number":313,"context_line":"    ::"},{"line_number":314,"context_line":""},{"line_number":315,"context_line":"      table\u003d51, n_packets\u003d0, n_bytes\u003d0, priority\u003d0 actions\u003dresubmit(,60)"},{"line_number":316,"context_line":""},{"line_number":317,"context_line":"Scheduling"},{"line_number":318,"context_line":"----------"},{"line_number":319,"context_line":""}],"source_content_type":"text/x-rst","patch_set":10,"id":"c816e122_a88c1bb9","line":316,"in_reply_to":"b09e2d18_0cb32172","updated":"2021-08-16 11:49:01.000000000","message":"Will add, thanks","commit_id":"646f9ef73efbde6fc774542c59f1727b98ac64bb"},{"author":{"_account_id":11975,"name":"Slawek Kaplonski","email":"skaplons@redhat.com","username":"slaweq"},"change_message_id":"748176ffab519ae04cf75060e1503b88cf1cf0f1","unresolved":true,"context_lines":[{"line_number":328,"context_line":"colocated on the same physycal node (e.g. as a result of temporary live"},{"line_number":329,"context_line":"migration during other node\u0027s maintenance). Local IP should provide a"},{"line_number":330,"context_line":"deterministic way of handling such situations (e.g. in case of multiple local"},{"line_number":331,"context_line":"ports, only the oldest port shall be used)."},{"line_number":332,"context_line":""},{"line_number":333,"context_line":""},{"line_number":334,"context_line":"Initial release limitations"}],"source_content_type":"text/x-rst","patch_set":10,"id":"4158494f_b6f33e73","line":331,"updated":"2021-08-16 10:33:33.000000000","message":"that may be tricky in some cases, like e.g.:\n\n1. there is vm with local IP address on node and it works fine,\n2. there is additional vm with same local IP migrated to that node (maintenance of other node maybe) - now still older vm should serve local IP, not the one which was migrated to that node,\n3. now older vm is migrated to other node - You will need to update all configuration to make vm migrated in point 2 to serve local IP address on that node from now on.","commit_id":"646f9ef73efbde6fc774542c59f1727b98ac64bb"},{"author":{"_account_id":5948,"name":"Oleg Bondarev","email":"obondarev@mirantis.com","username":"obondarev"},"change_message_id":"1292f3e9f4425f50ecde436eead044b4ac4375f4","unresolved":true,"context_lines":[{"line_number":328,"context_line":"colocated on the same physycal node (e.g. as a result of temporary live"},{"line_number":329,"context_line":"migration during other node\u0027s maintenance). Local IP should provide a"},{"line_number":330,"context_line":"deterministic way of handling such situations (e.g. in case of multiple local"},{"line_number":331,"context_line":"ports, only the oldest port shall be used)."},{"line_number":332,"context_line":""},{"line_number":333,"context_line":""},{"line_number":334,"context_line":"Initial release limitations"}],"source_content_type":"text/x-rst","patch_set":10,"id":"cdf4ddac_98275168","line":331,"in_reply_to":"4158494f_b6f33e73","updated":"2021-08-16 11:05:39.000000000","message":"As there is no way to identify which port was first on the node (or is there?) and also order of port list returned by server to agent is not deterministic - I\u0027d prefer to document this as limitation (in first version at least). An assumption (maybe a weak one but still) is that VMs with assigned local IP will provide same service so local clients will not notice the change.","commit_id":"646f9ef73efbde6fc774542c59f1727b98ac64bb"},{"author":{"_account_id":11975,"name":"Slawek Kaplonski","email":"skaplons@redhat.com","username":"slaweq"},"change_message_id":"6d1f4f51e5d9c591358dcac6e7e5f71d3da37e69","unresolved":true,"context_lines":[{"line_number":328,"context_line":"colocated on the same physycal node (e.g. as a result of temporary live"},{"line_number":329,"context_line":"migration during other node\u0027s maintenance). Local IP should provide a"},{"line_number":330,"context_line":"deterministic way of handling such situations (e.g. in case of multiple local"},{"line_number":331,"context_line":"ports, only the oldest port shall be used)."},{"line_number":332,"context_line":""},{"line_number":333,"context_line":""},{"line_number":334,"context_line":"Initial release limitations"}],"source_content_type":"text/x-rst","patch_set":10,"id":"c048446a_1a6b7453","line":331,"in_reply_to":"cdf4ddac_98275168","updated":"2021-08-23 15:06:45.000000000","message":"Documenting that should be ok, thx","commit_id":"646f9ef73efbde6fc774542c59f1727b98ac64bb"},{"author":{"_account_id":11975,"name":"Slawek Kaplonski","email":"skaplons@redhat.com","username":"slaweq"},"change_message_id":"748176ffab519ae04cf75060e1503b88cf1cf0f1","unresolved":true,"context_lines":[{"line_number":340,"context_line":"* Only \u0027openvswitch\u0027 ML2 mechanism driver will support the feature"},{"line_number":341,"context_line":""},{"line_number":342,"context_line":"* Only \u0027vxlan\u0027 networks will be supported. \u0027vlan\u0027 will be considered if"},{"line_number":343,"context_line":"  require minimum overhead"},{"line_number":344,"context_line":""},{"line_number":345,"context_line":"* No deterministic handling of packets if a node contains multiple local ports"},{"line_number":346,"context_line":"  from same L2 segment associated with the same Local IP"}],"source_content_type":"text/x-rst","patch_set":10,"id":"39604262_cf86334c","line":343,"updated":"2021-08-16 10:33:33.000000000","message":"what about e.g. gre tunnels?","commit_id":"646f9ef73efbde6fc774542c59f1727b98ac64bb"},{"author":{"_account_id":5948,"name":"Oleg Bondarev","email":"obondarev@mirantis.com","username":"obondarev"},"change_message_id":"1292f3e9f4425f50ecde436eead044b4ac4375f4","unresolved":true,"context_lines":[{"line_number":340,"context_line":"* Only \u0027openvswitch\u0027 ML2 mechanism driver will support the feature"},{"line_number":341,"context_line":""},{"line_number":342,"context_line":"* Only \u0027vxlan\u0027 networks will be supported. \u0027vlan\u0027 will be considered if"},{"line_number":343,"context_line":"  require minimum overhead"},{"line_number":344,"context_line":""},{"line_number":345,"context_line":"* No deterministic handling of packets if a node contains multiple local ports"},{"line_number":346,"context_line":"  from same L2 segment associated with the same Local IP"}],"source_content_type":"text/x-rst","patch_set":10,"id":"0ad2d670_571bc17e","line":343,"in_reply_to":"39604262_cf86334c","updated":"2021-08-16 11:05:39.000000000","message":"Yeah, speaking about local IPs GRE should work same as VxLAN. I\u0027ll update","commit_id":"646f9ef73efbde6fc774542c59f1727b98ac64bb"}]}